Copy, Paste, Rekt: Ethereum address poisoning strikes again

An Ethereum user lost $600,000 on Tuesday morning to a common crypto scam known as ‘address poisoning.’

Highlighting the loss, SpecterAnalyst, a self-described “onchain investigator,” warned users to “always verify the entire wallet address.”

The costly mishap comes just one week after another user lost over $350,000 to the same scam, despite first sending a test transaction to the attacker’s address.

NEW DAY: A victim lost ~$600K to an address poisoning attack.

The victim initially sent $12 to the correct destination address (0x77f6ca8E…).

Shortly after, the wallet was spammed with txs from a look-alike address mimicking the original. About 30 minutes later, the victim… pic.twitter.com/WB0WFhOYfL

— Specter (@SpecterAnalyst) February 17, 2026

Read more: Crypto trader loses $50M USDT to address poisoning scam

Address poisoning is an attack vector in which scammers send spam transactions to genuine users, after they make a transfer.

The incoming transactions come from similar-looking addresses in the hopes that the user will confuse them for the intended address in future transfers. Fake versions of common token tickers may be transferred in these spam transactions, or small amounts of genuine assets.

The strategy requires generating a new, look-alike address with identical beginning and end characters, which the user accidentally copies and pastes into future transfers. 

Popular block explorers often abbreviate the middle portion of addresses to save space.

Read more: Refund of $70M ‘address poisoning’ scam ongoing, over 50% returned

Barabazs.eth, of the Ethereum Foundation and Ump.eth, proposes a partial solution to this issue. The tool allows for visually truncated addresses, while the full text remains searchable for users to double-check before transfers.

However, using an address book is far safer than copying addresses from a block explorer.

After Ethereum’s Fusaka upgrade lowered transaction costs, address poisoning has surged. The volume of freshly created addresses has risen sharply following the protocol upgrade in December last year, according to research from Andrey Sergeenkov.

Test failed successfully

In the wake of today’s loss, SpecterAnalyst also drew attention to a significant loss from last week.

This time, the user even sent a test transaction to the scammer’s spoofed address, but “the test fund was not properly confirmed before sending the main amount.”

The simple error led to a loss of over $350,000.

SpecterAnalyst suggests that, for this user, testing became “a routine step rather than serving its actual purpose of confirming the correct destination address.”

Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.