Audit log

Every state-changing event for Mass Address Poisoning Campaign (Ethereum 2025-2026): moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-06-02 20:05:05Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 423,878,445

   sig

   hZ4kmVvuVCxx…6A5NLKE2copyexplorer ↗

   hash

   DXrYGoQQ4t7q…TspMMM9ocopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (31952 B) ▸

   {"actor":"system:backfill","investigation_id":"4f53560f-9177-4599-9e66-fbe56adbef66","kind":"publish","page_slug":"mass-address-poisoning-campaign-ethereum-2025-2026","published_at":"2026-06-02T20:05:05.365Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Mass Address Poisoning Campaign (Ethereum 2025-2026)","sections":[{"content":"Address poisoning is a social-engineering attack that exploits how crypto wallet interfaces abbreviate long hexadecimal addresses. Attackers generate vanity wallet addresses that share the first several and last several characters with a legitimate address the victim has previously transacted with. They then broadcast tiny 'dust' transactions (often fractions of a cent) to the victim's wallet, inserting the lookalike address into the victim's on-chain transaction history. When the victim later copies an address from that history without verifying the full string, they inadvertently send funds to the attacker. The 2025–2026 Ethereum campaign represents a qualitative escalation from prior activity: the attack stack has been commercialized and is sold as a turnkey service on Telegram, complete with dashboard UIs, bot tooling for EVM and Solana chains, and automated mempool monitoring. One Telegram operator advertised that a customer earned approximately $185,000 from a single transaction. Smart contracts are used to fan-fund hundreds of poisoning addresses in a single on-chain transaction, dramatically reducing per-address cost.","heading":"Campaign Overview","severity":"critical","sources":[{"credibility":2,"name":"Blockaid: Address Poisoning — The Growing Threat Draining Millions from Crypto Users","type":"research","url":"https://www.blockaid.io/blog/address-poisoning-the-growing-threat-draining-millions-from-crypto-users"},{"credibility":2,"name":"CryptoDaily: Address Poisoning in 2026 — How the Attack Became an Industry","type":"news_article","url":"https://cryptodaily.co.uk/2026/04/address-poisoning-in-2026-how-the-attack-became-an-industry-and-why-victims-still-have-options"},{"credibility":1,"name":"Academic paper: Blockchain Address Poisoning (Tsuchiya et al., USENIX Security 2025)","type":"research","url":"https://arxiv.org/html/2501.16681v1"}]},{"content":"ScamSniffer, a Web3 anti-scam firm, reported on February 8, 2026 that two victims lost a combined $62.25 million to address poisoning between December 2025 and January 2026: approximately $50 million in USDT in December 2025 and approximately $12.25 million (4,556 ETH) on January 30, 2026. Blockaid has flagged over 65.4 million address poisoning transactions on-chain since January 2025, averaging more than 160,000 per day. Of those, approximately 316,000 are confirmed successful attacks in which a victim transferred funds to a poisoned address — a success rate of roughly 1 in 200 attempts. Poisoning attempts spiked 5.5x from an estimated 628,000 in November 2025 to approximately 3.4 million in January 2026. An academic study covering the two-year period from July 2022 to June 2024 across Ethereum and BNB Smart Chain quantified 270 million total poisoning transfer attempts, 17 million targeted victim addresses, 6,633 confirmed successful attacks, and $83.8 million in verified losses — a figure predating the 2025–2026 surge. Post-Fusaka (after December 3, 2025), one documented attacker deployed approximately 3 million dust transfers across over 1 million addresses for a total cost of $5,175, illustrating the near-zero marginal cost of the industrialized campaign.","heading":"Scale and Financial Losses","severity":"critical","sources":[{"credibility":2,"name":"CoinTelegraph: Two Victims Lose $62 Million To Address Poisoning Since December","type":"news_article","url":"https://cointelegraph.com/news/over-62m-lost-address-poisoning-since-december-scam-sniffer"},{"credibility":2,"name":"Blockaid: Address Poisoning — The Growing Threat Draining Millions from Crypto Users","type":"research","url":"https://www.blockaid.io/blog/address-poisoning-the-growing-threat-draining-millions-from-crypto-users"},{"credibility":2,"name":"Crypto.news: Ethereum address poisoning costs $62M in two months — ScamSniffer","type":"news_article","url":"https://crypto.news/ethereum-address-poisoning-coas-6-2-m-two-months-2026/"},{"credibility":1,"name":"Academic paper: Blockchain Address Poisoning (Tsuchiya et al., USENIX Security 2025)","type":"research","url":"https://arxiv.org/html/2501.16681v1"}]},{"content":"Ethereum's Fusaka protocol upgrade activated on December 3, 2025 and reduced transaction fees by approximately sixfold. Before the upgrade, the per-transaction cost of broadcasting dust made mass-scale campaigns economically marginal; after it, the cost barrier was effectively removed. Coin Metrics analyzed 227 million USDC and USDT balance updates on Ethereum from November 2025 through January 2026 and found that stablecoin dust transactions (those under $1) accounted for approximately 11% of all Ethereum transactions and roughly 26% of active addresses on an average day post-upgrade. Daily dust transactions surged from approximately 30,000 pre-Fusaka to a peak of 510,000 in January 2026, with a daily average of approximately 167,000. USDT dust transfers specifically jumped from approximately 4.2 million to nearly 29.9 million (a 612% increase), and USDC dust transfers rose from 2.6 million to 14.9 million (473% increase). The top 10 senders accounted for 8.5 million dust transfers; a single top attacker address generated nearly 3 million dust transfers to over 1 million unique wallets. Ethereum overtook BNB Smart Chain as the most poisoned chain in the period following the Fusaka upgrade. Coin Metrics noted that the majority of post-Fusaka network growth still reflects genuine usage, but that dust activity represents a structurally persistent tax on network resources and user attention.","heading":"Ethereum Fusaka Upgrade as Catalyst","severity":"high","sources":[{"credibility":2,"name":"Coin Metrics State of the Network Issue 349: Ethereum Post-Fusaka Activity Surge — Address Poisoning","type":"research","url":"https://coinmetrics.substack.com/p/state-of-the-network-issue-349"},{"credibility":2,"name":"CoinTelegraph: Ethereum Dust Attacks Have Increased Post-Fusaka","type":"news_article","url":"https://cointelegraph.com/news/ethereum-post-fusaka-dust-attacks-overstated-making-only-11-of-txs-research"},{"credibility":2,"name":"The Defiant: Fusaka Upgrade Fuels Record Address Poisoning on Ethereum","type":"news_article","url":"https://thedefiant.io/news/blockchains/fusaka-upgrade-fuels-record-address-poisoning-on-ethereum"},{"credibility":2,"name":"BeInCrypto: Address Poisoning Attacks Surge on Ethereum Following Fee Reduction","type":"news_article","url":"https://beincrypto.com/ethereum-address-poisoning-fusaka-surge/"}]},{"content":"On December 19, 2025, an unnamed crypto user lost $49,999,950 USDT in what security firm Web3 Antivirus identified as the largest single address poisoning theft on record at the time. The victim's wallet had been active for approximately two years and was primarily used for USDT transfers. The victim had previously sent a $50 USDT test transaction to a legitimate destination address, a precautionary practice common among high-value traders. An attacker monitoring the mempool detected this test transaction, generated a vanity address matching the first three and last four characters of the legitimate destination, and sent a small dust transaction to the victim's wallet, inserting the lookalike address into transaction history. Twenty-six minutes after the test transaction, the victim copied an address from their history and sent 49,999,950 USDT to the attacker's address. CoinDesk reported this incident on December 20, 2025, and provided transaction hash 0x5f71bd8125a2316567704c161fb6239c7a86993f50c25839bfb2079e108936e7 as the victim's on-chain message. The attacker converted the stolen USDT to DAI (to avoid Tether's centralized freeze capability), then swapped DAI for approximately 16,690 ETH, and deposited approximately 16,680 ETH into Tornado Cash, a sanctioned cryptocurrency mixer, within approximately 30 minutes of receipt. The victim published an on-chain message demanding return of 98% of funds within 48 hours and offered a $1 million white-hat bounty; no recovery is documented. This incident prompted Binance co-founder Changpeng Zhao (CZ) on December 24, 2025 to publicly call for all wallets to implement default address-poisoning detection and to participate in real-time shared blacklists.","heading":"December 2025 Incident: $50 Million USDT Loss","severity":"critical","sources":[{"credibility":1,"name":"CoinDesk: Crypto User Loses $50 Million in Address Poisoning Scam","type":"news_article","url":"https://www.coindesk.com/web3/2025/12/20/crypto-user-loses-usd50-million-in-address-poisoning-scam"},{"credibility":2,"name":"Yahoo Finance: Address Poisoning Scam — One Copy-Paste Mistake Cost a Crypto Trader $50 Million","type":"news_article","url":"https://finance.yahoo.com/news/address-poisoning-scam-one-copy-112053972.html"},{"credibility":2,"name":"CryptoPotato: After $50M USDT Theft, Binance's CZ Pushes Wallets to Block Poison Addresses by Default","type":"news_article","url":"https://cryptopotato.com/after-50m-usdt-theft-binances-cz-pushes-wallets-to-block-poison-addresses-by-default/"}]},{"content":"On January 30, 2026, a victim lost 4,556 ETH (approximately $12.4 million at the time) after sending what appeared to be a routine transfer to an OTC (over-the-counter) deposit address. Blockaid documented that the attacker had conducted a sustained two-month dusting campaign beginning in December 2025, systematically sending dust transactions to the victim's wallet to ensure the poisoned address appeared consistently in the victim's history. The attacker generated a vanity address matching both the prefix and suffix of the victim's legitimate OTC counterparty address. ScamSniffer disclosed this incident on February 8, 2026 alongside the December 2025 case. Blockchain news outlet blockchain.news reported the loss as 4,556 tokens (ETH), noting the victim copied the on-chain history address. The sophistication of this attack — two months of preparatory dusting before execution — indicates a high degree of operational planning and target selection.","heading":"January 30, 2026 Incident: 4,556 ETH ($12.4 Million) Loss","severity":"critical","sources":[{"credibility":2,"name":"Blockaid: Address Poisoning — The Growing Threat Draining Millions from Crypto Users","type":"research","url":"https://www.blockaid.io/blog/address-poisoning-the-growing-threat-draining-millions-from-crypto-users"},{"credibility":2,"name":"Blockchain.news: Address Poisoning Phishing Hits Crypto Whale Again — 4556 Tokens Lost","type":"news_article","url":"https://blockchain.news/flashnews/address-poisoning-phishing-hits-crypto-whale-again-4556-tokens-lost-after-copying-on-chain-history-address"},{"credibility":3,"name":"BingX News: ScamSniffer — $12.25M in January, $50M in December","type":"news_article","url":"https://bingx.com/en/news/post/scamsniffer-m-in-january-m-in-december-ethereum-daily-transactions-surge"}]},{"content":"Beginning on or around January 26, 2026, a distinct but related campaign exploited a feature of the Safe{Wallet} multi-signature wallet platform. Attackers discovered that any user can create a new Safe contract and add an existing Safe as one of its owners, causing the newly created Safe to appear automatically in the parent Safe's user interface as a 'nested Safe' — without any action or authorization from the parent's signers. Attackers bulk-created approximately 15,000 malicious proxy Safe addresses with lookalike addresses closely matching victims' legitimate nested Safes, and pre-signed drain transactions on these malicious Safes so any funds sent to them would be immediately forwarded to attacker-controlled wallets. Blockaid's research team identified the campaign and worked with the Safe team to flag all identified malicious addresses. Safe subsequently built backend filtering to detect lookalike addresses matching prefix and suffix patterns, and developed improved curation UX requiring users to explicitly select and verify nested Safes before they appear in the interface.","heading":"Safe{Wallet} Nested Safe Exploitation (January 2026)","severity":"high","sources":[{"credibility":2,"name":"Blockaid: Address Poisoning — The Growing Threat Draining Millions from Crypto Users","type":"research","url":"https://www.blockaid.io/blog/address-poisoning-the-growing-threat-draining-millions-from-crypto-users"},{"credibility":1,"name":"Safe{Wallet}: What is address poisoning and how does Safe{Wallet} battle it","type":"official","url":"https://help.safe.global/en/articles/180783-what-is-address-poisoning-and-how-does-safe-wallet-battle-it"}]},{"content":"No named individual threat actors or criminal organizations have been publicly identified as operating the 2025–2026 Ethereum address poisoning campaign. Security researchers describe the infrastructure as commercialized and distributed: the full attack stack — including blockchain scanning bots, vanity address generators, fan-funding smart contracts, and dashboard UIs — is sold on Telegram as a ready-to-use service. Operators advertise EVM-based and Solana-based poisoning bots. The typical post-theft laundering route documented by researchers involves: (1) conversion of stablecoins with freeze capabilities (USDT/USDC) to decentralized stablecoins without centralized freeze functions, (2) conversion to ETH, (3) passage through a cryptocurrency mixer (primarily Tornado Cash), and (4) OTC fiat exit. The $50 million December 2025 theft was laundered — receipt through mixer passage — in approximately 30 minutes. Researchers at CryptoDaily note that prior to 2025, Tron and BNB Smart Chain were the primary poisoning vectors due to negligible broadcast costs; the Ethereum Fusaka upgrade shifted the center of gravity to Ethereum. The attack surface is exclusively behavioral and social-engineering-based; no code vulnerability or smart-contract exploit is involved. Victims are selected based on high wallet balances and active transaction histories.","heading":"Attack Infrastructure and Threat Actor Profile","severity":"high","sources":[{"credibility":2,"name":"CryptoDaily: Address Poisoning in 2026 — How the Attack Became an Industry","type":"news_article","url":"https://cryptodaily.co.uk/2026/04/address-poisoning-in-2026-how-the-attack-became-an-industry-and-why-victims-still-have-options"},{"credibility":2,"name":"Blockaid: Address Poisoning — The Growing Threat Draining Millions from Crypto Users","type":"research","url":"https://www.blockaid.io/blog/address-poisoning-the-growing-threat-draining-millions-from-crypto-users"}]},{"content":"Following the $50 million December 2025 theft, Binance co-founder Changpeng Zhao (CZ) published a public call on December 24, 2025 urging all wallet providers to implement default address-poisoning detection, block known poison addresses from user interfaces, hide small-value spam transactions from transaction history views, and participate in shared real-time blacklists across security alliances. Binance Wallet subsequently confirmed it automatically detects and warns against address poisoning attacks by identifying suspicious near-zero-value or unknown-token transfers and time-stamping malicious transactions. Blockaid worked with Safe to flag and filter 15,000 identified malicious proxy addresses. Safe released updated backend filtering and UI changes. Security researchers have proposed several protocol- and wallet-level countermeasures: ENS-style human-readable address mapping (as a DNS analog for wallet addresses), expanded display of full addresses in wallet UIs, default hiding of suspected poisoning transfers from transaction history, and confirmation prompts when sending to addresses closely resembling but not matching a known address. An academic research paper published at USENIX Security 2025 (Tsuchiya et al.) formalized the attack taxonomy and proposed contract-level mitigations including modifying stablecoin contracts to require explicit permission for zero-value transfers and implementing address blacklisting. No Ethereum Improvement Proposal (EIP) directly targeting address poisoning has been adopted as of the research date. The U.S. Department of Justice and other regulators have not announced enforcement actions specifically targeting this campaign; no funds from documented incidents have been publicly recovered.","heading":"Industry and Regulatory Response","severity":"medium","sources":[{"credibility":2,"name":"CryptoPotato: After $50M USDT Theft, Binance's CZ Pushes Wallets to Block Poison Addresses by Default","type":"news_article","url":"https://cryptopotato.com/after-50m-usdt-theft-binances-cz-pushes-wallets-to-block-poison-addresses-by-default/"},{"credibility":2,"name":"CryptoNews: CZ Proposes Address Poisoning Fix After $50M Loss","type":"news_article","url":"https://cryptonews.com/news/cz-address-poisoning-fix-50m-loss/"},{"credibility":1,"name":"Academic paper: Blockchain Address Poisoning (Tsuchiya et al., USENIX Security 2025)","type":"research","url":"https://arxiv.org/html/2501.16681v1"},{"credibility":1,"name":"Safe{Wallet}: What is address poisoning and how does Safe{Wallet} battle it","type":"official","url":"https://help.safe.global/en/articles/180783-what-is-address-poisoning-and-how-does-safe-wallet-battle-it"}]},{"content":"Address poisoning attacks predate the 2025–2026 surge. A notable earlier incident involved an $68 million WBTC theft in May 2024; in that case, blockchain investigators were able to partially recover approximately 22,960 ETH within one week through deanonymization and negotiation — an outcome researchers describe as atypical for address poisoning cases. The academic study covering July 2022 through June 2024 documented $83.8 million in losses across 6,633 confirmed successful attacks — a baseline that the 2025–2026 campaign has significantly exceeded within a compressed timeframe. Prior to Ethereum's Fusaka upgrade, Tron (using USDT-TRC20) and BNB Smart Chain were the dominant chains for address poisoning due to their negligible transaction costs. CryptoDaily researchers who reviewed over 100 investigations since 2023 estimate recovery probability at approximately 70% within the first hour, declining to approximately 20% after one month — though given the rapid laundering times documented in recent incidents (30 minutes in the December 2025 case), first-hour recovery windows are functionally closed for most victims.","heading":"Historical Context and Precedent","severity":"medium","sources":[{"credibility":2,"name":"CryptoDaily: Address Poisoning in 2026 — How the Attack Became an Industry","type":"news_article","url":"https://cryptodaily.co.uk/2026/04/address-poisoning-in-2026-how-the-attack-became-an-industry-and-why-victims-still-have-options"},{"credibility":1,"name":"Academic paper: Blockchain Address Poisoning (Tsuchiya et al., USENIX Security 2025)","type":"research","url":"https://arxiv.org/html/2501.16681v1"}]},{"content":"Security researchers, wallet providers, and the Ethereum community recommend the following protective measures for users: (1) Never copy wallet addresses from transaction history — always use a pre-saved, verified address book or copy the address directly from a trusted, freshly verified source. (2) Verify the complete address character by character before any significant transfer; most wallet UIs display only partial addresses, which is the core vulnerability exploited. (3) Use ENS (Ethereum Name Service) human-readable names where available to eliminate reliance on hexadecimal matching. (4) Enable wallet-level address-poisoning detection features where offered (Binance Wallet, MetaMask, and others have implemented or announced such features). (5) For high-value transfers, consider sending a small test transaction first — but note that attackers may monitor for test transactions specifically and respond within minutes, as documented in the December 2025 incident. (6) Hardware wallets and smart-contract wallets (such as Safe) provide additional confirmation steps but do not eliminate the risk if the user pastes an incorrect address at the point of signing. (7) Be aware that small incoming transactions from unknown addresses in your history are likely poisoning attempts and should be disregarded.","heading":"User Protection Guidance","severity":"low","sources":[{"credibility":1,"name":"MetaMask Help Center: Address Poisoning Scams","type":"official","url":"https://support.metamask.io/stay-safe/protect-yourself/wallet-and-hardware/address-poisoning-scams/"},{"credibility":1,"name":"Ledger Academy: What Are Address Poisoning Attacks in Crypto and How to Avoid Them","type":"official","url":"https://www.ledger.com/academy/topics/security/what-are-address-poisoning-attacks-in-crypto-and-how-to-avoid-them"},{"credibility":1,"name":"Academic paper: Blockchain Address Poisoning (Tsuchiya et al., USENIX Security 2025)","type":"research","url":"https://arxiv.org/html/2501.16681v1"}]}],"sources_used":[{"credibility":2,"name":"Blockaid: Address Poisoning — The Growing Threat Draining Millions from Crypto Users","type":"research","url":"https://www.blockaid.io/blog/address-poisoning-the-growing-threat-draining-millions-from-crypto-users"},{"credibility":1,"name":"CoinDesk: Crypto User Loses $50 Million in Address Poisoning Scam","type":"news_article","url":"https://www.coindesk.com/web3/2025/12/20/crypto-user-loses-usd50-million-in-address-poisoning-scam"},{"credibility":2,"name":"CoinTelegraph: Two Victims Lose $62 Million To Address Poisoning Since December","type":"news_article","url":"https://cointelegraph.com/news/over-62m-lost-address-poisoning-since-december-scam-sniffer"},{"credibility":2,"name":"Coin Metrics State of the Network Issue 349: Ethereum Post-Fusaka Activity Surge","type":"research","url":"https://coinmetrics.substack.com/p/state-of-the-network-issue-349"},{"credibility":2,"name":"Crypto.news: Ethereum address poisoning costs $62M in two months — ScamSniffer","type":"news_article","url":"https://crypto.news/ethereum-address-poisoning-coas-6-2-m-two-months-2026/"},{"credibility":2,"name":"CryptoDaily: Address Poisoning in 2026 — How the Attack Became an Industry","type":"news_article","url":"https://cryptodaily.co.uk/2026/04/address-poisoning-in-2026-how-the-attack-became-an-industry-and-why-victims-still-have-options"},{"credibility":2,"name":"Yahoo Finance: Address Poisoning Scam — One Copy-Paste Mistake Cost a Crypto Trader $50 Million","type":"news_article","url":"https://finance.yahoo.com/news/address-poisoning-scam-one-copy-112053972.html"},{"credibility":1,"name":"Academic paper: Blockchain Address Poisoning (Tsuchiya et al., USENIX Security 2025)","type":"research","url":"https://arxiv.org/html/2501.16681v1"},{"credibility":2,"name":"The Defiant: Fusaka Upgrade Fuels Record Address Poisoning on Ethereum","type":"news_article","url":"https://thedefiant.io/news/blockchains/fusaka-upgrade-fuels-record-address-poisoning-on-ethereum"},{"credibility":2,"name":"CryptoPotato: After $50M USDT Theft, Binance's CZ Pushes Wallets to Block Poison Addresses by Default","type":"news_article","url":"https://cryptopotato.com/after-50m-usdt-theft-binances-cz-pushes-wallets-to-block-poison-addresses-by-default/"},{"credibility":1,"name":"Safe{Wallet}: What is address poisoning and how does Safe{Wallet} battle it","type":"official","url":"https://help.safe.global/en/articles/180783-what-is-address-poisoning-and-how-does-safe-wallet-battle-it"},{"credibility":1,"name":"MetaMask Help Center: Address Poisoning Scams","type":"official","url":"https://support.metamask.io/stay-safe/protect-yourself/wallet-and-hardware/address-poisoning-scams/"},{"credibility":1,"name":"Ledger Academy: What Are Address Poisoning Attacks in Crypto and How to Avoid Them","type":"official","url":"https://www.ledger.com/academy/topics/security/what-are-address-poisoning-attacks-in-crypto-and-how-to-avoid-them"},{"credibility":2,"name":"CoinTelegraph: Ethereum Dust Attacks Have Increased Post-Fusaka","type":"news_article","url":"https://cointelegraph.com/news/ethereum-post-fusaka-dust-attacks-overstated-making-only-11-of-txs-research"},{"credibility":2,"name":"Blockchain.news: Address Poisoning Phishing Hits Crypto Whale Again — 4556 Tokens Lost","type":"news_article","url":"https://blockchain.news/flashnews/address-poisoning-phishing-hits-crypto-whale-again-4556-tokens-lost-after-copying-on-chain-history-address"},{"credibility":2,"name":"CryptoNews: CZ Proposes Address Poisoning Fix After $50M Loss","type":"news_article","url":"https://cryptonews.com/news/cz-address-poisoning-fix-50m-loss/"},{"credibility":2,"name":"BeInCrypto: Address Poisoning Attacks Surge on Ethereum Following Fee Reduction","type":"news_article","url":"https://beincrypto.com/ethereum-address-poisoning-fusaka-surge/"}],"summary":"An industrialized, automated address poisoning campaign targeting Ethereum users accelerated sharply after the Fusaka protocol upgrade on December 3, 2025 reduced gas fees approximately sixfold, removing the prior economic barrier to mass-scale dust-transaction attacks. Security firm ScamSniffer documented at least $62.25 million in confirmed losses across two high-profile victims in December 2025 and January 2026 alone, while Blockaid flagged over 65.4 million poisoning transactions since January 2025 averaging 160,000 per day. The campaign represents a commercial, industrialized threat infrastructure sold as a service on Telegram rather than a single threat actor, and is ongoing as of the research date.","timeline":[{"date":"2022-07-01","event":"Academic study baseline period begins: researchers later document 270 million address poisoning attempts and $83.8 million in losses across Ethereum and BSC between July 2022 and June 2024.","source":"Blockchain Address Poisoning (Tsuchiya et al., USENIX Security 2025)","source_url":"https://arxiv.org/html/2501.16681v1"},{"date":"2024-05-01","event":"$68 million WBTC stolen in address poisoning incident; approximately 22,960 ETH partially recovered within one week through deanonymization and negotiation.","source":"CryptoDaily: Address Poisoning in 2026","source_url":"https://cryptodaily.co.uk/2026/04/address-poisoning-in-2026-how-the-attack-became-an-industry-and-why-victims-still-have-options"},{"date":"2025-01-01","event":"Blockaid begins tracking address poisoning transactions on-chain; 65.4 million transactions flagged in the subsequent 12+ months at an average of 160,000 per day.","source":"Blockaid: Address Poisoning — The Growing Threat Draining Millions from Crypto Users","source_url":"https://www.blockaid.io/blog/address-poisoning-the-growing-threat-draining-millions-from-crypto-users"},{"date":"2025-11-01","event":"Blockaid records approximately 628,000 poisoning attempts in November 2025, representing the pre-Fusaka baseline.","source":"Blockaid: Address Poisoning — The Growing Threat Draining Millions from Crypto Users","source_url":"https://www.blockaid.io/blog/address-poisoning-the-growing-threat-draining-millions-from-crypto-users"},{"date":"2025-12-03","event":"Ethereum Fusaka upgrade activates, reducing transaction fees approximately sixfold and removing the primary economic barrier to mass-scale address poisoning campaigns.","source":"BeInCrypto: Address Poisoning Attacks Surge on Ethereum Following Fee Reduction","source_url":"https://beincrypto.com/ethereum-address-poisoning-fusaka-surge/"},{"date":"2025-12-19","event":"Unnamed victim loses $49,999,950 USDT in the largest recorded single address poisoning theft. Attacker detected a $50 test transaction, inserted a spoofed address into transaction history, and received the full transfer 26 minutes later. Stolen funds laundered via Tornado Cash within approximately 30 minutes.","source":"CoinDesk: Crypto User Loses $50 Million in Address Poisoning Scam","source_url":"https://www.coindesk.com/web3/2025/12/20/crypto-user-loses-usd50-million-in-address-poisoning-scam"},{"date":"2025-12-20","event":"CoinDesk and Web3 Antivirus publicly disclose the $50 million USDT address poisoning theft.","source":"CoinDesk: Crypto User Loses $50 Million in Address Poisoning Scam","source_url":"https://www.coindesk.com/web3/2025/12/20/crypto-user-loses-usd50-million-in-address-poisoning-scam"},{"date":"2025-12-24","event":"Binance co-founder Changpeng Zhao (CZ) publishes a call for all wallets to implement default address-poisoning detection, block known poison addresses, and participate in shared industry blacklists.","source":"CryptoPotato: After $50M USDT Theft, Binance's CZ Pushes Wallets to Block Poison Addresses by Default","source_url":"https://cryptopotato.com/after-50m-usdt-theft-binances-cz-pushes-wallets-to-block-poison-addresses-by-default/"},{"date":"2026-01-16","event":"Ethereum sets a new daily transaction record of 2.89 million transactions, a post-Fusaka peak partly attributable to address poisoning dust traffic.","source":"Coin Metrics State of the Network Issue 349","source_url":"https://coinmetrics.substack.com/p/state-of-the-network-issue-349"},{"date":"2026-01-26","event":"Safe{Wallet} nested Safe poisoning campaign identified as active from at least this date. Attackers bulk-created approximately 15,000 malicious proxy addresses exploiting Safe's nested Safe feature.","source":"Blockaid: Address Poisoning — The Growing Threat Draining Millions from Crypto Users","source_url":"https://www.blockaid.io/blog/address-poisoning-the-growing-threat-draining-millions-from-crypto-users"},{"date":"2026-01-30","event":"Victim loses 4,556 ETH (approximately $12.4 million) after copying an OTC deposit address from transaction history. Attacker had conducted a two-month preparatory dusting campaign from December 2025 onward, using a vanity address matching both prefix and suffix of the legitimate address.","source":"Blockaid: Address Poisoning — The Growing Threat Draining Millions from Crypto Users","source_url":"https://www.blockaid.io/blog/address-poisoning-the-growing-threat-draining-millions-from-crypto-users"},{"date":"2026-01-31","event":"Blockaid records approximately 3.4 million poisoning attempts in January 2026, a 5.5x increase from November 2025's 628,000, and the highest monthly total documented.","source":"Blockaid: Address Poisoning — The Growing Threat Draining Millions from Crypto Users","source_url":"https://www.blockaid.io/blog/address-poisoning-the-growing-threat-draining-millions-from-crypto-users"},{"date":"2026-02-08","event":"ScamSniffer publishes report disclosing combined $62.25 million in address poisoning losses across December 2025 and January 2026.","source":"Crypto.news: Ethereum address poisoning costs $62M in two months","source_url":"https://crypto.news/ethereum-address-poisoning-coas-6-2-m-two-months-2026/"},{"date":"2026-02-09","event":"Coin Metrics publishes State of the Network Issue 349, quantifying post-Fusaka dust transaction impact: ~11% of all Ethereum transactions, ~26% of active addresses daily attributable to stablecoin dust activity.","source":"Coin Metrics State of the Network Issue 349","source_url":"https://coinmetrics.substack.com/p/state-of-the-network-issue-349"},{"date":"2026-04-01","event":"CryptoDaily publishes analysis describing address poisoning as a commercialized industry with Telegram-based service offerings, and noting that no named threat actors have been publicly identified or prosecuted.","source":"CryptoDaily: Address Poisoning in 2026 — How the Attack Became an Industry","source_url":"https://cryptodaily.co.uk/2026/04/address-poisoning-in-2026-how-the-attack-became-an-industry-and-why-victims-still-have-options"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision d2d50c21-b3cd-422a-8e6d-448d3b209564copy