Address Poisoning Is an Industry Now — $50 Million in 30 Minutes

Address poisoning depends on a single user-interface failure mode that exists in essentially every wallet: address truncation. When a wallet displays a counterparty address in transaction history, it typically shows the first 4-6 characters and the last 4-6 characters, with an ellipsis or shortened middle. The intent is readability; the consequence is that two addresses sharing the first and last characters look identical at a glance.

Generating an address that shares specific first and last characters with a target is, computationally, well within reach. Modern hardware can grind out vanity-style address matches in minutes for short suffixes. Attackers have automated this end-to-end: take a target's recent counterparty list, generate matching lookalike addresses for each entry, and send $0 (or dust) transactions from the lookalike to the target.

The dust transaction is the "poison." It appears in the target's recent transaction history. The target's wallet now displays a counterparty entry that visually matches the legitimate counterparty's truncated address. If the target copies from history to send, the copy may capture the poisoned entry instead of the legitimate one.

The mechanism works because users do not typically verify full addresses character-by-character before sending. Power users do; institutional users often do not, especially when relying on saved counterparty lists and assuming the list is what they last set it to. The mismatch between user mental model ("this is my saved address") and reality ("this is whatever your wallet last surfaced as the recent counterparty") is the attack surface.

The dust transactions that deliver the poison are themselves cheap. On TRON, a dust USDT transaction costs fractions of a cent. On Ethereum, dust ETH transactions cost a few cents in gas. On Solana, the cost is in micro-pennies.

The attacker's cost-per-attempt is low enough to enable industrial-scale targeting. Tools like Inferno Drainer, Angel Drainer, and Rublevka Team's operations include automated address-poisoning modules that scan public blockchain data for high-value wallets, generate lookalikes, and send poison dust at scale.

Recorded Future's February 4, 2026 report on Rublevka Team — a Russian-language drainer operation — documented $10 million+ in lifetime revenue from these tools, across 240,000+ individual wallet drains since 2023. Check Point Research's analysis of Inferno Drainer in early 2026 documented 30,000+ new victims from September 2024 to March 2025 alone, with the drainer's tooling spoofing more than 100 crypto brands across 16,000+ unique domains.

The industrial scale means the marginal attack does not need to succeed often. Even a 0.01% success rate against high-value targets produces meaningful revenue. The $50 million case is the outlier; the typical successful poisoning is in the $1,000 to $100,000 range, with thousands of small successes per month per operator.

The December 2025 case is worth dissecting because the laundering pipeline tells you what the screening should have caught.

**Step 1 (weeks earlier):** The attacker grinds a TRON address that matches the victim's frequent USDT TRC-20 counterparty's first and last characters. The attacker sends a $0 USDT transaction from the lookalike to the victim's wallet. The transaction appears in the victim's wallet history.

**Step 2 (the test transaction):** The victim, intending to confirm the counterparty address before a large transfer, copies the most recent matching counterparty from their wallet history. The copy captures the lookalike. The victim sends $0.01 as a test. The test reaches the lookalike. The victim, seeing the test "delivered to the counterparty," considers the address verified.

**Step 3 (the main transfer):** The victim sends $50 million to the same (still poisoned) address. The full balance reaches the lookalike.

**Step 4 (the laundering):** - Within minutes, the attacker swaps the USDT into DAI via a TRON-side DEX, then bridges to Ethereum. - The DAI on Ethereum gets swapped into ETH via Uniswap. - The ETH gets sent to Tornado Cash addresses. - Within thirty minutes from the original send, the funds have entered Tornado Cash's pool and cannot be cleanly traced further forward.

**Step 5 (the silence):** The victim offers a $1 million whitehat bounty. The attacker does not respond. The funds remain inside Tornado Cash. Recovery probability: low.

The $50 million is now mixed. The bounty was a futile signal — attackers who run industrial poisoning operations do not respond to whitehat negotiations, because acknowledging the funds creates legal exposure they have no incentive to accept.

The standard defenses against address poisoning are user-side:

1. **"Verify the full address character by character."** Works in theory; fails in practice because users do not verify a 42-character address character by character on every transaction. 2. **"Use saved address books."** Works against poisoning if the saved entry is what you actually use. Fails if your wallet UI surfaces "recent counterparty" suggestions, which include poisoned entries. 3. **"Send a test transaction first."** Provides false confidence. The test transaction reaches the lookalike; the victim believes the address is verified; the main transaction follows. 4. **"Verify the counterparty by an out-of-band channel."** Effective if actually done. Most institutional senders rely on internal saved addresses they trust were set correctly.

The defense-in-depth answer is that user-side defenses are necessary but not sufficient. The wallet-side defense is needed.

Two layers of automated defense exist in 2026 and are increasingly deployed.

**Wallet-side anti-poisoning UI.** MetaMask, Phantom, Rabby, Frame, and Trust Wallet have all rolled out features that detect dust transactions from previously-unseen addresses, especially when the dust address bears a structural similarity to a frequent counterparty. The features either hide poisoned entries from history display or surface a warning when the user is about to send to an address that resembles but does not match a frequent counterparty.

These features are uneven in adoption and effectiveness. The $50 million victim was likely using a wallet without state-of-the-art anti-poisoning UI, or had configured the wallet in a way that bypassed it. Anti-poisoning UI is improving but does not yet catch all variants — especially poisoning across multiple chains, where the dust may arrive on TRON while the legitimate counterparty is on Ethereum or Solana.

**Screening-engine side anti-poisoning detection.** Sanctuary and equivalent screening vendors maintain databases of known drainer and poisoning operator addresses. When a wallet about to send a transaction passes the destination address through a screening API, the screening result includes a flag for "potential poisoning lookalike" when the destination address (a) is structurally similar to a frequently-used counterparty for the source wallet (the screening engine has visibility into recent history) and (b) the destination address belongs to a known drainer or poisoning operator cluster.

The Sanctuary tag for these addresses is `address_poisoning_lookalike` with a sub-tag identifying the cluster (Inferno Drainer, Angel Drainer, Rublevka Team, or unattributed). The score for confirmed lookalike addresses is Critical (95+) regardless of the address's individual history — the score reflects the structural risk, not just the historical activity.

For institutional senders, the screening hook is the operational pre-send check. Before approving a large transfer, the operator submits the destination address to the screening API. The API returns a poisoning flag if relevant. The transfer is paused for human review.

This is what would have prevented the $50 million loss.

Blockaid's January 2026 statistics — 3.4 million poisoning attempts in a single month — are worth restating because they imply the operational economics.

If we assume one in ten thousand poisoning attempts succeed in stealing something (a conservative estimate; some attacker groups report better rates internally), 3.4 million attempts produces ~340 successful drains per month for the industry. If the average successful drain is $10,000, the industry revenue is $3.4 million per month. If the average is $100,000 (more realistic for the high-value subset), the revenue is $34 million per month. If there is one $50 million outlier per quarter on top, the total is over $100 million per month industry-wide.

Chainalysis's $400 million 2025 figure is roughly consistent with the lower end of this estimate. The 2026 numbers, with attempt volume 5.5x higher than late 2025, will be larger.

For comparison: the total criminal proceeds laundered through Huione Group between 2021 and 2025 was $4 billion across four years — approximately $80 million per month. Address poisoning is now in the same revenue tier as Huione-class laundering infrastructure.

The category has scaled. The defenses must scale with it.

For institutional senders running large transfers in 2026, the operational checklist is:

1. **Whitelist counterparty addresses in your treasury system.** Whitelist must be set explicitly, not derived from history. Changes to the whitelist require multi-party authorization. 2. **Run every outbound address through a screening API on the send path.** Sanctuary, Chainalysis, TRM, and Elliptic all expose poisoning-detection signals. Integration is a single API call. 3. **Treat "recent counterparty" wallet UI features as untrusted by default.** Recent counterparty suggestions are the attack surface. Whitelisting is the answer. 4. **Maintain out-of-band confirmation channels for transfers above a threshold.** For institutional flows above $1M, a parallel channel (encrypted email, phone, Signal) carrying the full destination address provides defense-in-depth.

For consumer wallet users, the same principles apply at smaller scale. Anti-poisoning UI in MetaMask and similar wallets helps. Manual verification of full addresses before large transfers is the floor. Trusted address books in the wallet's own settings beat dynamic "recent counterparty" suggestions.

Address poisoning is no longer an opportunistic attack. It is industrial-scale infrastructure with cost-per-attempt below dust, success rates measurable, and revenue in the $100M+ range per month.

The defense is not "be more careful." Users have been told to be more careful since 2021 and the losses have grown five-fold in one quarter. The defense is automated screening on the send path, with whitelisting on top.

Sanctuary scores the lookalike address before you press send. Address scoring is the layer that does not depend on the user's attention span. Use it.