Definition
Address poisoning is a crypto security risk where attackers create and use blockchain addresses that closely resemble a victim’s address to deceive them. The attacker sends small or meaningless transactions so the fake address appears in the victim’s transaction history or wallet interface. When the victim later copies an address from this history, they may accidentally select the attacker’s address instead of the intended one. The result is that funds are irreversibly sent to the attacker’s address rather than the correct recipient address.
This risk exploits how long and complex a typical blockchain address is, and how users often rely on partial visual checks or copy-paste from recent transactions. Address poisoning does not usually involve breaking cryptography or taking control of a wallet, but instead manipulates how addresses are displayed and reused. It targets the human layer of security around address handling, making it a social engineering and interface-based threat rather than a protocol-level vulnerability.
Context and Usage
The term address poisoning is used in the context of blockchain security to describe a pattern of fraudulent transactions designed to contaminate or clutter a user’s recent address list. It is often discussed alongside general address safety practices, since it specifically abuses the way wallet software surfaces past addresses and transactions. References to address poisoning typically emphasize the importance of verifying the full address string, not just a few leading or trailing characters.
In security discussions, address poisoning is categorized as a deceptive tactic that leverages normal on-chain activity to create confusion. It highlights the distinction between the security of the underlying blockchain and the risks associated with how users interact with an address. As a named risk, it helps security professionals, wallet developers, and users describe and recognize this specific pattern of address-based fraud.