Address Poisoning Scams: How to Avoid Sending Crypto to the Wrong Wallet
Address poisoning scams trick you into copying a lookalike wallet address from transaction history. Learn the safe transfer habits that prevent this expensive mistake.
Address poisoning is one of the easiest crypto scams to underestimate because nothing looks obviously hacked.
Your wallet balance may still be there. Your seed phrase may still be safe. The scam works because the attacker plants a lookalike address in your transaction history and waits for you to copy the wrong one later.
For anyone moving funds from an exchange to self-custody, sending stablecoins between wallets, or managing a hardware wallet, this is a practical risk worth understanding.
Short answer
Do not copy wallet addresses from transaction history.
Use a fresh receive address, a saved address book entry, exchange withdrawal allowlisting, or a verified contact record. Then check the full destination address on the trusted screen before sending.
| If you are about to... | Safer habit |
|---|---|
| Send crypto to your own hardware wallet | Open the wallet's receive flow and verify the address on the device |
| Withdraw from an exchange | Use withdrawal allowlisting for addresses you trust |
| Repeat a previous transfer | Use a saved, labeled address instead of transaction history |
| Send a large amount | Send a small test first, then verify the saved recipient before the full transfer |
| See a strange tiny deposit or NFT | Ignore it; do not copy addresses from it |
How address poisoning works
Ledger describes address poisoning as a scam where a fraudster sends a small amount of crypto or an NFT to your account so a "poisoned" transaction appears in your wallet history. The scammer's address is made to resemble one you have used before, often matching the first or last characters.
Trezor describes the same pattern as address spoofing: the attacker relies on haste, public blockchain history, and similar-looking addresses. Chainalysis has also documented large automated campaigns where attackers generated thousands of fake lookalike addresses and waited for victims to make a copy-paste mistake.
The important detail: the scammer usually does not need your seed phrase. They are not breaking your hardware wallet. They are exploiting how people reuse transaction history as a shortcut.
What it looks like in real life
Common signs include:
- a tiny unexpected token deposit
- an unfamiliar NFT or zero-value transaction
- a transaction in your history that you do not remember making
- an address that matches the beginning and end of a real address but differs in the middle
- a fake token transfer that visually resembles a real USDC, USDT, or stablecoin movement
This is more common on low-fee chains because attackers can poison many wallets cheaply. Ledger specifically mentions networks such as Polygon, Tron, Tezos, Solana, and BNB Smart Chain, but the habit problem can apply anywhere: if you copy the wrong address, the chain will not save you.
The mistake that loses money
Most victims do not lose funds when the poisoned transaction arrives.
They lose funds later, when they do something like this:
- Open wallet history.
- Find a previous-looking transaction.
- Copy an address that appears familiar.
- Check only the first and last few characters.
- Send funds to the scammer's lookalike address.
That last step is the costly one. Crypto transfers are normally irreversible, so prevention matters more than cleanup.
Safer transfer workflow
Use this process for any meaningful transfer:
1. Start from the receiver, not history
If you are sending to your own wallet, open the receiving wallet and generate or display the address there.
If you use a hardware wallet, verify the receive address on the device screen. Do not trust only the desktop or mobile app display.
2. Verify more than the first and last characters
Lookalike addresses are designed to pass lazy checks. Do not rely on "same first four, same last four."
For larger transfers, compare the full address or use a trusted QR flow from the receiving wallet. If the wallet supports address labels or contacts, save the verified address with a clear name.
3. Use exchange withdrawal allowlisting
Coinbase recommends withdrawal allowlisting as a security habit for on-chain transfers. Kraken, Coinbase, and other major exchanges support some form of address book or allowlist behavior depending on region and account settings.
Allowlisting is not perfect, but it helps because a scam address should not become a valid withdrawal target just because it appeared in your wallet history.
4. Send a test transaction for large moves
For meaningful amounts, send a small test first.
Then verify that it arrived at the intended wallet. After that, send the full amount to the same saved, verified recipient — not to a new address copied from transaction history.
5. Treat surprise deposits as noise
A random tiny deposit or NFT does not mean you won something. It also does not automatically mean your wallet is compromised.
Ignore it. Do not interact with attached links, fake token sites, or suspicious NFTs. And do not use that transaction as a source for future addresses.
Hardware wallets help, but only if you slow down
A hardware wallet protects private keys from your computer or phone. It does not magically know whether the address you pasted is the address you meant to use.
That is why the trusted screen matters.
If you are choosing a wallet mainly to reduce transfer mistakes, compare the actual confirmation experience, screen clarity, mobile flow, and recovery model — not just the brand name. Start with our best hardware wallet for beginners guide, then read the Ledger review, Trezor review, or Tangem review depending on the setup you are considering.
Address poisoning vs other wallet scams
Address poisoning is different from approval scams and seed phrase theft.
| Scam type | What the attacker wants | Best defense |
|---|---|---|
| Address poisoning | Trick you into sending to the wrong address | Verify the destination address from a trusted source |
| Approval scam | Get permission to move tokens later | Understand every approval before signing |
| Fake wallet app | Steal your seed phrase or private keys | Install only from official sources |
| Support impersonation | Pressure you into moving funds or sharing secrets | Never follow transfer instructions from an alleged support agent |
For the broader threat model, read common crypto scams and how to avoid them. For signing risks, read wallet approval scams and dangerous permissions.
Bottom line
Address poisoning is not sophisticated because it breaks crypto. It is sophisticated because it abuses convenience.
The fix is boring but effective: never copy from transaction history, verify the full recipient address on a trusted screen, use allowlists where possible, and test before moving serious money.
If that feels slow, remember the point of self-custody: you are the final approval layer.