What is address poisoning and how do I avoid it?

What address poisoning is

Address-poisoning attacks swap a legitimate crypto address (yours or your destination's) with an attacker-controlled lookalike, hoping you won't notice when you copy-paste.

Two main flavors:

1. Clipboard malware

A piece of malware on your computer monitors your clipboard. The moment it sees something that looks like a crypto address, it silently replaces it with the attacker's address. You paste, send, and the funds go to the attacker.

2. "Dust + lookalike" on-chain attack

Attacker sends you a tiny dust transaction (e.g. 0.0001 BTC) from an address that starts and ends with the same characters as your usual deposit address. Then you copy-paste that "looks familiar" address from your wallet history without checking the middle.

How to defend

Always verify first 4 + last 4 characters

Before clicking Send, look at the destination:

• First 4 characters of what you intended
• Last 4 characters of what you intended
• Then look at what's actually in the destination field

If both match, you're safe (the address space is large enough that an attacker can't reasonably brute-force a fake address that matches both ends — they can match one or the other, not both).

Use QR codes instead of typing/pasting

QR codes encode the entire address; you can't typo them. Most modern wallets (Trust, Exodus, Zengo, Ledger Live) have a built-in scanner.

Use a hardware wallet for large transactions

Hardware wallets (Ledger, Trezor) display the destination address on the device's own screen before signing. Even if your computer is fully compromised, you'll see the attacker's address on the hardware screen and can refuse.

Maintain an "address book" with labels in your wallet

Saving addresses with labels in your wallet's address book means you don't copy-paste from the chain history each time. Both Ledger Live and Trust Wallet support this.

Anti-virus + ad-blocker

Browser-based clipboard hijackers often arrive via malicious ads. uBlock Origin + a reputable AV catches most.

What to do if you've been hit

Once a transaction confirms, it cannot be reversed. Your only recourse:

1. Move all remaining crypto out of any potentially-infected wallet to a fresh address.
2. Run a full anti-malware scan (Malwarebytes, ESET).
3. If hardware wallet: factory-reset and re-initialize from your seed phrase on a clean device.
4. Report the attacker's address to chain-analysis services (Chainalysis, TRM Labs) — they may be able to flag it for exchanges. Our security team can help: email [email protected].

There's no "Cinoslots refund" for address-poisoning — once the funds left our hot wallet to an attacker's address, they're gone. This is true at every casino, exchange and platform on-chain.