Crypto security incidents are increasingly being driven by simple user mistakes rather than complex hacks.
Address poisoning is emerging as one of the most damaging examples.
In January, a single victim lost $12.2 million after copying the wrong wallet address from their transaction history, according to Scam Sniffer.
That loss followed a similar $50 million incident in December.
The pattern highlights how attackers are exploiting routine copy-and-paste behaviour at scale, as dust-based scams and signature phishing expand across Ethereum and stablecoin networks.
Someone lost $12.25M in January by copying the wrong address from their transaction history. In December, another victim lost $50M the same way.
Two victims. $62M gone.
Signature phishing also surged — $6.27M stolen across 4,741 victims (+207% vs Dec).
Top cases:
· $3.02M —
Address poisoning keeps delivering big losses
Address poisoning works by flooding wallets with tiny transactions from addresses that closely resemble trusted ones.
These dust transfers appear in a user’s transaction history, increasing the risk that the victim later copies a malicious address by mistake.
Scam Sniffer said the January incident was a clear example of how a single error can lead to catastrophic losses.
Security firm Web3 Antivirus described address poisoning as one of the most consistent ways large amounts of crypto are lost, noting that it has tracked individual cases ranging from $4 million to as much as $126 million.
The firm added that recent cases suggest the trend is not slowing.
Researchers explained that attackers generate full wallet addresses matching the same first and last characters as legitimate ones, while changing the middle section.
When viewed quickly, especially in long transaction lists, the addresses can appear identical.
Signature phishing adds another layer of risk
Alongside address poisoning, Scam Sniffer reported a sharp rise in signature phishing activity.
In January, $6.27 million was stolen from 4,741 victims through malicious transaction signatures, representing a 207% increase compared with December.
Signature phishing relies on a different mechanism.
Instead of copying the wrong address, users are tricked into signing transactions that grant attackers permissions such as unlimited token approvals.
Once approved, funds can be drained without further action from the victim.
Losses were highly concentrated.
Scam Sniffer said just two wallets accounted for 65% of all signature phishing losses recorded during the month.
Cheaper Ethereum transactions fuel dust attacks
Analysts increasingly link the surge in dust-based scams to lower transaction costs on Ethereum.
Some speculate that the Fusaka upgrade in December reduced fees enough to make mass dusting campaigns more economical.
Coin Metrics reported earlier in February that stablecoin-related dust activity now accounts for about 11% of all Ethereum transactions and 26% of active addresses on an average day.
The firm analysed more than 227 million balance updates for stablecoin wallets between November 2025 and January 2026.
It found that 38% of those balance updates were under a single penny, a pattern consistent with widespread address poisoning deposits rather than normal transfers.
Stablecoins play a growing role
Blockchain intelligence firm Whitestream said decentralised stablecoins are increasingly involved in these flows.
It reported that DAI has developed a reputation as a preferred stablecoin for illicit actors, often being used as a temporary holding asset for illegally sourced funds linked to address poisoning attacks.
How did #DAI become the #stablecoin of choice for illicit actors on the blockchain? A recent case of address poisoning provides a practical example of this phenomenon.
Whitestream attributed this to DAI’s governance structure, which does not cooperate with authorities in freezing wallets.
That feature has made it attractive for moving or holding funds tied to recent dust-based scams.
The post Why address poisoning is becoming one of crypto’s costliest scams appeared first on Invezz
