Transaction Poisoning
Transaction poisoning tricks you into copying fake addresses. Learn how this scam works and how to verify recipients with Kerberus.
What Is Transaction Poisoning?
Transaction poisoning is a malicious deception technique where attackers craft look-alike transactions in or around a victim’s activity record to induce copying the wrong recipient later. It overlaps with address poisoning but focuses on mimicking amounts, timing, and metadata to create a convincing “trail.”
How It Works
Adversaries monitor mempools and public histories, then broadcast small transactions that mirror legitimate ones (token, value, sometimes gas pattern) while swapping in their own address.
By shaping ordering or timing, they aim to place the spoof where users commonly copy from. When the victim reuses that “familiar” address, funds are irretrievably sent to the attacker.
How to Reduce Risk
- Confirm recipients from original sources (contact book, verified profile, signed message).
- Avoid copying addresses from explorer histories or old transactions.
- Check multiple characters across the entire address, not just the prefix/suffix.
- Maintain signed allowlists for recurring payees where feasible.
- Use a real-time Web3 security tool like Kerberus to detect malicious behavior before it impacts your pocket
Written by:
Werner Vermaak is a Web3 author and crypto journalist with a strong interest in cybersecurity, DeFi, and emerging blockchain infrastructure. With more than eight years of industry experience creating over 1000 educational articles for leading Web3 teams, he produces clear, accurate, and actionable organic material for crypto users.
- •8+ years in crypto & blockchain journalism
- •1000+ educational articles for leading Web3 teams
- •Former content lead at CoinMarketCap, Bybit, OKX
Related Terms
See more glossary terms
Install once & immediately get protected from scams, phishing and hacks. Zero losses for 250k+ users in 3 years. Now with up to $30,000 in coverage.
