search

Address Poisoning Scams

Last updated: 02/19/2025

This article describes a type of scam called address poisoning. 

Address Poisoning Scam Overview

Address poisoning is a scam where a fraudster sends a small amount of cryptocurrency or an NFT to your Ledger account, resulting in a "poisoned" transaction appearing in your Ledger Live history. The scammer's address is crafted to closely resemble one you've interacted with—sometimes matching the first or last few characters—to trick you into copying their address and accidentally sending funds to it.

Scammers may use various transaction types, including received transactions, NFTs, or dummy sent or fees transactions, to poison your history. These scams are most common on blockchains with low transaction fees, Polygon, Tron, Tezos, Solana, and Binance Smart Chain, but they can happen on any chain.

Recognizing Address Poisoning Attempts

  • You notice a suspicious transaction in your history that you didn’t initiate, often involving small amounts or NFTs.
  • You find that the scammer's address looks very similar to yours, with matching characters at the beginning and end of the address to trick you into copying their address instead of yours.

Here are some examples of how address poisoning might appear in Ledger Live:

Unfamiliar Small Transaction

Unfamiliar Received Transaction

An unexpected small amount of USDT received from an address similar to yours.

Fake Sent or Fee Transaction

Fake Sent Transaction

A bogus "sent" transaction showing interaction with an unfamiliar address.

Important Note

This tactic targets many users through public blockchain data—you're not being personally singled out. Address poisoning does not compromise your private keys or recovery phrase. Despite these attempts, your account remains secure.

The scammer paid the transaction fees to send a small amount of crypto or NFT to your account. 

Handling Address Poisoning Scams

  • Always verify the destination address on your Ledger device before sending funds, checking every character, not just the first or last few.
  • Never copy and paste addresses from your transaction history. Instead, use the Receive tab in Ledger Live to get the correct deposit address.
  • If you receive an unwanted NFT or token, avoid interacting with it or clicking any links, and instead, right-click in Ledger Live to hide it.

Stay vigilant, never share your digitize your 24-word secret recovery phrase, and always double-check the details before sending crypto. 

To learn more about protecting your digital assets from threats, visit our Scams Targeting Crypto Holders resource guide.