Wallet Drainers Net $62M in Two Months
A single user lost $12.2 million in January after copying a compromised wallet address from their transaction history, reported security firm Scam Sniffer. The incident marks the second eight-figure loss to “address poisoning” in sixty days, following a staggering $50 million theft in December. In both cases, attackers utilized “dust” transactions, sending tiny amounts of crypto from vanity addresses designed to mimic the start and end characters of the victim’s legitimate counterparties.
The ‘Fusaka’ Factor: Cheaper Fees, Cheaper Scams
The spike in address poisoning coincides with Ethereum’s recent Fusaka upgrade (combining the Fulu and Osaka hard forks), which activated in early December 2025. While Fusaka successfully lowered costs for legitimate users via PeerDAS and blob optimization, it inadvertently subsidized high-volume spam attacks. Security researchers note that the reduced fee environment allows scammers to flood potential victims with thousands of dust transactions at a fraction of the previous cost, significantly increasing the surface area for these social engineering attacks.
Signature Phishing on the Rise
Beyond address poisoning, attackers are pivoting to signature-based exploits. Scam Sniffer documented a 207% month-over-month increase in signature phishing in January, with 4,741 victims losing a combined $6.27 million. Unlike address poisoning, which relies on user error during transfers, these attacks trick users into signing malicious off-chain permissions (such as `permit` or `increaseAllowance`) that grant drainers full control over wallet assets. Data shows these attacks are highly concentrated, with just two drainer wallets accounting for 65% of the stolen funds.
Ethereum Foundation Taps SEAL for Defense
In response to the escalating threat vectors, the Ethereum Foundation has announced a partnership with the Security Alliance (SEAL). Under the “Trillion Dollar Security” initiative, the Foundation will sponsor a dedicated security engineer to embed within SEAL’s Whitehat force. The collaboration aims to proactively track and neutralize drainer infrastructure before it can be deployed, moving beyond reactive warnings to direct disruption of the attacker’s supply chain.
