Trader Loses $600K in Address Poisoning Copy‑Paste Scam
On Feb. 17, 2026 a single copy‑and‑paste mistake led to a $600,000 loss when a trader sent funds to a spoofed address in what is being described as an address poisoning scam. In these attacks an intended recipient address is replaced — often via clipboard or UI manipulation — so victims paste a malicious address and complete an irreversible on‑chain transfer.
The incident underscores persistent operational risks around large crypto transfers and the limits of recovery once funds move on‑chain. Users and services should treat address entry as a critical control: verify full addresses (or use hardware wallets, ENS/TNS with caution), perform small test transfers, enable transaction previews, and avoid copying addresses from untrusted sources. For large volumes, custodial controls and multi‑signature setups can reduce single‑point failures.