Trust Wallet Adds Real-Time Protection Against Address Poisoning Scams

A single address poisoning incident in January resulted in losses of about $12.2 million after a user copied a fraudulent lookalike address from their transaction history. 

The case followed another major incident in December, where a similar tactic led to roughly $50 million being stolen.

It’s time we put a stop to it, don’t you think?

Trust Wallet seems to agree. The company has released a new feature called Address Poisoning Protection, designed to detect one of the most common social engineering scams in crypto before a transaction is sent.

Let’s talk about that.

The Scam That Doesn’t Steal Your Keys

Address poisoning is a simple attack, but an effective one. 

Attackers send tiny, near-zero-value transactions to a wallet from an address that closely resembles one the victim has previously used. The fake address then appears in the user’s transaction history.

Later, when the user sends funds again and copies a destination from their history or clipboard, they may accidentally choose the attacker’s address instead of the real one.

Instead of malware or phishing to steal private keys, the attack relies entirely on visual similarity and routine behavior.

Detecting Lookalike Addresses Before Funds Are Sent

Trust Wallet’s new protection feature focuses on the moment when a user enters or pastes a destination address.

When an address is copied into the send field, the wallet performs a real-time check against known poisoning patterns and suspicious lookalike addresses. If the system detects an address that closely resembles one the user has interacted with before, the wallet triggers a warning.

The feature also shows a side-by-side comparison of the addresses, highlighting exactly where the characters differ. This allows users to quickly confirm whether the destination is legitimate before signing the transaction.

The checks run automatically across supported chains and are designed to work inside the normal send flow, so users do not need to manually activate any additional security settings.

Moving Beyond Static Scam Lists

Many wallets already rely on blocklists of known malicious addresses. The challenge is that poisoning attacks often involve newly created addresses that have not yet been flagged.

Trust Wallet’s approach uses real-time intelligence feeds instead of relying solely on static databases. The system combines security data from HashDit and Binance Security, along with Trust Wallet’s own monitoring tools.

This allows the wallet to detect patterns that indicate impersonation attempts, rather than only blocking addresses that have already been reported.

The protection is triggered before a transaction is signed, which is important because blockchain transfers cannot be reversed once confirmed.

Another String to Trust Wallet’s Bow

Address Poisoning Protection expands a security framework that Trust Wallet has been building over the past several years.

In 2023, the company launched Security Scanner, a feature designed to analyze transactions before they are approved. The tool examines the transaction payload itself, identifying phishing contracts, malicious dApps, suspicious token approvals, and other high-risk activity.

Since its launch, Security Scanner has helped prevent significant losses. Trust Wallet says the system has stopped more than $458 million from reaching malicious contracts, helped recover over $2 million in stolen funds, and blocked $191 million in scam-bound transactions in 2025 alone.

The new poisoning protection feature addresses a different stage of the transaction process.

Security Scanner focuses on what a user is signing, analyzing the transaction payload for dangerous behavior. Address Poisoning Protection focuses on who the user is sending funds to, identifying impersonation attempts before a transaction is even created.

Together, the two systems form a layered defense model designed to catch both technical exploits and human-targeted scams.

Protecting Users From the Simplest Attacks

Many of the most successful attacks no longer rely on exploiting smart contracts or breaking cryptography. Instead, they target user behavior.

Address poisoning falls into this category. It exploits routine habits such as copying addresses from transaction history or assuming familiar-looking strings are correct.

Tools that detect those patterns early may help prevent a growing category of losses.

Trust Wallet’s latest update reflects that move in security priorities. Protecting users today has extended to identifying the subtle tricks attackers use to exploit everyday wallet behavior.