This paper systematically investigates blockchain address poisoning attacks—where adversaries generate decoy addresses highly similar to users’ historical interaction addresses to induce erroneous fund transfers. Through large-scale on-chain measurement (covering 270 million attack attempts), multi-dimensional behavioral analysis, and cross-chain tracing, the study quantifies this threat for the first time: confirming 6,633 distinct attacks affecting 17 million victims and causing over $83.8 million in losses. Methodologically, it introduces a novel GPU-computational-capacity inference model and an enhanced address clustering technique to uncover large-scale, GPU-accelerated, organized address generation. It further identifies coordinated cross-chain attack patterns. Based on empirical findings, the work proposes a deployable frontend address verification protocol and wallet UI defense mechanisms. Collectively, this constitutes the first end-to-end analytical framework for address poisoning attacks and defenses, bridging measurement, root-cause analysis, and practical mitigation in blockchain security.

In many blockchains, e.g., Ethereum, Binance Smart Chain (BSC), the primary representation used for wallet addresses is a hardly memorable 40-digit hexadecimal string. As a result, users often select addresses from their recent transaction history, which enables blockchain address poisoning. The adversary first generates lookalike addresses similar to one with which the victim has previously interacted, and then engages with the victim to ``poison'' their transaction history. The goal is to have the victim mistakenly send tokens to the lookalike address, as opposed to the intended recipient. Compared to contemporary studies, this paper provides four notable contributions. First, we develop a detection system and perform measurements over two years on Ethereum and BSC. We identify 13 times the number of attack attempts reported previously -- totaling 270M on-chain attacks targeting 17M victims. 6,633 incidents have caused at least 83.8M USD in losses, which makes blockchain address poisoning one of the largest cryptocurrency phishing schemes observed in the wild. Second, we analyze a few large attack entities using improved clustering techniques, and model attacker profitability and competition. Third, we reveal attack strategies -- targeted populations, success conditions (address similarity, timing), and cross-chain attacks. Fourth, we mathematically define and simulate the lookalike address-generation process across various software- and hardware-based implementations, and identify a large-scale attacker group that appears to use GPUs. We also discuss defensive countermeasures.