A cryptocurrency trader loses 2.5 million USDT after falling twice for a address poisoning scam.

Address poisoning scams continue to exploit user mistakes, resulting in multimillion-dollar losses for cryptocurrency traders.

On May 26, the blockchain security company Scam Sniffer reported that the first mistake occurred when the operator copied a manipulated wallet address from their transaction history. This resulted in a transfer of $843,000 to the fraudulent address.

Just a few hours later, the trader repeated the same mistake, sending another 1.7 million dollars to the same fraudulent address.

The attack method, known as address poisoning or history poisoning, involves scammers sending small transactions from wallet addresses that closely resemble legitimate ones. These fake transfers are designed to appear in the victim's transaction history.

When the user subsequently attempts to copy the address of a recipient from that history, they are likely to select the malicious version and unknowingly send funds to the scammer.

These vulnerabilities are becoming increasingly common as attackers target cryptocurrency users through subtle, low-effort techniques that rely on user mistakes and interface habits.

Hackers have been honing their methods to attack users more directly. The blockchain security company SlowMist detected a growing wave of SMS phishing campaigns.

In these scams, malicious actors typically send messages impersonating cryptocurrency exchanges like Coinbase, falsely claiming a problem with a withdrawal or a security breach. Victims are then instructed to call a support number in the message. By doing so, they are connected with a fake agent who redirects them to a phishing website.