An Ethereum investor has lost more than $12 million due to a complex address poisoning scam, showing the risks associated with convenience-focused transactions in the crypto space. The user accidentally transferred 4,556 ETH, which is valued at approximately $12.4 million, to a malicious wallet that appeared legitimate.
How the Scam Worked
According to Lookonchain, the scammer created a fake wallet address that closely matched a trusted recipient, using the same first and last four characters as Galaxy Digital’s actual deposit address. Small “dust” transactions were sent to the victim’s wallet to make the spoofed address appear familiar within the transaction history.
The Ethereum user, who frequently sends funds to the legitimate recipient, copied the address from their transaction history without verifying it in full. Due to the fraudulent address being nearly identical, the user did not notice the difference and sent the entire balance to the hacker.
This type of attack, known as an address poisoning scam, is growing in the crypto ecosystem. Scammers rely on users’ everyday behavior—and the potential of not carrying out meticulous verification for an action that is familiar—to execute large-scale thefts.
A similar case was reported in December 2025, another investor lost $50 million after copying a spoofed address. In that incident, a small test transfer of $50 was manipulated by the attacker to trick the user into sending the remaining balance to the fraudulent wallet.
We are on X, follow us to connect with us :- @TimesTabloid1
— TimesTabloid (@TimesTabloid1) June 15, 2025
Caution For Cryptocurrency Users
The incident highlights the importance of exercising extreme caution when sending crypto funds. Users are advised not to rely solely on copying addresses from previous transactions or partial verification based on familiar characters. Full address verification is highly necessary because scammers are relying on partial verifications.
Experts also recommend sending large amounts in smaller instalments rather than a single transaction. Mark Huber, a crypto user responding to the recent loss, stated that for large transfers, he would divide the total sum into smaller transactions of manageable amounts to reduce risk.
Other safety measures include using ENS domains, wallet address books, or dedicated verification tools to confirm the legitimacy of the recipient’s address. These practices can help prevent the loss of significant funds to address poisoning or other forms of wallet spoofing.
This incident is evidence that even experienced investors can fall victim to scams, especially address poisoning attacks. While copying addresses and prioritizing speed may seem convenient, it can result in devastating financial losses that may never be fully realized. Careful verification and cautious transaction practices cannot be overemphasized for anyone handling substantial cryptocurrency holdings.
Disclaimer: This content is meant to inform and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not represent Times Tabloid’s opinion. Readers are urged to do in-depth research before making any investment decisions. Any action taken by the reader is strictly at their own risk. Times Tabloid is not responsible for any financial losses.
Follow us on Twitter, Facebook, Telegram, and Google News
