Etherscan Warns Ethereum Users About Rising Address Poisoning Attacks

A pattern emerging across Ethereum transaction records reveals how automated scam campaigns are exploiting wallet behavior rather than technical vulnerabilities.

Etherscan issued an alert on March 12, 2026, warning that address poisoning attacks are rapidly increasing, with automation allowing attackers to flood user transaction histories with deceptive wallet addresses.

The warning highlights how these attacks rely on social engineering rather than protocol flaws. By inserting lookalike addresses into recent transaction lists, attackers attempt to trick users into copying the wrong destination when sending funds.

Automated Attack Activity Surges After Network Upgrade

According to the warning, the scale of these attacks increased significantly after Ethereum’s Fusaka upgrade, which was activated on December 3, 2025.

The upgrade reduced transaction costs across the network, lowering the barrier for attackers to launch large-scale campaigns. As a result, the number of so-called “dust transfers”, transactions typically worth less than $0.01, has surged across several major stablecoins.

Data referenced in the warning shows:

• USDT dust transfers increased by 612%
• USDC dust transfers rose by 473%
• DAI dust transfers climbed by 470%

These transactions are typically sent by automated bots that monitor blockchain activity in real time. When a legitimate transfer occurs, attackers quickly send a small transaction from a vanity address designed to resemble the correct destination wallet.

Because many users copy addresses from their recent transaction history, the fake address can appear legitimate at a glance.

High-Profile Losses Highlight the Risk

The consequences of these attacks can be significant when victims mistakenly copy a poisoned address.

In early March 2026, a user known as Sillytuna reportedly lost approximately $24 million in aEthUSDC after accidentally transferring funds to a spoofed wallet address.

Security researchers estimate that address poisoning scams have already caused roughly $62 million in losses during the first two months of 2026.

The scale of automated activity can also be intense. One reported victim received 89 automated poisoning alerts within just 30 minutes, triggered after making only two legitimate transfers.

How the Scam Works

Address poisoning relies on the fact that many cryptocurrency wallet interfaces only show the first and last few characters of a long address. Attackers generate vanity addresses that mimic those visible characters so that the fraudulent address appears nearly identical to the correct one.

Once the attacker sends a small transaction from this address, it becomes visible in the victim’s transaction history. If the user later copies the address from that history instead of verifying it manually, funds can be sent directly to the attacker.

Security Measures Recommended by Etherscan

To reduce the risk of falling victim to address poisoning attacks, Etherscan and blockchain security researchers recommend several protective measures.

Users should always verify the full wallet address, rather than relying on the abbreviated format shown in many interfaces. Even a single incorrect character can redirect funds permanently.

Another recommended step is enabling Etherscan’s Address Highlight feature, which visually marks trusted addresses or frequently used wallets to make suspicious ones easier to detect.

Security experts also suggest using Ethereum Name Service (ENS) addresses or wallet address books with private labels. These tools reduce the need to copy addresses from transaction histories where spoofed entries may appear.

Finally, many blockchain explorers now hide zero-value or suspicious dust transfers by default, helping prevent malicious entries from appearing in a user’s recent transaction list.

Growing Threat for Ethereum Users

Address poisoning campaigns demonstrate how attackers increasingly rely on automation and behavioral manipulation rather than direct protocol exploits. As transaction costs fall and network activity expands, the ability to run high-volume scam campaigns becomes easier for malicious actors.

For Ethereum users, the warning underscores a simple but critical habit: always confirm the entire destination address before sending funds, especially when copying it from a transaction history.

The post Etherscan Warns Ethereum Users About Rising Address Poisoning Attacks appeared first on ETHNews.