A cryptocurrency trader suffered a loss of $600,000 in USDT on February 17, 2026, after falling victim to an address poisoning attack. Blockchain security firm Cyvers Alerts detected the incident using its real-time monitoring system. The attack involved the attacker sending a zero-value transaction to the victim's wallet, planting a fake address with similar visible characters into the victim's transaction history.
The victim, attempting to send funds to address "0x77f6ca8E…2E087a346," inadvertently copied a poisoned address and sent 599,496.93 USDT to the attacker's address "0x77f…8a346" instead. The entire attack unfolded over 32 minutes, with the initial poisoning occurring half an hour before the fraudulent transfer was executed.
This incident is part of a severe and escalating trend of address poisoning attacks in 2026. In December 2025, a trader lost $50 million in USDT in a similar scheme, the second-largest recorded loss of its kind. The attacker in that case quickly converted the stolen USDT to DAI and then to approximately 16,690 ETH, laundering most of it through Tornado Cash.
January 2026 saw two more major losses: $514,000 in USDT on January 16 and $12.25 million (4,556 ETH) two weeks later. Security firm ScamSniffer noted the addresses in the $12.25 million theft were virtually identical in their visible sections, with the only difference hidden in the abbreviated middle part of the address that most wallets do not display fully.
Cyvers specialists report that over one million address poisoning attempts are made daily on the Ethereum network alone. A separate study identified at least seven distinct attack groups actively running such campaigns on Ethereum, with some operating simultaneously on the Binance Smart Chain. Attackers typically target high-value wallets with frequent transactions and use statistical analyses of USDT and USDC balances to identify profitable victims.
Cyvers' CEO highlighted that the increase is driven by "the growing sophistication of attackers and the lack of pre-transaction security measures," noting that automated transaction tools often lack verification mechanisms. Following the $50 million loss, industry figures, including former Binance CEO Changpeng Zhao (CZ), called for wallet developers to implement default protections. CZ proposed that "all wallets should simply check if a receiving address is a 'poison address', and block the user."
In response, some wallet providers are exploring pre-execution risk assessments that simulate transactions before signing, while researchers advocate for address whitelisting features to eliminate reliance on transaction histories.
