The price of "speed and convenience" in the cryptocurrency space could be as high as $12.4 million. An Ethereum (ETH) holder and regular crypto user just found that out as he lost 4,556 ETH valued at over $12.4 million after he accidentally transferred the asset to an attacker’s poison address.

How copy-paste error enabled $12.4 million attack

Lookonchain update explained that the attacker generated a fake address containing the first and last four characters of the Galaxy Digital’s real deposit recipient. The attacker proceeded to send tiny "dust" transactions to the victim’s wallet.

The goal was to simulate a fake or poison address in the victim’s transaction history. The goal of the malicious actor was to make the address look legitimate and familiar to the victim. The attacker was relying on the victim not paying close attention to details, given the similarity in the address.

The user, likely out of convenience and the need to quickly execute the transaction, opened his transaction history and copied what he thought was Galaxy Digital’s address. Given that it is a transaction he performs on a regular basis, he thought nothing of it and did not double-check the entire address.

A victim (0xd674) lost 4556 $ETH($12.4M) due to a copy-paste address mistake.

Victim 0xd674 frequently transfers funds to Galaxy Digital via
0x6D90CC...dD2E48.

The attacker generated a poison address with the same first and last 4 characters as Galaxy Digital's deposit address… pic.twitter.com/oXI3exESzE

This "copy and paste error" has cost the user $12.4 million as he sent the entire 4,556 ETH to the hacker's address.

The poison address form of scam attacks is gaining traction in the crypto space as hackers rely on users not painstakingly checking addresses. In December 2025, another user lost $50 million after they copied a spoofed address due to visual similarity.

Interestingly, with this user, he had done a test run with $50 to his address, and it was this trial that the malicious hacker used to spoof the wallet as a trap. Unfortunately, the user fell victim to transferring the remaining $49,999,950 to the hacker.

You Might Also Like
Sat, 01/31/2026 - 10:29 XRPL Alert: Ripple Engineer Sends Key Reminder Ahead of 2026 UpgradesByTomiwabold Olajide

Users warned to watch out for address poisoning scams

The frequency of these attacks calls for more vigilance in the crypto space. Users need to stop copying addresses from transaction history. They also must verify the entire address, not just the first and last four characters, which could be a poisoned address.

One user, Mark Huber, while reacting to the loss, stated that he always prioritizes safety over convenience when making transactions. Huber claimed that if he were to send $12 million, he would probably send it in batches of $100,000 at a time.

The idea is to avoid losing the entire funds in a single transaction. Others have advised the use of the ENS domain or address book to avoid such losses.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。