Ethereum holder loses $12.4M to address‑poisoning scam after wallet ‘dusting’

A cryptocurrency investor lost 4,556 Ethereum — roughly $12.4 million — after mistakenly sending funds to a fraudulent wallet in an “address poisoning” attack, Specter, a pseudonymous blockchain analyst, reported.

Specter’s on-chain analysis said the attacker had spent about two months monitoring the victim’s activity and had been “dusting” the victim’s wallet with a look‑alike address that mimicked the victim’s OTC deposit address.

The attacker used vanity address generation to create a fake wallet that shared the exact same starting and ending alphanumeric characters as the legitimate address. A small, recent dusting transaction about 32 hours before the loss pushed the poisoned address to the top of the victim’s recent activity, and the victim copied that address when moving the funds.

BeInCrypto noted this is the second major eight‑figure theft via the same vector in recent weeks; last month another trader lost about $50 million in a nearly identical scheme. Security watchers say wallet interfaces that truncate addresses to save screen space make these look‑alike addresses easier to miss.

Blockchain security firm Scam Sniffer urged investors to stop relying on transaction history for repeat payments and instead use verified, hard‑coded address books to reduce the risk of interface spoofing, a recommendation highlighted after this breach.

address poisoning, wallet dusting, vanity address generation, interface spoofing, hard-coded address books, scam sniffer recommendation, specter on-chain analysis, otc deposit address, transaction history risk, whitelisting procedures, 12.4 million loss, 50 million theft