A cryptocurrency investor has misplaced 4,556 Ethereum, valued at roughly $12.4 million, after falling sufferer to a complicated “address poisoning” assault.
Specter, a pseudonymous blockchain analyst, reported that the theft occurred roughly 32 hours after the attacker “dusted” the sufferer’s pockets with a nominal transaction.
How a Pretend Look-Alike Handle Value an Ethereum Holder Thousands and thousands
In line with Specter’s on-chain evaluation, the attacker spent two months monitoring the sufferer’s transaction exercise. Throughout this era, the hacker particularly recognized a deposit tackle used for OTC settlements.
Sponsored
Sponsored
A sufferer has misplaced 4,556 ETH (~$12.4M) to an address-poisoning assault.
The attacker had been dusting the sufferer’s pockets with a look-alike tackle mimicking the sufferer’s OTC deposit tackle for over two months. The current dusting occurred ~32 hours earlier than the loss, after which… pic.twitter.com/YBriKd65Fi
— Specter (@SpecterAnalyst) January 30, 2026
The attacker employed self-importance tackle era software program to engineer a look-alike pockets. This fraudulent tackle shared the very same beginning and ending alphanumeric characters because the sufferer’s supposed vacation spot.
Handle poisoning depends on the consumer’s tendency to examine solely the primary and previous couple of characters of a protracted hexadecimal string. On this occasion, the fraudulent tackle and the professional OTC tackle appeared similar at a look.
The attacker first initiated a minor transaction to the sufferer’s pockets, a tactic designed to populate the consumer’s exercise log. This strategic transfer ensured the corrupted tackle appeared prominently on the prime of the “recent transactions” historical past.
Counting on this compromised checklist, the sufferer inadvertently copied the poisoned tackle somewhat than the professional supply when making an attempt to maneuver the $12.4 million.
The Handle Poisoning Assault. Supply: Rip-off Sniffer
This incident marks the second main eight-figure theft through this particular vector in current weeks. Final month, a separate crypto dealer misplaced roughly $50 million in a virtually similar scheme.
Business stakeholders argue that these assaults are proliferating as a result of pockets interfaces typically truncate addresses to save lots of display area. This design selection successfully hides the center characters the place the discrepancies lie.
In the meantime, this breach raises critical questions relating to verification protocols amongst institutional-grade buyers.
Whereas retail merchants typically depend on copy-pasting addresses, entities transferring tens of millions usually make use of strict whitelisting procedures and take a look at transactions.
Consequently, blockchain safety agency Rip-off Sniffer has urged buyers to desert reliance on transaction historical past for recurring crypto funds. As an alternative, they suggest using verified, hard-coded tackle books to mitigate the danger of interface spoofing.
