On Sunday, Jameson Lopp, a well-known cryptocurrency enthusiast and head of the Casa security department, published a blog article on the so-called poisoning of addresses in the blockchain.
This is a form of attack by scammers, designed to inattention the victim. The attackers send out small transactions from addresses that look like wallets from the victim's transaction history.

If she copies such an address for a new transaction, she will simply send money to the fraudster, which means that she needs to be more careful than ever.
The attack is arranged as follows. The scammer will generate a Bitcoin address that is very similar to the victim's recently used addresses. This is especially true for the characters at the beginning and end of the address, since these are the parts that are most often displayed in wallets, as well as verified by users before sending.
This is done through brute force: that is, during this process, huge amounts of private keys are created and discarded.
The attacker then sends a small amount of cryptocurrency to addresses from the generated list, and usually each transaction has less than one dollar. Thus, he "poisons" the transaction history by sending funds from a similar address to the victim's address.

(An example of similar addresses in the blockchain).
When the victim later wants to send funds, they may inadvertently copy a previously used address from their transaction history without noticing that it is a fake attacker's address that belongs to the hacker. As a result, the victim mistakenly voluntarily sends funds to the attacker's address, and the attacker simply takes them for himself.
People regularly encounter similar attacks on the Solana network. Scammers are more active in modern blockchains, because hundredths of a cent are enough to conduct transactions there, which means such actions are much cheaper.
Lopp tried to figure out the frequency and time frame of such attacks on his own. He said the following:
I wrote a script that scans the entire history of the blockchain in search of transactions with one input and one output, where the first and last four characters of the sender and recipient addresses match.
The first such transactions appear only in block 797570 dated July 7, 2023, and there were 36 such transfers in total. Then there was a lull until block 819455 of December 12, 2023, after which these transactions began to appear regularly until block 881172 of January 28, 2025. Then there was a two-month break, and the attacks resumed.
During these 18 months, almost 48 thousand transactions were sent, corresponding to the pattern of possible "poisoning" of the address. Each transaction takes 100-200 bytes. A total of 6,654,534 bytes were used for such purposes – about four complete blocks.
A total of 0.06840502 BTC was spent on the cost of the transactions themselves. The commission fee is 0.22305335 BTC.
Thus, the amount reached 0.29145837 BTC, which is equivalent to 25 thousand dollars at the current exchange rate. The expert continues:
The most amazing thing is that 12,199 attacked addresses did not spend the funds! This looks like a serious flaw of the scammers. If I were conducting such an attack, I would prefer to choose addresses from which funds are often sent, preferably to the same addresses, in order to increase the likelihood of user error.
In other words, the scammers did not take into account the behavior of potential victims whose addresses they attacked. Obviously, the holders of the scripts turned out to be holders who do not conduct transactions with crypto, but simply wait for large-scale market growth in the future.

(Distribution of victims' wallets by transactions).
Most of the active addresses sent less than 10 BTC per transaction. Most of these addresses also had less than 10 deposits.
In total, the scammers managed to earn about 0.1 BTC with 0.3 BTC spent on all attacks recorded by Lopp. The result is not very impressive, but a fan of scripts still called the scheme dangerous for most users.

(The average wallet balance of the victims).
To avoid falling into such a trap, be sure to check the full address before sending bitcoins. Also, use labels or a list of contacts in your wallet to avoid relying on memory or transaction history.
In addition, ideally, do not use the same deposit address repeatedly, which is good for user privacy.
It is important to note that sometimes scammers earn huge sums on a scheme of poisoning addresses.
For example, in August 2023, a rich crypto investor sent $20 million in USDT to the wrong address.
Be careful, and please take care of yourself!