Address Poisoning Prevention
Protect yourself from copy-paste attacks and fake transaction history
What is Address Poisoning?
Address poisoning is a social engineering attack where scammers send tiny transactions from addresses that look similar to addresses you frequently interact with. The goal is to trick you into copying the wrong address when sending funds.
Because most users copy addresses from their transaction history rather than typing them manually, this attack exploits our reliance on recent activity as a source of truth.
How the Attack Works
Step 1: Attackers monitor the blockchain for active wallets and identify addresses they frequently send to.
Step 2: They generate a new address with matching first and last characters (e.g., if you send to 5ABC...XYZ9, they create 5ABx...xYZ9).
Step 3: They send a tiny transaction from this lookalike address to your wallet, polluting your transaction history.
Step 4: When you next want to send funds, you might copy this poisoned address instead of the real one.
Step 5: Your funds go directly to the attacker's wallet.
How to Protect Yourself
Use an Address Book Save frequently-used addresses in your wallet's address book and always send from there, never from transaction history.
Verify the Full Address Always check more than just the first and last few characters. Middle characters matter too.
Use Named Addresses ENS names and similar services make addresses human-readable and harder to spoof.
Be Suspicious of Small Deposits If you receive tiny amounts from unknown addresses, assume they might be poisoning attempts.