Ethereum Whale Loses $12.4M in Address Poisoning Scam Targeting Galaxy Digital Deposit
A sophisticated address poisoning attack claimed 4,556 ETH ($12.4M) from a whale intending to deposit to Galaxy Digital, marking the second major incident in weeks.
A high-net-worth cryptocurrency investor lost 4,556 ETH ($12.4 million) early Saturday after falling victim to a targeted "address poisoning" attack. The theft, confirmed by blockchain analytics firm Lookonchain, underscores the growing sophistication of social engineering attacks against institutional-grade wallets.
The Attack Vector
The victim (wallet 0xd674...) intended to deposit funds into a Galaxy Digital wallet they had frequently used for OTC settlements. Instead, they copied a malicious address from their transaction history that shared the exact same first and last alphanumeric characters as the legitimate destination.
According to on-chain data, the attacker spent two months preparing the trap:
- Vanity Gen: The attacker generated a wallet matching the first six (
0x6D90CC) and last six (dD2E48) characters of the Galaxy Digital deposit address. - Dusting: The attacker "dusted" the victim's wallet with negligible amounts of ETH to insert the malicious address into the wallet’s recent transaction history.
When the victim initiated the transfer, they likely verified only the start and end of the address, a common shortcut that proved fatal. The funds were siphoned instantly.
"The attacker repeatedly sent dust transactions from the spoofed address, causing the victim to copy it from transaction history and misroute the transfer." – Lookonchain
Institutional Context
This incident marks the second eight-figure loss to address poisoning in recent weeks. In December 2025, a separate trader lost $50 million in a nearly identical scheme involving USDT. The recurrence suggests attackers are specifically profiling high-volume wallets associated with institutional custodians like Galaxy Digital and Coinbase, banking on human error during routine settlement flows.
Ethereum (ETH) traded at $2,721 (-2.6%) following the news, with market makers showing little reaction to the theft itself, treating it as an isolated security failure rather than a protocol vulnerability. Security firms are urging users to verify every character of a destination address or use whitelist-only transfer protocols.
