Audit log

Every state-changing event for Mass Ethereum Address-Poisoning Wave (Dec 2025-Jan 2026): moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-06-08 02:45:46Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 425,022,952

   sig

   FRzRyq9FrU8A…9rhur3MMcopyexplorer ↗

   hash

   Bvi5Qcqz2Nh2…1zAEGgcAcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (26967 B) ▸

   {"actor":"system:backfill","investigation_id":"d26f0717-a271-4777-9588-a38b07075085","kind":"publish","page_slug":"mass-ethereum-address-poisoning-wave-dec-2025-jan-2026","published_at":"2026-06-08T02:45:46.116Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Mass Ethereum Address-Poisoning Wave (Dec 2025-Jan 2026)","sections":[{"content":"Address poisoning is a social-engineering attack that exploits how cryptocurrency wallet interfaces display addresses. Most wallets abbreviate 42-character hexadecimal addresses, showing only the first 4–6 and last 4 characters. Attackers use GPU-accelerated vanity address generators to produce look-alike addresses that share these visible prefix and suffix characters with a legitimate counterparty address. Once generated, attackers inject the look-alike address into a victim's transaction history through one or more of three methods: (1) tiny dust transfers, typically less than $0.01 USD in stablecoins; (2) zero-value ERC-20 transferFrom calls, which exploit a flaw in the ERC-20 standard allowing zero-value transfers from any address without approval, populating the victim's transfer log at minimal cost; and (3) counterfeit token transfers using forged token contracts that mimic familiar tokens. When the victim later copies an address from their transaction history — a common behavior — they may select the attacker's look-alike address instead of the intended recipient. The Carnegie Mellon research team's Toxin Tagger monitoring system confirmed that only approximately one in 10,000 poisoning attempts ultimately results in a misdirected transfer, but the high volume and low per-attempt cost make the scheme profitable; researchers found organized groups earning '10 to 20 times what they spend on transaction fees.'","heading":"Attack Mechanism","severity":"critical","sources":[{"credibility":1,"name":"Blockchain Address Poisoning — arXiv preprint (Tsuchiya, Dong, Soska, Christin, CMU)","type":"research","url":"https://arxiv.org/abs/2501.16681"},{"credibility":1,"name":"CyLab study uncovers 270 million crypto phishing attempts","type":"research","url":"https://cylab.cmu.edu/news/2026/01/07-blockchain-address-poisoning.html"},{"credibility":2,"name":"Etherscan Information Center — Address Poisoning Attacks","type":"official","url":"https://info.etherscan.com/what-is-address-poisoning/"},{"credibility":3,"name":"Address Poisoning After Fusaka: 612% Boost explainer — DEV Community","type":"other","url":"https://dev.to/ohmygod/address-poisoning-after-fusaka-how-ethereums-fee-cut-handed-scammers-a-612-boost-and-what-you-4flb"}]},{"content":"ScamSniffer reported two major address-poisoning losses totaling approximately $62.2 million in a two-month window. The first and larger incident occurred on December 19, 2025: a victim transferred $49,999,950 USDT to a look-alike address after first performing a small $50 USDT test transaction to the correct address. An attacker, monitoring mempool activity in real time, quickly sent a dust transaction from a vanity address that matched the legitimate destination's visible prefix and suffix characters. The victim, copying the destination from their recently poisoned transaction history, directed the bulk transfer to the attacker's address. The stolen funds were swapped within approximately 30 minutes to DAI (to prevent a Tether blacklist), converted to ETH, and approximately 16,680 ETH was routed through the sanctioned mixer Tornado Cash. The victim posted an on-chain message offering a $1 million white-hat bounty and demanding 98% of funds returned within 48 hours, threatening legal escalation; no documented recovery of funds has been reported. The second incident occurred in January 2026: a separate victim lost approximately $12.25 million (equivalent to about 4,556 ETH at the time) through the same copy-paste mechanism. CoinDesk and Crypto.news corroborated both losses independently. The combined $62.2 million figure was reported by ScamSniffer in a post on X dated February 8, 2026.","heading":"High-Profile Victim Losses (Dec 2025 – Jan 2026)","severity":"critical","sources":[{"credibility":1,"name":"CoinDesk — Victim offers $1 million bounty, legal threat after $50 million crypto theft","type":"news_article","url":"https://www.coindesk.com/web3/2025/12/20/crypto-user-loses-usd50-million-in-address-poisoning-scam"},{"credibility":2,"name":"Cointelegraph — Two Victims Lose $62 Million To Address Poisoning Since December","type":"news_article","url":"https://cointelegraph.com/news/over-62m-lost-address-poisoning-since-december-scam-sniffer"},{"credibility":2,"name":"Crypto.news — Ethereum address poisoning crypto users $62M in two months: ScamSniffer","type":"news_article","url":"https://crypto.news/ethereum-address-poisoning-coas-6-2-m-two-months-2026/"},{"credibility":2,"name":"Decrypt — Signature Phishing Up 200% As January Losses Pass $6M","type":"news_article","url":"https://decrypt.co/357450/signature-phishing-up-200-as-january-losses-pass-6m"},{"credibility":2,"name":"Bitget News — Tornado Cash laundering of $50M USDT poisoning proceeds","type":"news_article","url":"https://www.bitget.com/news/detail/12560605118637"}]},{"content":"Ethereum's Fusaka hard fork, officially activating on December 3, 2025 at 21:49 UTC, incorporated 13 EIPs including PeerDAS (EIP-7594), which introduced partial blob validation to reduce computational overhead. The upgrade also increased the block gas limit from 45 million to 60 million and included fee stabilization measures (EIP-7918). The aggregate effect was an approximately 67% reduction in L1 transaction fees, with dust transfers falling from roughly $2.00 per attempt to approximately $0.10–$0.15 post-upgrade. This economic shift industrialized address-poisoning campaigns: the per-poisoning-attempt cost (gas plus GPU vanity generation) dropped to approximately $0.11, enabling spray-and-pray campaigns at previously prohibitive scale. Etherscan issued a public warning on March 13, 2026, citing sharp post-Fusaka escalation. Measured attack volume statistics confirm the surge: USDT dust transfers below $0.01 increased 612%, from approximately 4.2 million to nearly 29.9 million; USDC dust transfers increased 473%; DAI dust transfers increased 470%. Poisoning attempt counts climbed from 628,000 in November 2025 to 3.4 million in January 2026, a 5.5x increase in two months. On peak days, daily dust transaction volume reached approximately 510,000. In the roughly two months following Fusaka activation, losses attributed to address poisoning exceeded $63 million, compared to $4.9 million in a comparable prior period — a 13x increase. Stablecoin-related dust activity was estimated to account for approximately 11% of all Ethereum transactions during this period.","heading":"Fusaka Upgrade Fee Reduction and Attack Surge","severity":"high","sources":[{"credibility":1,"name":"CoinDesk — Ethereum Activates Fusaka Upgrade","type":"news_article","url":"https://www.coindesk.com/tech/2025/12/03/ethereum-activates-fusaka-upgrade-aiming-to-cut-node-costs-speed-layer-2-settlements"},{"credibility":2,"name":"Etherscan warns of surge in address poisoning scams after Fusaka upgrade — FXStreet","type":"news_article","url":"https://www.fxstreet.com/cryptocurrencies/news/etherscan-warns-of-surge-in-address-poisoning-scams-on-ethereum-after-fusaka-upgrade-202603130124"},{"credibility":2,"name":"BeinCrypto — Address Poisoning Attacks Surge on Ethereum Following Fee Reduction","type":"news_article","url":"https://beincrypto.com/ethereum-address-poisoning-fusaka-surge/"},{"credibility":2,"name":"The Defiant — Fusaka Upgrade Fuels Record Address Poisoning on Ethereum","type":"news_article","url":"https://thedefiant.io/news/blockchains/fusaka-upgrade-fuels-record-address-poisoning-on-ethereum"},{"credibility":1,"name":"Fidelity Digital Assets — The Fusaka Upgrade: Scaling Meets Value Accrual","type":"research","url":"https://www.fidelitydigitalassets.com/research-and-insights/fusaka-upgrade-scaling-meets-value-accrual"}]},{"content":"A peer-reviewed academic study titled 'Blockchain Address Poisoning,' authored by Taro Tsuchiya and Jin-Dong Dong (Carnegie Mellon University CyLab), Kyle Soska (independent), and Nicolas Christin (CMU Software and Societal Systems Department), was published as arXiv preprint 2501.16681 in January 2026 and presented at the 34th USENIX Security Symposium (USENIX Security '25) in Seattle. The study analyzed more than two years of transaction data across Ethereum and Binance Smart Chain, covering July 2022 through June 2024. Key findings: approximately 270 million on-chain poisoning attempts were identified — 13 times more than previously reported in prior academic literature — targeting approximately 17 million victim wallets. Of these, 6,633 incidents resulted in confirmed fund losses totaling at least $83.8 million USD. The researchers developed a real-time detection tool called Toxin Tagger, which subsequently detected the $50 million December 19, 2025 single-transaction victim loss. The study confirmed that attackers used GPU-accelerated vanity address generation, employed cross-chain coordination strategies, and that organized attacker groups demonstrated returns of 10 to 20 times their operational costs. Note: the CMU study's $83.8 million confirmed-loss figure covers the July 2022–June 2024 study window, not the Dec 2025–Jan 2026 surge period; conflating these two figures would be inaccurate. The $62.2 million two-victim figure is from ScamSniffer's February 2026 report and covers a different, later timeframe.","heading":"Carnegie Mellon / CyLab Academic Study","severity":"high","sources":[{"credibility":1,"name":"arXiv:2501.16681 — Blockchain Address Poisoning (Tsuchiya, Dong, Soska, Christin)","type":"research","url":"https://arxiv.org/abs/2501.16681"},{"credibility":1,"name":"USENIX Security '25 presentation page — Blockchain Address Poisoning","type":"research","url":"https://www.usenix.org/conference/usenixsecurity25/presentation/tsuchiya"},{"credibility":1,"name":"CyLab CMU news — CyLab study uncovers 270 million crypto phishing attempts","type":"research","url":"https://cylab.cmu.edu/news/2026/01/07-blockchain-address-poisoning.html"},{"credibility":1,"name":"Toxin Tagger live monitoring tool (CMU CyLab)","type":"official","url":"https://cryptotrade.cylab.cmu.edu/poisoning/about"}]},{"content":"Concurrent with the address-poisoning spike, ScamSniffer reported a 207% month-over-month increase in signature phishing losses in January 2026. These attacks involve tricking users into signing malicious transaction approvals (ERC-20 permit or increaseAllowance calls), granting attackers ongoing token access without further victim interaction. Total January 2026 signature phishing losses reached $6.27 million across 4,741 victims. Two attacker wallets accounted for approximately 65% of those losses: one wallet drained $3.02 million through malicious approvals against SLVon and XAUt (tokenized gold) holdings; a second drained $1.08 million from aEthLBTC (Aave-wrapped Bitcoin) positions. While distinct in technical mechanism from address poisoning, signature phishing losses are tracked in the same ScamSniffer reporting and represent a parallel escalation in on-chain social-engineering attacks during the same period.","heading":"Signature Phishing Co-Surge (January 2026)","severity":"high","sources":[{"credibility":2,"name":"Decrypt — Signature Phishing Up 200% As January Losses Pass $6M","type":"news_article","url":"https://decrypt.co/357450/signature-phishing-up-200-as-january-losses-pass-6m"},{"credibility":2,"name":"Crypto.news — Ethereum address poisoning crypto users $62M in two months: ScamSniffer","type":"news_article","url":"https://crypto.news/ethereum-address-poisoning-coas-6-2-m-two-months-2026/"}]},{"content":"In the December 19, 2025 $50 million incident, on-chain tracing conducted by Web3 Antivirus and reported by CoinDesk established the following sequence: the victim first sent a $50 USDT test transaction to the intended destination address; within minutes the attacker planted a dust transaction from a vanity address matching the target's visible prefix/suffix; the victim subsequently transferred $49,999,950 USDT to the attacker's address. The attacker converted the USDT to DAI using MetaMask Swap within approximately 30 minutes — a deliberate step to avoid Tether's centralized freezing capability (DAI, as a decentralized stablecoin, has no equivalent blacklist mechanism). The DAI was then converted to approximately 16,680 ETH and deposited into Tornado Cash, a cryptocurrency mixer placed under OFAC sanctions in August 2022. No documented recovery of the stolen funds has been confirmed in available sources as of the investigation date. The attacker's use of Tornado Cash after the OFAC sanctioning constitutes alleged violations of U.S. Treasury sanctions regulations for any U.S.-linked parties involved.","heading":"On-Chain Forensics and Fund Tracing","severity":"critical","sources":[{"credibility":1,"name":"CoinDesk — Victim offers $1 million bounty, legal threat after $50 million crypto theft","type":"news_article","url":"https://www.coindesk.com/web3/2025/12/20/crypto-user-loses-usd50-million-in-address-poisoning-scam"},{"credibility":2,"name":"CoinGape — Nearly $50M in USDT Stolen After Address Poisoning Scam","type":"news_article","url":"https://coingape.com/nearly-50m-in-usdt-stolen-after-address-poisoning-scam/"},{"credibility":2,"name":"Bitget News — Tornado Cash laundering of $50M poisoning proceeds","type":"on_chain","url":"https://www.bitget.com/news/detail/12560605118637"}]},{"content":"In response to the post-Fusaka surge, multiple parties issued warnings and countermeasures. Etherscan issued a public advisory on March 13, 2026 warning Ethereum users of the automated attack wave and recommending: always verifying the complete 42-character address rather than relying on abbreviated wallet display; using Etherscan's Address Highlight feature to visually tag trusted addresses; using Ethereum Name Service (ENS) or self-maintained wallet address books to avoid copying from transaction history; and noting that many blockchain explorers now suppress zero-value and sub-penny dust transfers by default to prevent poisoning entries from appearing in history views. One reported victim received 89 automated address-poisoning attempts within 30 minutes of making only two legitimate transfers, demonstrating the real-time mempool-monitoring automation attackers employ. Security researchers recommend that wallet developers adopt full-address display options and flag unrecognized inbound dust transactions with visual warnings. The CMU CyLab team's Toxin Tagger tool provides real-time monitoring for new poisoning events. No regulatory action specific to the Dec 2025–Jan 2026 wave has been identified in available sources.","heading":"Defensive Measures and Industry Response","severity":"medium","sources":[{"credibility":2,"name":"Etherscan warns of surge in address poisoning scams after Fusaka upgrade — FXStreet","type":"official","url":"https://www.fxstreet.com/cryptocurrencies/news/etherscan-warns-of-surge-in-address-poisoning-scams-on-ethereum-after-fusaka-upgrade-202603130124"},{"credibility":2,"name":"Etherscan warns users after victim receives 89 address-poisoning emails — Bitget News","type":"news_article","url":"https://www.bitget.com/news/detail/12560605260804"},{"credibility":2,"name":"Etherscan Warns Ethereum Users About Rising Address Poisoning Attacks — ETHNews","type":"news_article","url":"https://www.ethnews.com/etherscan-warns-ethereum-users-about-rising-address-poisoning-attacks/"},{"credibility":1,"name":"Toxin Tagger live monitoring tool (CMU CyLab)","type":"official","url":"https://cryptotrade.cylab.cmu.edu/poisoning/about"}]},{"content":"The following claims from the scout context were investigated and their corroboration status is noted. The '$62M combined loss from two victims' figure (approximately $50M Dec 2025 + $12.25M Jan 2026) is corroborated by multiple Tier 1 and Tier 2 sources including CoinDesk and Cointelegraph, each citing ScamSniffer's February 8, 2026 X post — confidence is high. The Carnegie Mellon study figure of '270M+ attempts targeting 17M+ wallets with $83.8M confirmed losses' is corroborated directly by the arXiv preprint (2501.16681) and the CyLab press release — confidence is high; however, this figure covers July 2022–June 2024, not the 2025–2026 surge specifically. The '207% signature phishing jump in Jan 2026 vs Dec' is corroborated by ScamSniffer data reported in Decrypt and Crypto.news — confidence is high. The 'Fusaka fee reduction accelerated the surge' causal link is supported by post-Fusaka volumetric data (612% USDT dust increase, 5.5x poisoning attempt increase) from Etherscan and multiple news sources — confidence is medium-high; the directional causal relationship is well-supported, though individual causal attribution of each loss to Fusaka specifically is inferential. The '628,000 to 3.4 million poisoning attempts November to January' figures are cited in multiple Tier 2 sources but the original primary source is ScamSniffer's social media post rather than a published report — confidence is medium. No court filings, SEC actions, or criminal charges related to this specific wave were identified in available sources.","heading":"Unverified Claims and Confidence Notes","severity":"low","sources":[{"credibility":1,"name":"arXiv:2501.16681v3 — Blockchain Address Poisoning (full paper)","type":"research","url":"https://arxiv.org/pdf/2501.16681v3"},{"credibility":2,"name":"Cointelegraph — Two Victims Lose $62 Million To Address Poisoning Since December","type":"news_article","url":"https://cointelegraph.com/news/over-62m-lost-address-poisoning-since-december-scam-sniffer"}]}],"sources_used":[{"credibility":1,"name":"arXiv:2501.16681 — Blockchain Address Poisoning (Tsuchiya, Dong, Soska, Christin)","type":"research","url":"https://arxiv.org/abs/2501.16681"},{"credibility":1,"name":"arXiv:2501.16681v3 — Full paper PDF","type":"research","url":"https://arxiv.org/pdf/2501.16681v3"},{"credibility":1,"name":"USENIX Security '25 — Blockchain Address Poisoning presentation","type":"research","url":"https://www.usenix.org/conference/usenixsecurity25/presentation/tsuchiya"},{"credibility":1,"name":"CyLab CMU news — CyLab study uncovers 270 million crypto phishing attempts","type":"research","url":"https://cylab.cmu.edu/news/2026/01/07-blockchain-address-poisoning.html"},{"credibility":1,"name":"Toxin Tagger real-time monitoring (CMU CyLab)","type":"official","url":"https://cryptotrade.cylab.cmu.edu/poisoning/about"},{"credibility":1,"name":"CoinDesk — Victim offers $1M bounty after $50M crypto theft (Dec 19, 2025)","type":"news_article","url":"https://www.coindesk.com/web3/2025/12/20/crypto-user-loses-usd50-million-in-address-poisoning-scam"},{"credibility":1,"name":"CoinDesk — Ethereum Activates Fusaka Upgrade (Dec 3, 2025)","type":"news_article","url":"https://www.coindesk.com/tech/2025/12/03/ethereum-activates-fusaka-upgrade-aiming-to-cut-node-costs-speed-layer-2-settlements"},{"credibility":1,"name":"Fidelity Digital Assets — The Fusaka Upgrade: Scaling Meets Value Accrual","type":"research","url":"https://www.fidelitydigitalassets.com/research-and-insights/fusaka-upgrade-scaling-meets-value-accrual"},{"credibility":2,"name":"Cointelegraph — Two Victims Lose $62 Million To Address Poisoning Since December","type":"news_article","url":"https://cointelegraph.com/news/over-62m-lost-address-poisoning-since-december-scam-sniffer"},{"credibility":2,"name":"Crypto.news — Ethereum address poisoning crypto users $62M in two months: ScamSniffer","type":"news_article","url":"https://crypto.news/ethereum-address-poisoning-coas-6-2-m-two-months-2026/"},{"credibility":2,"name":"Decrypt — Signature Phishing Up 200% As January Losses Pass $6M","type":"news_article","url":"https://decrypt.co/357450/signature-phishing-up-200-as-january-losses-pass-6m"},{"credibility":2,"name":"BeinCrypto — Address Poisoning Attacks Surge on Ethereum Following Fee Reduction","type":"news_article","url":"https://beincrypto.com/ethereum-address-poisoning-fusaka-surge/"},{"credibility":2,"name":"The Defiant — Fusaka Upgrade Fuels Record Address Poisoning on Ethereum","type":"news_article","url":"https://thedefiant.io/news/blockchains/fusaka-upgrade-fuels-record-address-poisoning-on-ethereum"},{"credibility":2,"name":"FXStreet — Etherscan warns of surge in address poisoning scams after Fusaka upgrade","type":"news_article","url":"https://www.fxstreet.com/cryptocurrencies/news/etherscan-warns-of-surge-in-address-poisoning-scams-on-ethereum-after-fusaka-upgrade-202603130124"},{"credibility":2,"name":"ETHNews — Etherscan Warns Ethereum Users About Rising Address Poisoning Attacks","type":"news_article","url":"https://www.ethnews.com/etherscan-warns-ethereum-users-about-rising-address-poisoning-attacks/"},{"credibility":2,"name":"Bitget News — Tornado Cash laundering of $50M USDT poisoning proceeds","type":"news_article","url":"https://www.bitget.com/news/detail/12560605118637"},{"credibility":2,"name":"CoinGape — Nearly $50M in USDT Stolen After Address Poisoning Scam","type":"news_article","url":"https://coingape.com/nearly-50m-in-usdt-stolen-after-address-poisoning-scam/"},{"credibility":2,"name":"Etherscan Information Center — What Is Address Poisoning","type":"official","url":"https://info.etherscan.com/what-is-address-poisoning/"},{"credibility":2,"name":"Invezz — Why address poisoning is becoming one of crypto's costliest scams","type":"news_article","url":"https://invezz.com/news/2026/02/09/why-address-poisoning-is-becoming-one-of-cryptos-costliest-scams/"},{"credibility":2,"name":"BingX News — ScamSniffer: $12.25M in January, $50M in December","type":"news_article","url":"https://bingx.com/en/news/post/scamsniffer-m-in-january-m-in-december-ethereum-daily-transactions-surge"},{"credibility":1,"name":"Ethereum.org — Fusaka roadmap page","type":"official","url":"https://ethereum.org/roadmap/fusaka/"}],"summary":"A large-scale industrialized campaign of Ethereum address-poisoning attacks surged sharply following the December 3, 2025 Fusaka protocol upgrade, which reduced per-transaction gas fees by approximately 67% and made high-volume dust-transfer campaigns economically viable at unprecedented scale. Two high-profile victims suffered a combined loss of approximately $62.2 million between December 2025 and January 2026, with a single victim losing $49,999,950 in USDT on December 19, 2025. An independent academic study published by Carnegie Mellon University researchers (Tsuchiya et al., presented at USENIX Security 2025) quantified the broader campaign at 270 million on-chain poisoning attempts targeting 17 million wallets across Ethereum and BNB Smart Chain from July 2022 to June 2024, with confirmed losses of at least $83.8 million over that earlier study period.","timeline":[{"date":"2022-07-01","event":"Start of the CMU/CyLab study window. Researchers begin measuring address-poisoning attempts across Ethereum and BNB Smart Chain.","source":"arXiv:2501.16681 / CyLab CMU","source_url":"https://arxiv.org/abs/2501.16681"},{"date":"2024-06-30","event":"End of the CMU/CyLab study window. By this date, 270 million poisoning attempts targeting 17 million wallets and $83.8 million in confirmed losses documented across two years.","source":"arXiv:2501.16681 / CyLab CMU","source_url":"https://cylab.cmu.edu/news/2026/01/07-blockchain-address-poisoning.html"},{"date":"2025-11-01","event":"628,000 address-poisoning attempts recorded for the month of November 2025 — a pre-Fusaka baseline figure.","source":"ScamSniffer via Crypto.news / BeinCrypto","source_url":"https://crypto.news/ethereum-address-poisoning-coas-6-2-m-two-months-2026/"},{"date":"2025-12-03","event":"Ethereum Fusaka hard fork activates on mainnet at 21:49 UTC, incorporating PeerDAS (EIP-7594) and 12 additional EIPs, reducing gas fees approximately 67% and lowering per-dust-transfer cost to $0.10–$0.15.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2025/12/03/ethereum-activates-fusaka-upgrade-aiming-to-cut-node-costs-speed-layer-2-settlements"},{"date":"2025-12-19","event":"Single victim loses $49,999,950 USDT in an address-poisoning attack. Stolen USDT is converted to DAI and then approximately 16,680 ETH is deposited into Tornado Cash within 30 minutes. Victim posts on-chain bounty message offering $1M for return of 98% of funds within 48 hours.","source":"CoinDesk / Web3 Antivirus","source_url":"https://www.coindesk.com/web3/2025/12/20/crypto-user-loses-usd50-million-in-address-poisoning-scam"},{"date":"2026-01-07","event":"CMU CyLab publishes press release on the USENIX Security '25 blockchain address poisoning study (arXiv preprint 2501.16681 posted same month). Study reports 270M attempts, 17M victims, $83.8M confirmed losses over the July 2022–June 2024 window.","source":"CyLab CMU news","source_url":"https://cylab.cmu.edu/news/2026/01/07-blockchain-address-poisoning.html"},{"date":"2026-01-01","event":"January 2026: poisoning attempts reach 3.4 million for the month, a 5.5x increase vs November 2025. USDT dust transfers (sub-$0.01) total approximately 29.9 million for the month, up 612% from pre-Fusaka levels.","source":"ScamSniffer / Etherscan via multiple news outlets","source_url":"https://beincrypto.com/ethereum-address-poisoning-fusaka-surge/"},{"date":"2026-01-01","event":"Second high-profile victim loses approximately $12.25 million (4,556 ETH equivalent) in an address-poisoning attack in January 2026.","source":"ScamSniffer via Cointelegraph / Crypto.news","source_url":"https://cointelegraph.com/news/over-62m-lost-address-poisoning-since-december-scam-sniffer"},{"date":"2026-01-31","event":"January 2026 signature phishing losses reach $6.27 million across 4,741 victims — a 207% increase over December 2025 — with two wallets responsible for 65% of the damage.","source":"ScamSniffer via Decrypt","source_url":"https://decrypt.co/357450/signature-phishing-up-200-as-january-losses-pass-6m"},{"date":"2026-02-08","event":"ScamSniffer publishes X post reporting combined $62.2 million in address-poisoning losses from two victims across December 2025 and January 2026.","source":"ScamSniffer X post, cited by Cointelegraph / Crypto.news","source_url":"https://cointelegraph.com/news/over-62m-lost-address-poisoning-since-december-scam-sniffer"},{"date":"2026-03-13","event":"Etherscan issues public advisory warning Ethereum users of the automated post-Fusaka address-poisoning surge, recommending full address verification, Address Highlight feature usage, and ENS adoption.","source":"FXStreet / ETHNews","source_url":"https://www.ethnews.com/etherscan-warns-ethereum-users-about-rising-address-poisoning-attacks/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 3c03c78b-be60-4ea7-9721-17f613e7a220copy