Table of Contents
Between November 2025 and January 2026, address poisoning attacks grew 5.5x - and people lost millions to a single wrongly copied address. Thanks to its own security mechanism, Gem Wallet filters poisoned transactions out of your history before you ever see them.
Key Takeaways
- Losses run into the hundreds of millions - one 2024 attack cost $68M, and another in December 2025 drained $50M in USDT (CoinDesk).
- Gem Wallet protects your assets from address poisoning at the wallet level - advanced filtering automatically removes poisoned transactions, with its users’ safety in mind.
How Gem Wallet Spotted Address Poisoning in 2024
Gem Wallet began building its own security mechanism against address poisoning in early 2024 - well before the attack became a mainstream threat.
As the number of USDT users on TRC20 grew, wallets filled up with spam transactions: the interface got cluttered, and those micro-transfers served as bait for theft. Cases of stolen funds were on the rise.
The team saw two problems at once - the interface was losing its usefulness and clarity, while a real attack vector was hitting users. While other wallets ignored the problem and only began filtering such transactions years later, Gem Wallet got there among the first - because it constantly tracks threats that can harm its users.
What Address Poisoning Is
Address poisoning is a scam where an attacker plants a lookalike address in your transaction history, hoping you copy it by mistake. It needs neither your private key nor a hack - just your habit of copying an address from history. The attacker generates an address whose first and last characters match one you already use; only the middle differs, and almost no one checks the middle. The danger is that the attack doesn’t look like an attack: there’s no pop-up and no signature request - just one extra line in your history that looks familiar.
How an Address Poisoning Attack Works
An attack unfolds in three steps:
- Preparation: The attacker watches your activity on the public blockchain and generates a lookalike address.
- Poisoning: They send you a micro-transfer - sometimes a zero-value transfer of a fake token - so it settles in your history next to the real ones.
- The trap: The next time you copy the “familiar” address from your history, your funds go to the attacker.
It sounds primitive - but it works flawlessly, and for huge sums. And the threat isn’t standing still: in just two months, from November 2025 to January 2026, poisoning attempts grew 5.5x, and the network now records more than 160,000 of them per day on average. On Ethereum alone, users lost around $62M over that short period.
Address poisoning attempts grew 5.5x in two months. Source: Blockaid, ScamSniffer.
The Biggest Address Poisoning Thefts
Address poisoning has already cost users hundreds of millions of dollars - a Carnegie Mellon study counted 270 million poisoning attempts targeting 17 million potential victims. According to CoinDesk, two of the loudest cases show how a single address mistake turns into a disaster:
- $68M (WBTC), May 2024: A user sent 1,155 WBTC to a lookalike address sharing the “0xd9A1…” characters. An on-chain negotiation followed, and the attacker returned the funds days later - a rare exception, not the rule.
- $50M (USDT), December 2025: The victim copied a poisoned address just 26 minutes after a test transaction and sent nearly 50M USDT to the attacker; the funds were laundered through Tornado Cash.
An on-chain message from the $68M address poisoning case: “keep 10%, return 90%.” Source: Etherscan.
How Gem Wallet Protects Your Assets From Address Poisoning
Gem Wallet protects your assets from address poisoning with its own security mechanism, built into the wallet and running automatically - there’s nothing to turn on. The filtering works across all 100+ blockchains Gem Wallet supports, including Bitcoin, Solana, BNB Chain, and more. We don’t disclose the exact algorithm, so attackers can’t work around it. In principle, the protection works in three layers:
Hiding Meaningless Micro-Transactions
If an incoming amount is too small to carry any real meaning - say, 0.000001 USDT, a fraction of a cent in TRX, or a zero-value transfer of a fake token - Gem Wallet doesn’t display it in the wallet interface. These dust transfers exist only to clutter your history and slip a lookalike address in front of you. No transaction on screen, no bait - and your history stays clean and informative.
Flagging Lookalike Addresses
Gem Wallet checks every incoming address against the ones you’ve just used. For example, you send ETH to an address that starts with 0x7a3F and ends in b21C. A minute later, a transfer lands in your history from an address with the same 0x7a3F and b21C but a different middle - Gem Wallet sees that “kinship” and filters out the fake. The whole attack rests on visual similarity between addresses - and that’s exactly what Gem Wallet detects, protecting its users from the lookalike.
Contacts: Send From Your Trusted List
With Gem Wallet Contacts, you stop copying addresses from history altogether - which leaves address poisoning no opening. Contacts lets you save frequently used addresses, label each with a clear name - like “Josh,” “Alice,” or “Savings” - and pick the right one in a single tap when sending. A single contact can hold several addresses across different networks. Gem Wallet is built on a self-custody architecture, so all contacts are stored locally on your device, with no server sync. With a trusted contacts list, the chance of sending to the wrong address drops to near zero.
With Gem Wallet, you can stay calm: the team constantly tracks new threats and scam tactics and ships protection faster than most - so your assets stay secure at all times. Download Gem Wallet and manage your crypto with confidence today.
