Trust Wallet Launched a New Security Feature That Could Save Users From a Silent Attack

One of the most common and costly crypto scams operates silently in transaction histories, and the wallet used by over 140 million people has added real-time detection to stop it before funds leave.

What Address Poisoning Actually Is

The attack is simple in concept and devastating in execution. An attacker sends a tiny, worthless amount of tokens to a target wallet from an address that closely mimics either the victim’s own address or a frequently used contact. The fake address typically matches the first and last few characters of the real one, with different characters buried in the middle where most users never look.

The trap is set in the transaction history. When the victim later needs to send a large transfer, they scroll through their history, see the familiar-looking address, copy it, and send funds to the attacker instead. By the time the mistake is discovered the transaction is irreversible.

Security firm Cyvers estimates over one million preparatory poisoning operations occur daily on Ethereum alone. Trust Wallet estimates approximately 34,000 attacks execute across the ecosystem every hour. These are not rare edge cases. They are industrial-scale operations running continuously against active wallets.

What the New Feature Does

Trust Wallet’s Address Poisoning Protection launches with automatic real-time scanning across 32 EVM-compatible chains on mobile. The feature activates the moment a user copies or enters a recipient address, comparing it against aggregated security intelligence from HashDit, a Web3 security firm, and Binance Security’s database of known malicious addresses.

When a match with known scam patterns is detected, the app generates a side-by-side visual comparison showing exactly where the spoofed address differs from the intended one. Highlighting the specific characters that differ addresses the core vulnerability directly: most users copy addresses without reading every character. Forcing a visual comparison of the divergent characters gives users the information they need to catch the substitution before confirming.

The feature is automatic. No setting to enable, no manual verification step required. It runs on every transaction by default.

Why This Category of Attack Has Grown

Address poisoning scaled as crypto transaction volumes grew. The attack requires minimal capital, generates no on-chain footprint that implicates the attacker, and exploits a behavioral habit, copying from history rather than re-entering addresses manually, that is nearly universal among active crypto users. A single successful poisoning attack against a whale wallet can return thousands of times the cost of the preparatory transaction.

The 34,000 hourly attack figure reflects an ecosystem where the expected value of running poisoning operations at scale remains positive. Success rates do not need to be high when the cost per attempt is near zero and the potential payout from a single successful hit can reach hundreds of thousands of dollars.

Expanding coverage beyond the initial 32 EVM chains is planned, which matters because address poisoning is not exclusive to Ethereum-compatible networks. Solana, Tron, and other high-volume chains face similar attack patterns with their own address format conventions.

The protection is available now on Trust Wallet mobile. Desktop expansion timeline has not been specified.

The post Trust Wallet Launched a New Security Feature That Could Save Users From a Silent Attack appeared first on ETHNews.