Address Poisoning Scam Statistics 2026: Shocking Losses & How to Stay Safe

Address poisoning scams are a growing category of cryptocurrency phishing fraud that exploits the way blockchain wallet addresses are copied and reused. These scams quickly insert malicious addresses that look nearly identical to legitimate ones, tricking victims into sending funds to attackers instead of intended recipients. Fraudulent address poisoning activities contributed to billions in digital asset losses, drawing attention from law enforcement and blockchain security analysts.

As institutions and individual investors face mounting threats, from enterprise‑level attacks to small‑scale copy‑paste errors, the impact touches retail traders and major wallets alike. Below, explore how widespread address poisoning has become and what the latest data reveals about its prevalence and impact.

Editor’s Choice

• Over 270 million poisoning attempts have been identified on Ethereum alone.
• 82,031 scam addresses linked to one major campaign targeting Ethereum users.
• 2,774 distinct victims sent funds in a single documented poisoning campaign.
• Victim wallets in a major campaign held average balances > $338,900.
• 6,633 confirmed incidents caused at least $83.8 million in documented losses in research datasets.
• Individual high‑impact losses include ~$50 million and ~$68 million cases.

Recent Developments

• Blockchain security analyses uncovered over 270 million poisoning attempts on major platforms like Ethereum, emphasizing both scale and frequency.
• One high‑profile poisoning effort generated 82,031 fake addresses used to ensnare potential victims.
• Victim counts for major campaigns reached into the thousands (2,774 wallets), sending value to scam addresses.
• Analysts note that sophisticated poisoning tools leveraging dark web services and malware increase automation and effectiveness.
• Chainalysis and other threat intelligence firms report broader ecosystem risks as address poisoning tactics evolve alongside blockchain usage growth.
• Law enforcement and forensic firms have started tracking poisoning attacks as a distinct crypto crime typology alongside phishing and ATM scams.

Types of Data Most Commonly Compromised

• Credentials are the most exposed data type, involved in 63% of security breaches, highlighting weak password hygiene and credential reuse risks.
• Internal company data was compromised in 32% of incidents, underscoring vulnerabilities in enterprise systems and access controls.
• Personal data, including names and identifiable details, appeared in 24% of breaches, increasing identity theft and fraud risks.
• Other data types accounted for 21% of compromised information, reflecting a broad attack surface beyond traditional data categories.

Don't chase the news. Let us curate it.

You get one weekly briefing with only the stories that matter. If the market is quiet, we skip it.

Get the Weekly Briefing - it's free!

✅ Join readers from Visa, Vanguard, and the FDIC.

Address Poisoning Scam Overview

• $50 million USDT was stolen in a single attack in December 2025.​
• December 2025 crypto hacks totaled $76 million across 26 incidents, with address poisoning prominent.​
• 6,633 total incidents caused at least $83.8 million in losses as of late 2025.​
• 82,031 fake addresses seeded in one Ethereum campaign targeting experienced users.​
• Victims sent $69.7 million to poisoned addresses from 2,774 wallets in the analyzed campaign.​
• The success rate is low at 0.03% of fake addresses receiving over $100 from victims.​
• Campaign ROI reached 58,363% potentially, netting $3 million after a major return.​
• $2.2 billion total crypto losses in 2025, address poisoning among key vectors.

Number of Address Poisoning Victims

• Research shows ≈17 million unique victim addresses were targeted by poisoning attempts across major blockchains like Ethereum and BSC.
• Out of those, only 6,633 poisoning attempts resulted in confirmed transfers where funds were actually sent.
• This means only 0.04% of attempted targets became actual victims in major campaigns.
• Hundreds of smaller victims have been recorded in routine weekly incidents, such as $1.6 million in losses in August 2025, tied to multiple victims.
• Liston estimates tens of victims losing between $62K and $880K in typical poisoning events.
• Individual large attacks may only involve 1–10 victims, but with high dollar losses per person.
• Victim statistics are still evolving because many losses go unreported or untracked on‑chain.
• Security analyses note that active users with long transaction histories are more frequently targeted than casual wallets.
• The majority of victims are experienced traders with larger portfolio balances due to scammers’ focus on high-value potential.

Global Prevalence of Address Poisoning Scams

• Over 270 million attempted poisoning attacks identified on Ethereum and BSC through mid-2025.
• ​17 million victims targeted across the Ethereum and BSC networks.​
• 252 million poisoning transfers on BSC alone, including 141 million zero-value ones.
• 15 million spoofed addresses flagged by Binance on Ethereum and BSC.

• At least 6,633 distinct incidents caused $83.8 million in measurable financial losses.​
• 82,031 fake wallet addresses generated in a single major Ethereum campaign.​​
• $50 million was lost in a December 2025 address poisoning incident on TRON.​
• 2,774 wallets sent $69.7 million to poisoned addresses in the analyzed campaign.​
• Over 10% of 2025 reported wallet drains were attributed to address poisoning.​
• $76 million total December 2025 hacks, with poisoning prominent.

Total Funds Stolen via Address Poisoning

• Academic measurements attribute at least $83.8 million in direct theft from confirmed address poisoning scams.
• Separate monthly crypto reports highlight a single poisoning loss of ~$50 million USDT in December 2025.
• Smaller weekly poisoning losses can sum to more than $1.6 million in a single week, as seen in mid‑2025.
• Combined with non‑public losses, many analysts estimate total poisoning theft is over $100 million, but difficult to quantify precisely.
• Broader crypto theft in 2025, including poisoning and other types, reached $3.4 billion across all scams.
• In some academic projections, poisoning losses are increasing year‑over‑year as scammers refine tactics.
• Smaller individual cases, e.g., 140 ETH or 500 K USDT losses, collectively contribute materially despite appearing modest.
• Funds stolen are often rapidly laundered using privacy tools and DeFi mixers.

Average and Median Loss per Victim

• In the large poisoning campaign analyzed, average victim wallets held over $338,900 in balance, with a median closer to $1,000.
• Many typical poisoning victims lose moderate amounts (e.g., $62K–$880K) in individual attacks.
• Some weekly aggregated losses exceeded $1.6  million across victims, showing a wide distribution of individual losses.
• The large $50  million case severely skews the average, making mean loss figures less useful without median context.
• Smaller scams, e.g., $1.25  million event, indicate mid‑range loss profiles around $100K–$500K.
• Median poisoning theft per confirmed victim is still much lower than average due to outliers.
• Loss per victim varies by blockchain and token type (ETH vs stablecoin).
• Loss patterns suggest volatility, and user behavior largely determines economic impact per attack.

Blockchain Networks Most Targeted by Address Poisoning

• Ethereum saw 17.3 million poisoning transfers targeting 1.3 million victims.​
• BSC recorded 252 million poisoning transfers targeting 16 million victims.

• TRON featured $50 million loss in a major address poisoning scam in December 2025.​
• Ethereum hosted 82,031 seeded addresses in a large-scale campaign.​
• BSC attacks averaged 105 transfers per block on peak days.​
• Ethereum 6,633 incidents caused $83.8 million losses across chains.​
• 4,249 poisoning entities on Ethereum, BSC, Base, and Polygon.​
• 1.37 million addresses linked to poisoning on EVM chains.​
• BSC attackers gained $4.5 million from 4,004 victims.​
• Ethereum gas for poisoning reached 6.6% of the daily total.

Largest Known Address Poisoning Incidents

• A crypto user lost nearly $50 million in USDT due to an address poisoning scam in late 2025.
• Earlier 2024 reporting showed a potential $68 million WBTC loss in a major poisoning campaign, which was later partially recovered.
• Additional large individual cases include hundreds of thousands in ETH or USDT transfers lost in single-user mistakes.
• Three major breaches in 2025, largely non‑poisoning, made up most crypto theft but highlight the magnitude of all loss vectors.
• Some scam returns, partial or full restitution, have occurred, but such events are rare and not guaranteed.
• Analysts warn that undisclosed large poisoning losses likely exist beyond on‑chain detection.
• Legal actions and bounties are emerging to recover or deter large thefts.

Success Rate of Address Poisoning Attempts

• In documented campaigns, only ≈0.03% of seeded poisoning addresses received any funds from victims.
• Of the 270 million poisoning attempts identified, just 6,633 resulted in successful transfers.
• Most poisoning attempts fail because victims either test transaction amounts or otherwise avoid sending value.
• Smaller value test payments, e.g., under $100, often represent victim hesitation that stops greater loss.
• The success rate per poisoning address remains low, but high‑value successes drive overall losses.
• A low percentage of attempted poisonings still results in significant absolute loss due to large transaction sizes.
• Behavioral patterns, e.g., the habit of copying from history, influence success likelihood.
• Wallet interfaces that obscure characters can inadvertently inflate success odds.

Address Poisoning vs Other Crypto Scam Types

• Phishing losses $83.85 million in 2025, down 83% year-over-year.​
• Pig butchering scams caused $5.7 billion in consumer losses in 2025, and investment fraud.​
• Total crypto scams reached $12.4 billion in 2025, with address poisoning 10% of wallet losses.​
• Address poisoning $50 million single incident vs $76 million total December hacks.​
• $2.2 billion total crypto exploit losses in 2025, poisoning a smaller share.​
• Investment scams like pig butchering topped $5.7 billion in FTC-reported losses.​
• Phishing drainer attacks dropped sharply, resulting in higher severity per case.​
• Pig butchering 33% of crypto scams per Chainalysis study.

Activity by Region or Jurisdiction

• North America saw a 1,740% increase in deepfake fraud tied to poisoning in 2022-2023.​
• Southeast Asia hosts 74% of global scam trafficking victims, including poisoning ops.​
• U.S. reports 2,179 fraud cases per 100,000 residents in Florida alone.​
• Asia-Pacific deepfake scams exploded 194% in 2024, linked to poisoning.​
• South Korea’s voice phishing losses are on track for $718 million in 2025.​
• Japan telecom fraud jumped 19% to $295 million in 2023.​
• Brazil highest spam exposure, with 94% citizens experiencing monthly scam attempts.​
• Eastern Europe CEX used to launder $3 million from Ethereum poisoning.​
• West Africa is an emerging scam hub with poisoning centers.

Campaign Sizes and Structures

• 82,031 lookalike addresses generated by 8 seeder wallets in one Ethereum campaign.​
• The campaign spanned 66 days, yielding $3 million net profit excluding returned funds.​
• September 2025 detected 32,290 events affecting 6,516 unique victims across multiple chains.​
• 270 million total attempts identified across Ethereum (17.3 million) and BSC (252 million).​
• 6,633 successful incidents caused $83.8 million USD losses.​
• Daily median 988 events, peak 2,635 on Sep 6, 2025.​
• 13,864 stablecoin transactions (USDT/USDC) in the monthly data.​
• Single transaction with 16 simultaneous poisonings via smart contracts.​
• 17 million victims targeted globally in aggregated campaigns.​
• USDT victims 2,000, USDC 1,745 in September analysis.

Victim Profile and Wallet Balance Characteristics

• Victim wallets averaged $338,900 balance, median $1,000.​
• Victims averaged 598 transfers, 512 days on-chain activity.​
• 2,774 victim wallets sent $69.7 million to poisoned addresses.​
• 1.3 million Ethereum victims, 16 million BSC victims targeted.​
• 6,516 unique victims in 32,290 September 2025 events.​
• 2,000 USDT victims, 1,745 USDC victims in the monthly data.​
• 68 million wrapped Bitcoin was lost by one high-value victim.​
• $50 million USDT was stolen from a stablecoin-heavy trader wallet.​
• Victims have 4x more transfers than average Ethereum wallets.

Attack Techniques and Variants in Address Poisoning

• 270 million on-chain attacks using dust, zero-value, fake token transfers.​
• 362,934 poisoning transfers in one day, 6.6% Ethereum gas usage.​
• 2,900 batching contracts deployed to reduce multi-address seeding costs.​
• 2,300 fake ERC-20 tokens mimicking USDT, USDC, WETH.​
• 6 million phishing addresses from 8,000 attacker funding wallets.​
• 1 million addresses are poisoned by a single BSC smart contract.​
• Zero-value spoofing seeded 141 million BSC transfers.​
• 16 simultaneous poisonings in one smart contract transaction.​
• 50 transfers per block peak BSC flooding rate.​
• GPU-accelerated lookalike generation for 82,031 Ethereum addresses.

Regulatory and Law Enforcement Response to Address Poisoning

• 158,000 personal wallets were compromised in 2025, prompting U.S. regulatory standards.​
• GENIUS Act 2025 mandates stablecoin frameworks addressing scam protections.​
• SAFE Crypto Act creates a task force for fraud detection, including poisoning.​
• 80% jurisdictions saw institutions launch digital asset security initiatives in 2025.​
• 36.5% victim reduction in crypto investments post-poisoning incidents.​
• May-Oct 2025 surge in address poisoning cases for government clients.​
• CORM framework adopted for operational risk in poisoning mitigation.​
• 16 simultaneous poisonings traced in one investigated smart contract.

Frequently Asked Questions (FAQs)

Conclusion

Address poisoning scams represent a persistent and evolving threat within the broader ecosystem of crypto fraud. The combination of high‑value potential targets, automated attack infrastructure, and human‑behavior exploitation has enabled scammers to refine techniques and scale globally. While the absolute success rate per attempt remains low, the impact of even a few successful hits can be financially crushing, especially when stablecoins and large wallets are involved.

Across regions, regulators and law enforcement are responding with enhanced surveillance tools and collaboration frameworks, yet detection and prevention still lag behind attacker innovation. For users and institutions alike, vigilance in verifying addresses and adopting proactive wallet security practices is essential to reduce exposure.