Pasting the wrong address costs an investor $12.4 million in Ethereum

MetaNomad · 2026-02-08T21:21:00+00:00

Investors in cryptocurrency often copy wallet addresses without realizing the risks. A recent incident where 4,556 ETH worth $12.4 million was sent to a hacker due to a mistaken address highlights the importance of careful address verification and the dangers of social engineering in the crypto space.

MetaNomad

2026-02-08 21:21:00

Abstract generation in progress

Many cryptocurrency investors rely on copying and pasting wallet addresses from their previous transaction history without realizing the real danger behind this practice. A recent incident proved that a single mistake in pasting an incorrect address can lead to the permanent loss of millions of dollars that cannot be recovered.

Address Pasting Incident: How 4,556 ETH Were Accidentally Transferred

Investor (0xd674) was trying to send funds to Galaxy Digital’s wallet, which usually receives transfers at the address 0x6D90CC…dD2E48. But what happened was that when attempting to copy and paste the address from his transaction history, he ended up copying a completely different address — one that had been spoofed by an attacker.

At that moment, 4,556 units of Ethereum (ETH) — worth $12.4 million at the time — were transferred directly from the investor’s wallet to the attacker’s wallet. The process took only seconds, and the funds became unrecoverable because blockchain transactions cannot be reversed or canceled.

Hacker Technique in Creating Fake Addresses

The attacker did not rely on complex technical genius but on a deep understanding of investor behavior. He used a technique known as “Social Engineering,” creating a fake address that closely resembled the original Galaxy Digital address, almost identical. The key is that blockchain addresses are very long, so people often only pay attention to the first and last characters.

The hacker ensured that the first four and last four characters matched the real address. Then he sent small test transactions from this fake address to make it appear legitimate and to show up in the victim’s transaction record. When the investor copied and pasted from his record, he unintentionally selected the fake address.

Key Lessons to Avoid Costly Pasting Errors

Experience and skill in the cryptocurrency field do not protect against this type of mistake. Even professional traders and seasoned experts fall victim to these tricks.

Before sending any amount of cryptocurrency:

Check every character of the address — do not rely solely on the overall appearance
Do not trust the old record alone — fake addresses may already exist in your history
Always take your time — rushing increases the likelihood of errors
Use double verification — verify the address at least twice before confirming the transaction

Cryptocurrency transactions are irreversible, and once funds are sent, there is no “undo button” to recover them. The more cautious we are about pasting and verifying addresses, the less likely we are to become the next victims of these carefully planned attacks.

#ETH

ETH-5.28%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.