Address Poisoning
A wallet scam where attackers plant lookalike addresses in your transaction history so you might copy the wrong recipient later.
Address poisoning is a social engineering attack that targets how people copy and reuse crypto wallet addresses. An attacker sends a tiny amount of crypto, a worthless token, or even a zero-value transaction from an address that looks similar to one you have used before, often matching the first and last few characters. The goal is to make that fake address appear in your wallet or block explorer history, where you might later copy it by mistake.
It matters because blockchain transactions are usually irreversible: if you send funds to the poisoned address, the attacker controls them and recovery is unlikely. For example, if you often send USDT to a business partner, a scammer may create an address that starts and ends like your partner’s and then “poison” your history with it. A safer habit is to verify the full address, use saved contacts or address books, send a small test transaction for new recipients, and avoid copying addresses directly from recent transaction lists.
Other terms in Wallets & Security
Approval Phishing
A scam that tricks users into granting a malicious wallet or smart contract permission to spend tokens from their wallet.
BIP-39
A standard for turning wallet backup data into a human-readable seed phrase, usually 12 or 24 words.
Crypto Wallet
A tool that stores and manages the private keys needed to access and use cryptocurrency on a blockchain.
Custodial Wallet
A wallet where a third party, such as an exchange, holds the private keys and controls access to the crypto on your behalf.