Trust Wallet Adds Live Scam Address Checks for Crypto Users

Trust Wallet's new address poisoning protection is live, screening destination wallets in real time across 32 EVM chains — and the timing couldn't be more pointed given the industry's growing casualty list from this particular attack vector. The noncustodial wallet provider announced the feature on Tuesday, framing it as a direct response to what it calls one of crypto's fastest-spreading threats.

What Is Address Poisoning and Why Does It Keep Working?

How does address poisoning drain crypto wallets?

Address poisoning is a phishing technique where attackers send tiny transactions to a target's wallet from an address engineered to look nearly identical to one the victim already uses — same first and last characters, different middle digits. The hope is that a busy user copies and pastes from their transaction history without checking carefully. One slip and the funds go to the attacker. According to Trust Wallet, the platform's new screening layer automatically checks every outgoing destination against a live database of known scam and lookalike wallets, blocking the transaction before it can proceed.

The attack type has racked up a genuinely alarming body count. Trust Wallet put the tally at more than 225 million attacks and $500 million in confirmed losses — though that number is probably conservative since most victims never report. Two investors lost a combined $62 million recently. The more jarring of the two: a single trader who lost $50 million in USDT in December 2025, an incident that sparked industry-wide calls to fix wallet security at the infrastructure level.

All wallets should simply check if a receiving address is a poison address and block the user. This is a blockchain query.

Which Chains Does Trust Wallet's Protection Cover?

The rollout covers 32 EVM chains at launch — Ethereum, BNB Smart Chain, Polygon, Optimism, Arbitrum, Avalanche, and Base among them. That's a broad initial sweep, targeting the networks where most retail volume lives and where address poisoning has historically caused the most damage.

Security firm Hacken's Extractor team has separately advised users to stop relying on transaction history as a copy-paste source for wallet addresses altogether — a habit that this entire attack class depends on. Beyond Trust Wallet, a handful of other wallets including Rabby, Zengo, and Phantom already offer some form of preemptive transaction filtering against malicious destinations.

Is Trust Wallet's Security Record Under Scrutiny?

The launch is timely — but Trust Wallet's own recent history gives it extra urgency. The wallet's Chrome browser extension was compromised on December 24, 2025, draining roughly $7 million from users before the malicious code was identified and removed. The company released a patched version quickly and committed to covering user losses.

Context matters here. The address poisoning threat isn't hypothetical anymore — it cost a Phantom wallet user $264,000 in a case that put all wallet providers under renewed pressure. Trust Wallet screening addresses across 32 chains is the right move. Whether users trust that screening is a different question entirely.