// GLOSSARY -- SECURITY & COMPLIANCE

What is Address Poisoning?

1 min read Updated

Address poisoning is a social engineering attack where an attacker sends small transactions from addresses that closely resemble the victim's frequent recipients — hoping the victim will copy the attacker's address from their transaction history by mistake.

WHY IT MATTERS

Blockchain addresses are long hex strings that humans (and agents) often identify by their first and last few characters. Address poisoning exploits this by generating addresses that match these visible portions. The attacker sends a tiny transaction from the lookalike address, planting it in the victim's transaction history.

When the victim next wants to send to their real recipient, they might copy the address from recent transactions — grabbing the poisoned lookalike instead. The funds go to the attacker. This has caused individual losses exceeding $68 million.

AI agents are particularly vulnerable. An agent pulling recipient addresses from transaction history could easily select a poisoned address. Unlike a careful human who might double-check, an agent matching on visible characters could be tricked consistently.

HOW POLICYLAYER USES THIS

PolicyLayer's allowlist prevents address poisoning attacks on agent wallets. By restricting agents to pre-approved recipient addresses, poisoned lookalike addresses are automatically rejected — regardless of how similar they appear in transaction history.

FREQUENTLY ASKED QUESTIONS

How do attackers create lookalike addresses?
They use vanity address generators to create addresses matching the first and last 4-6 characters of the target address. This requires computational effort but is feasible — matching 8 hex characters takes minutes to hours.
Can address poisoning be prevented?
For humans: always copy addresses from trusted sources, verify the full address, use address book features. For agents: use allowlists of pre-approved addresses, never pull recipients from transaction history alone.
How common are address poisoning attacks?
Very common. Millions of poisoning transactions are sent daily across EVM chains. Most are untargeted (bulk poisoning), but targeted attacks against high-value wallets do occur.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.