A cryptocurrency investor has lost 4,556 Ethereum, valued at approximately $12.4 million, after falling victim to a sophisticated “address poisoning” attack.
Specter, a pseudonymous blockchain analyst, reported that the theft occurred roughly 32 hours after the attacker “dusted” the victim’s wallet with a nominal transaction.
How a Fake Look-Alike Address Cost an Ethereum Holder Millions
According to Specter’s on-chain analysis, the attacker spent two months monitoring the victim’s transaction activity. During this period, the hacker specifically identified a deposit address used for OTC settlements.
A victim has lost 4,556 ETH (~$12.4M) to an address-poisoning attack.
The attacker had been dusting the victim’s wallet with a look-alike address mimicking the victim’s OTC deposit address for over two months. The recent dusting occurred ~32 hours before the loss, after which… pic.twitter.com/YBriKd65Fi
— Specter (@SpecterAnalyst) January 30, 2026
The attacker employed vanity address generation software to engineer a look-alike wallet. This fraudulent address shared the exact same starting and ending alphanumeric characters as the victim’s intended destination.
Address poisoning relies on the user’s tendency to check only the first and last few characters of a long hexadecimal string. In this instance, the fraudulent address and the legitimate OTC address appeared identical at a glance.
The attacker first initiated a minor transaction to the victim’s wallet, a tactic designed to populate the user’s activity log. This strategic move ensured the corrupted address appeared prominently at the top of the “recent transactions” history.
Relying on this compromised list, the victim inadvertently copied the poisoned address rather than the legitimate source when attempting to move the $12.4 million.
The Address Poisoning Attack. Source: Scam Sniffer
This incident marks the second major eight-figure theft via this specific vector in recent weeks. Last month, a separate crypto trader lost approximately $50 million in a nearly identical scheme.
Industry stakeholders argue that these attacks are proliferating because wallet interfaces often truncate addresses to save screen space. This design choice effectively hides the middle characters where the discrepancies lie.
Meanwhile, this breach raises serious questions regarding verification protocols among institutional-grade investors.
While retail traders often rely on copy-pasting addresses, entities moving millions typically employ strict whitelisting procedures and test transactions.
Consequently, blockchain security firm Scam Sniffer has urged investors to abandon reliance on transaction history for recurring crypto payments. Instead, they recommend utilizing verified, hard-coded address books to mitigate the risk of interface spoofing.
The post Crypto Investor Loses Over $12 Million in Ethereum to ‘Address Poisoning’ Scam appeared first on BeInCrypto.