What is Address Poisoning?
Reviewed 2026-06-25
Definition: Address poisoning plants a lookalike address in your transaction history by sending a zero-value transfer from an attacker-controlled address that closely matches one you use frequently. If you copy a recent address from your history, you send funds to the attacker instead. Always verify the full address, not just the first and last characters.
How it works
Attackers use vanity address generators to find private keys whose derived addresses match the first four to six and last four characters of a real address you interact with frequently. They send a zero-value transaction to your wallet, so the lookalike address appears in your transaction history just above or beside the real address. When you next send to that destination, you may copy the wrong one from history without noticing — because the first and last characters match exactly and the middle portion is rarely checked.
How to protect yourself
Never copy an address from your transaction history without verifying the full string. Add frequently used addresses to a named contact list in your wallet. For high-value transfers, verify the complete address character by character against the original source.
Frequently asked questions
How do I spot an address poisoning attempt?
Look for zero-value transactions from unknown senders arriving just before you send to a frequent destination. The sender address will closely match someone you trust at the start and end, with different characters in the middle.
Why do first and last characters match exactly?
Attackers use vanity address generators to find private keys that produce addresses matching your target's prefix and suffix. Generating a partial match takes seconds to minutes. A full 42-character match is computationally infeasible.
Is there a tool that catches this automatically?
Yes. Some wallets flag zero-value incoming transfers as potential poisoning. A wallet scanner also checks your address history for poisoning patterns.