TL;DR: Address poisoning plants a lookalike address in your transaction history so you copy it by mistake, so never reuse an address from history and screen the destination before you send.
You go to send funds to an address you have used before, copy what looks like the right one from your wallet history, and paste it. The first four and last four characters match, so you hit send. The money lands with a scammer. This is address poisoning, and it works because wallets and block explorers show every address that has ever touched yours, including ones an attacker put there on purpose.
What is address poisoning?
Address poisoning is a scam that exploits the habit of copying a recipient address from past transactions instead of a trusted source. The attacker seeds your history with an address that looks almost identical to one you actually use, betting that you will grab the wrong one in a hurry. No malware, no phishing link, and no signature is needed; the trap is your own transaction list.
The lookalike is a vanity address generated to match the start and end of a real counterparty, since those are the characters most people glance at. Etherscan warns that people "assume the latest address in your token transfer history is correct and copy the spoofed address as your destination address, effectively transferring your money to the attackers."
The lookalike address only has to sit in your history once; the scam relies on you copying it later instead of a saved, verified address.
How does a lookalike address end up in your history?
Attackers have two common ways to plant the address, and both leave a normal-looking entry in your wallet and on the explorer.
Dusting transfers send a tiny amount of a real or fake token from the lookalike address to yours, so it appears as a counterparty you can copy.
Zero-value transfers call transferFrom with an amount of zero, which needs no approval and emits a transfer event that looks like you sent funds to the lookalike yourself.
Fake-token transfers use a worthless token named like a real one, so the entry blends into your stablecoin or token history.
In every variant the goal is the same: get an address you never chose into the list you copy from. The transaction itself is harmless, which is exactly why most people scroll past it.
How big is the address poisoning problem?
This is not a rare edge case. Chainalysis traced a single seeding campaign that generated 82,031 lookalike addresses, and across that activity 2,774 addresses sent funds to the wrong destination, losing a total of $69,720,993. One victim alone sent close to $68 million in wrapped bitcoin to a poisoned address in a single transfer.
The losses cluster around large, routine transfers, where someone moving funds between their own wallets or to an exchange copies from history on autopilot. The bigger and more habitual the transfer, the more a single wrong paste costs.
The fix is a habit change: copy from a saved address book, verify the full string, and send a small test before any large transfer.
How do you avoid sending funds to a poisoned address?
The defense is a routine, not a tool you install once. Treat the recipient field as the most dangerous part of any transfer.
Never copy a recipient from transaction history; use a saved address book or a freshly verified source each time.
Check the entire address, not just the first and last few characters, because the middle is where the lookalike differs.
Send a small test amount first and confirm it arrives before moving the full balance.
Use a hardware wallet's on-device screen to confirm the address you are actually signing.
Verifying all 42 characters by eye works but is easy to skip when you are busy, which is the exact moment the scam counts on. Rather than eyeballing the string, screen the destination address with Plastron to confirm it is not tied to scams, sanctions, or stolen-funds exposure before you send, the same way any crypto wallet screening check works on an address you receive from.
What should you do if you already sent funds to a lookalike address?
On-chain transfers are final, so there is no undo button, but a few steps still matter for recovery and for stopping a repeat.
Stop and delete the poisoned entry from any saved contacts so you cannot reuse it.
Record the transaction hash, the lookalike address, and the real address you meant to use.
Report the scam address to the block explorer and to the exchange if the funds passed through one.
Screen your own address afterward, since interacting with a flagged scam address can raise your exposure score.
Recovery is rare once funds reach an attacker, so the practical win is making sure the same lookalike never gets copied again. If tainted funds did land back with you, the response overlaps with what to do when a wallet receives USDT from a scammer.
No. The poisoning transaction cannot move your funds by itself. You only lose money if you copy the lookalike address and send to it, so the risk is entirely on the outbound transfer.
Why do the first and last characters match my real address?
Attackers run software to generate vanity addresses until the start and end match a counterparty you use. The middle characters differ, which is why checking only the ends is not enough.
Does receiving a dust transfer mean I am already hacked?
No. Receiving a tiny or fake-token transfer is just the seeding step. It does not give anyone access to your wallet; it only places a lookalike address in your history.
How do I check an address before I send to it?
Compare the full string against a source you trust, send a small test first, and screen the address for scam, sanctions, or stolen-funds links rather than relying on the first and last few characters.
Disclaimer: This article is for educational and informational purposes only and is not legal, financial, tax, or compliance advice. Crypto carries risk; you act on this information at your own risk. Always do your own research and consult a qualified professional before making decisions. Views are the author's own and do not constitute financial, legal, or investment advice.
About Plastron
Plastron is a free, non-custodial wallet screening tool. It checks Ethereum and six EVM chains for AML and KYT risk — sanctions exposure, mixer contact, and stolen-funds proximity — and returns a risk report in seconds. It reads public on-chain data only: it never takes custody of funds and never asks for private keys.