New Trust Wallet Tool Flags Spoofed Crypto Addresses to Prevent Accidental Losses in Real Time

Trust Wallet tackles the invisible threat of address poisoning

Imagine opening your digital wallet to send a large sum of cryptocurrency, only to realize minutes later that the funds are gone forever, sent to a stranger who mimicked your own identity.

This is the reality of address poisoning, a silent but high-speed scam that has siphoned over $500 million from unsuspecting users.

To combat this, Trust Wallet has launched a real-time protection feature across its mobile platform, aiming to intercept these industrial-scale attacks before the Send button is ever pressed.

Unlike traditional security hurdles, this system operates automatically, scanning 32 Ethereum Virtual Machine (EVM) compatible chains to identify lookalike addresses that hide in plain sight within a user's transaction history.

How does the address poisoning scam work?

The mechanics of this attack are as simple as they are devastating.

Scammers deploy automated bots to monitor the blockchain for active wallets.

Once a target is identified, the attacker sends a tiny, valueless amount of tokens to that wallet from a spoofed address.

This fake address is carefully generated to match the first and last few characters of the victim’s own address or one of their frequent contacts.

Because most people only glance at the start and end of a long string of alphanumeric characters, the fake address looks identical at a passing glance.

The trap is sprung when the victim later copies that address from their transaction history for a legitimate transfer, effectively hand-delivering their assets to the criminal.

Why is this protection necessary right now?

The scale of this threat is staggering.

Security firm Cyvers detects more than one million preparatory poisoning operations every single day on the Ethereum network alone.

Trust Wallet estimates that across the wider ecosystem, approximately 34,000 attacks are executed every hour, targeting an estimated 17 million potential victims.

Trust Wallet CEO Felix Fan said,

"The threat is designed to be invisible: a handful of characters buried in the middle of a long string, easy to miss and expensive to ignore."

These figures reflect a landscape where the cost for an attacker is nearly zero, but the potential payout is massive; in December 2025, two separate investors lost a combined $62 million to this exact tactic.

How does Trust Wallet stop the funds from leaving?

The new security layer functions by comparing every recipient address against a massive database of known malicious patterns and historical scam data.

By pulling intelligence from HashDit and Binance Security, the app can spot a poison address the moment it is entered or copied.

If a match is found, the app doesn't just block the transaction; it provides a side-by-side visual comparison.

This comparison highlights the specific characters in the middle of the address that differ from the legitimate one, forcing the user to see the deception.

This direct intervention addresses the core human habit of copying from history rather than verifying every single character manually.

Will this feature be available on all networks?

Currently, the protection is live for mobile users across 32 EVM chains, including major networks like Ethereum, BNB Smart Chain, Polygon, Arbitrum, and Base.

However, the developers recognize that the problem isn't limited to the Ethereum ecosystem.

High-volume chains like Solana and Tron also face similar risks due to their specific address formats.

Trust Wallet plans to expand this coverage to more non-EVM chains in the future.

This update follows a challenging period for the provider, including a compromise of its Chrome extension in late December 2025 that led to $8.5 million in losses, an incident the company has addressed by removing malicious code and committing to covering user losses.

Is this the end of manual verification?

While Trust Wallet is joining other providers like Rabby, Zengo, and Phantom in offering preemptive filtering, experts suggest users should still remain cautious.

The surge in scams contributed to a record $17 billion in losses during 2025, often fueled by AI-enhanced tactics.

This tool is meant to complement existing scanners that flag malicious dApps or suspicious token approvals.

Even with automated alerts, the most effective defense remains a change in behavior.

As former Binance CEO Changpeng Zhao noted in late 2025,

"All wallets should simply check if a receiving address is a 'poison address,' and block the user."

For now, the safest route is to avoid copying addresses from transaction histories entirely and use dedicated address books or QR codes.