An Ethereum investor has suffered a costly mistake after accidentally sending more than $12 million worth of crypto to a fraudulent wallet, highlighting the growing risk of so-called “address poisoning” scams on public blockchains.
- An Ethereum investor lost 4,556 sETH, worth about $12.4 million, due to an address poisoning scam.
- Attackers used a fake wallet with matching first and last characters to mimic Galaxy Digital’s deposit address.
- Copying addresses from transaction history remains one of the biggest security risks in crypto transfers.
According to blockchain analytics firm Lookonchain, the victim lost 4,556 sETH – valued at roughly $12.4 million at the time – after copying the wrong wallet address while attempting to transfer funds to Galaxy Digital.
How the scam unfolded
The investor was a frequent user of Galaxy Digital’s deposit address and had previously sent funds there multiple times without issue. Attackers took advantage of this behavior by generating a malicious “poison” address designed to closely resemble Galaxy Digital’s real deposit wallet. The fake address shared the same first and last four characters, making it visually convincing at a glance.
To set the trap, the attacker repeatedly sent small “dust” transactions to the victim’s wallet. These transactions appeared in the account’s history alongside legitimate transfers to Galaxy Digital. When the investor later initiated a large deposit, they copied the address directly from their transaction history, unknowingly selecting the attacker’s lookalike address instead of the real one.
Within seconds, the funds were irreversibly transferred to the fraudulent wallet.
Why address poisoning is so dangerous
Address poisoning exploits a common habit among crypto users: copying previously used addresses from transaction histories for convenience. Because blockchain addresses are long and unreadable, many users only verify the first and last few characters, which is exactly what attackers rely on.
Once a transaction is confirmed on the Ethereum network, it cannot be reversed, even if the destination is clearly fraudulent. In this case, the attacker successfully walked away with millions in a single transfer.
A costly reminder for crypto investors
The incident serves as another warning that even experienced investors are vulnerable to simple operational mistakes. As crypto values rise, address poisoning scams have become more frequent, targeting wallets known to handle large sums.
Security experts consistently advise users to whitelist verified addresses, double-check full wallet strings, and avoid copying addresses from transaction histories.
The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
Source: https://coindoo.com/fake-wallet-scam-drains-12m-from-ethereum-investor-in-single-transaction/