As cryptocurrency adoption surges into 2025, a sophisticated threat has emerged that’s capturing attention from major financial institutions. Citi’s blockchain analysis team has identified a concerning rise in “address poisoning” scams targeting Ethereum users – a subtle yet potentially devastating attack vector that exploits human psychology rather than technical vulnerabilities.
According to Citi’s latest digital asset security report, address poisoning incidents have increased 47% since late 2024, with over $32 million in Ethereum tokens diverted to fraudulent wallets in the first quarter of 2025 alone. The technique represents an evolution in social engineering that preys on how users interact with cryptocurrency addresses during transactions.
The mechanics are deceptively simple. When you conduct an Ethereum transaction, your wallet typically stores the recipient’s address in your history. Scammers monitor public blockchain activity, then create wallets with addresses that closely mimic those you’ve previously interacted with – often identical except for a few characters at the beginning and end.
“What makes address poisoning particularly effective is its exploitation of human habit,” explains Rachael Chen, Citi’s head of distributed ledger analysis. “Most users only verify the first and last few characters of an address before sending funds, and scammers are capitalizing on this verification shortcut.”
I witnessed this firsthand at last month’s ETHDenver conference, where three developers shared stories of falling victim despite their technical expertise. One lost nearly 18 ETH (approximately $67,000) after copying what appeared to be a familiar address from his transaction history.
The timing of this scam’s proliferation isn’t coincidental. Following Ethereum’s Shanghai upgrade and the growing popularity of liquid staking derivatives, transaction volumes have created fertile ground for these attacks. Citi’s analysis indicates the scams disproportionately target high-value wallets that frequently interact with decentralized finance (DeFi) protocols and exchanges.
“We’re seeing increasingly sophisticated operations,” notes Dave Balter, security researcher at Chainalysis. “These aren’t random attempts but calculated campaigns that monitor specific wallets and deploy bots to create poisoned addresses moments after legitimate transactions occur.”
What differentiates the 2025 wave of address poisoning from earlier attempts is the automation and scale. According to MIT Technology Review’s examination of the trend, scammers now employ machine learning algorithms that analyze transaction patterns and target users based on behavioral predictors that suggest lower security awareness.
The Ethereum Foundation acknowledges the threat but emphasizes that this isn’t a protocol vulnerability. “This is a human-layer security challenge,” states Tim Beiko, who coordinates Ethereum protocol development. “We’re working with wallet developers to implement stronger visual differentiation of addresses and encouraging multiple verification steps.”
Some solutions are already emerging. MetaMask’s latest update now displays a prominent warning when users attempt to send funds to an address that closely resembles—but doesn’t match—a previously used address. Similarly, hardware wallet manufacturer Ledger has implemented address comparison features that highlight differences between similar-looking addresses.
For users concerned about protection, several practices can minimize risk. Always use the copy-paste function rather than manual entry when handling addresses. Verify the entire address character by character before confirming transactions. Consider implementing address books or whitelisting for frequent recipients. Most importantly, send test transactions with minimal amounts before transferring significant sums.
The financial implications extend beyond individual losses. Investment firm ARK Invest estimates that address poisoning and similar scams could impact institutional confidence in digital assets, potentially suppressing Ethereum adoption by 3-5% through 2026 if robust countermeasures aren’t widely implemented.
“What’s concerning is how this targets the mundane, everyday aspect of crypto use,” I told attendees during a recent panel discussion at San Francisco’s Blockchain Week. “We’ve focused so heavily on smart contract security and protocol vulnerabilities that we sometimes overlook these human-centric attack vectors.”
As Ethereum continues its transition toward a more accessible financial infrastructure, the ecosystem faces a critical challenge: balancing user experience with security. The current wave of address poisoning scams highlights how social engineering can undermine even technically sound systems.
“The solution involves both technical mitigations and user education,” concludes Chen from Citi. “But most importantly, we need to recognize that crypto security is evolving beyond code vulnerabilities to increasingly target human behavior and trust.”
For Ethereum users navigating this landscape in 2025, the message is clear: verify thoroughly, update your wallet software regularly, and remember that in the rapidly evolving world of digital assets, a moment of caution can prevent significant loss.
