Grafa logo

Crypto investor loses $12M to Ethereum poisoning scam

Written by Jon CuthbertPublished Jan. 31 2026Last Updated Jan. 31 2026

Share

A cryptocurrency investor has lost 4,556 Ethereum, worth about $12.4 million, after falling victim to an address poisoning scam involving a fake look-alike wallet address.

The incident was flagged by Specter, a pseudonymous blockchain analyst, who said the theft occurred around 32 hours after the attacker first interacted with the victim’s wallet.

According to on-chain data, the attacker initially sent a small “dust” transaction to the victim to manipulate the wallet’s transaction history.

Address poisoning scams exploit the way users visually verify wallet addresses by checking only the first and last characters.

In this case, the attacker created a vanity address that closely matched the legitimate over-the-counter settlement address used by the victim.

The fraudulent address shared the same starting and ending characters as the intended destination, making it appear authentic at a glance.

Specter said the attacker monitored the victim’s wallet activity for nearly two months before executing the theft.

During this period, the attacker identified a frequently used deposit address linked to large OTC transactions.

The scammer then generated a deceptive address using specialised software designed to replicate specific character patterns.

A minor transaction was sent from the fake address to ensure it appeared in the victim’s recent transaction list.

When the victim later attempted to transfer the Ethereum, they copied the poisoned address from their transaction history.

As a result, the full 4,556 Ethereum was sent directly to the attacker’s wallet.

The loss represents one of the largest address poisoning incidents recorded this year.

The incident follows a similar case last month in which another crypto trader reportedly lost around $50 million using the same method.

Security analysts say these scams are increasing due to wallet interfaces that truncate long addresses for display.

This design choice hides the middle characters where most discrepancies occur between legitimate and fake addresses.

Industry observers warn that even experienced investors can fall victim to this form of visual deception.

The breach has raised concerns about verification standards among high-value and institutional crypto users.

While retail users often rely on copy-paste habits, large investors are expected to apply stricter safeguards.

Blockchain security firm Scam Sniffer advised users to stop relying on transaction history for repeat payments.

The firm recommended the use of verified address books and whitelisted destinations for large transfers.

Experts also suggest performing small test transactions before moving significant amounts of cryptocurrency.

The incident highlights ongoing security risks in self-custodied crypto transactions despite growing market maturity.

At the time of reporting, Ethereum price was $2,528.77.