Security · Question 4 of 8

What is address poisoning?

Address poisoning is a trick that plants a look-alike address into your transaction history, hoping you'll copy it from there by mistake and send funds to the attacker instead of the intended recipient.

How it works

An attacker sends you a tiny (often worthless) transaction from an address that closely resembles one you use. Later, if you copy an address from your history, you might grab theirs by accident.

How to avoid it

  • Never copy addresses from transaction history.
  • Use saved address-book entries or paste from the true source.
  • Always verify the first and last characters before sending.
  • Send a small test amount for anything significant.
Why it matters

It exploits the convenient habit of reusing addresses from history — which is exactly why careful sourcing of addresses matters.

A practical way to picture it

It's like someone slipping a near-identical phone number into your recent-calls list, betting you'll dial it without checking.

Risks & common mistakes
  • Copying from history can send funds to an attacker.
  • Look-alike addresses share the same start/end characters by design.
  • Funds sent this way are generally unrecoverable.
Put it into practice

Rehearse safely in the Wallet Simulator

Open ›

Related questions

How to verify an address, asset, and networkRead answer ›How do I send and receive crypto?Read answer ›Common crypto scamsRead answer ›

Last reviewed 2026-06-25. This topic can change over time; always confirm current specifics from primary sources.

‹ What are dangerous wallet approvals? ↑ Return to Core Rug pulls ›