Investor Loses $12.25 Million in Ethereum Address-Poisoning Scam as Hacker Routes Funds to Tornado Cash

Attackers planted a convincing lookalike address in the wallet’s history, preying on users who copy shortened strings.

Overview

The victim sent 4,556 ETH worth about $12.25 million to a hacker’s wallet after copying a lookalike address instead of a Galaxy Digital deposit address.
The malicious address mimicked the first and last characters of the legitimate wallet after the attacker seeded it with repeated dust transactions.
On-chain trackers observed the thief moving the funds through intermediary wallets and sending large tranches into Tornado Cash to obfuscate provenance.
Analysts including Scam Sniffer and Lookonchain flagged the incident and warned users never to copy addresses from transfer histories.
Security researchers report over 1 million poisoning attempts daily on Ethereum, with impersonation scams up 1,400% and crypto theft totaling $17 billion in 2025.