Ethereum Address Poisoning Attack Strikes: $740K Vanishes in Sophisticated Heist
Another day, another clever crypto theft—this time targeting the very fabric of transaction trust.
Anatomy of a Digital Ambush
The attack vector was deceptively simple: address poisoning. Scammers generate a wallet address visually identical to a victim's recent counterparty. They then send a tiny, worthless transaction from this fake address to the victim's wallet, planting it in the transaction history. Later, when the victim goes to send a large sum, they copy the poisoned address from their history, not realizing it's the scammer's doppelgänger. The funds sail straight into the attacker's pocket. It's social engineering, weaponized on-chain.
The $740,000 question isn't about the technology's failure, but about the oldest flaw in the system: human oversight. In the rush of a bull market, who's double-checking every hexadecimal string?
This isn't a blockchain bug—it's a feature of permissionless systems. The same transparency that allows for trustless verification also provides the blueprint for these cons. The lesson? Always verify, never trust your history. Your wallet's memory is the attacker's favorite playground.
So, while the crypto faithful preach decentralization as the ultimate panacea, the grifters are having a field day—proving that in finance, whether it's digits on a screen or digits in a ledger, someone's always finding a way to make them disappear.
Ethereum made spam transactions cheap
The Fusaka update made spam transactions truly cheap, with regular ETH transfers under $0.01. As a result, following January 12, Ethereum saw a rapid inflow of new addresses, over three times the usual rate.
As usual, the increased transactions were linked to stablecoins, which are one of the common types of tokens. However, Sergeenkov discovered over 67% of those stablecoin transactions were ‘dust’, a small amount of funds that could trace an address, or inject a poisoned address into a wallet’s history.
Ethereum wallets flag some tokens, but dust transactions of legitimate stablecoins are not flagged as suspicious.
The researcher flagged three originating addresses, which together sent spam transactions to over 1.5M wallets.
Ethereum is still under attack from smart contract address
As of January 19, one of the flagged smart contracts, 0x301d9bc22d66f7bc49329a9d9eb16d3ecc4a12b4, had sent spam to over 589K wallets.
The contract burned around 2.5 ETH in fees in the past 24 hours, and was among the top 10 busiest Ethereum contracts.
One of the Ethereum spam contracts was among the top 10 gas burners, with other smaller contracts still actively sending out poisoned transactions. | Source: Ultrasound money
The contract ran a fundPoisoner function to spread tokens or ETH to thousands of intermediary addresses. Those addresses then funded user wallets with spam transactions.
The latest wave of the attack reached 116 victims and took over $740K. The end results of poisoning attacks are unknown, as the user wallets may vary in their holdings. Recently, one user lost around $510K in a single address poisoning attack. The loss was linked to the recent total theft of the spam attack.
The Ethereum team did not intentionally invite spam, but made it possible through its latest upgrade. While Ethereum activity is seen as bullish, some of the added transfers belonged to malicious spam.
The current attack may not be over, with new contracts still active. Some of the attack smart contracts were flagged for spreading spam transactions. Another 78,000 wallets were dusted with fractions of stablecoins.
The recent research only took into account dust sent through stablecoins. A similar spam attack may still use fake tokens, low-value tokens, or other forms of dust. The best approach is to be aware of the potential risk and avoid copying addresses when sending an Ethereum transaction.
Claim your free seat in an exclusive crypto trading community - limited to 1,000 members.
