Address‑poisoning and signature‑phishing surge drains millions from crypto users

Address‑poisoning and signature‑phishing attacks surged in late 2025 and early 2026, causing large losses and raising risks for crypto users and traders. Attackers use "dust" or full fake addresses that match visible leading and trailing characters so victims who copy from past transactions paste malicious addresses. Scam Sniffer reported two major address‑poisoning incidents that stole $50 million in December 2025 and $12.2 million in January 2026. Blockchain trackers report hundreds of millions of poisoning attempts across chains (notably Ethereum and BSC), with tens of millions of dollars confirmed stolen and many more attempts tracked. Signature‑phishing—tricking users into approving malicious contract calls or overly broad token allowances—also spiked: in January attackers stole $6.27 million from 4,741 users (a 207% month‑on‑month rise), with two attacker wallets receiving about 65% of those funds. Analysts link higher dust activity to lower gas costs after network upgrades (for example, Ethereum’s Fusaka changes), which make tiny spray‑and‑pray transfers cheap; Coin Metrics found a large share of stablecoin balance updates were under $0.01. Illicit proceeds are often routed into noncooperative protocols (notably into DAI) or concentrated attacker wallets, complicating recovery. The report also notes an unrelated treasury exploit at Step Finance that drained roughly $27.2 million in SOL. For traders: heightened scam activity increases on‑chain noise, may temporarily lift transaction counts and stablecoin flows, and can raise short‑term volatility or reduce retail confidence—especially for users handling large transfers. Actionable precautions: always verify full destination addresses (not just visual fragments), avoid signing unknown contract approvals, regularly audit and revoke token allowances, use address whitelists and hardware wallets, and subscribe to on‑chain scam alerts from reputable trackers.