Just one victim lost $12.2 million in January by copying the wrong address from their transaction history in an “address poisoning attack,” adding to a similar $50 million attack in December, according to Scam Sniffer.
Address poisoning is when attackers send small transactions, or “dust,” from addresses that look similar to those in the target’s transaction history, hoping the victim will copy the wrong address.
Scam Sniffer added that signature phishing also surged recently, with $6.27 million stolen from 4,741 victims in January, a 207% increase compared to December.
Two wallets accounted for 65% of all signature phishing losses.
Signature phishing is slightly different as it tricks users into signing malicious blockchain transactions, such as unlimited token approvals.
Address poisoning trend not slowing down
“Address poisoning is one of the most consistent ways large amounts of crypto get lost,” reported security firm Web3 Antivirus on Thursday.
Some of the largest address-poisoning losses it tracked over time ranged from $4 million to $126 million. “Recent incidents show this trend isn’t slowing down,” they stated.
Related: Stablecoin ‘dust’ txs on Ethereum triple post-Fusaka: Coin Metrics
The researchers explained that address poisoners “generate full addresses that match the same first/last few characters you see, but the middle is different, so it looks ‘identical.’”
Dust attacks on Ethereum have surged
Analysts speculate that the Ethereum Fusaka upgrade in December has contributed to the increase in attacks by making the network cheaper to use in terms of transaction costs.
Stablecoin-related dust activity is now estimated to make up 11% of all Ethereum transactions and 26% of active addresses on an average day, reported Coin Metrics earlier in February.
The firm analyzed over 227 million balance updates for stablecoin wallets on Ethereum from November 2025 through January 2026, finding that 38% were under a single penny — “consistent with millions of wallets receiving tiny poisoning deposits,” it stated.
Blockchain intelligence firm Whitestream reported on Sunday that the decentralized DAI stablecoin “has gained a reputation as a preferred stablecoin for illicit actors, serving as a ‘parking place’ for illegally sourced funds.”
“This is due to the protocol’s governance, which does not cooperate with authorities in freezing DAI wallets,” it stated, referencing recent address poisoning attacks.
Magazine: 6 weirdest devices people have used to mine Bitcoin and crypto
