MetaMask now protects you from one of crypto’s sneakiest scams

You copy an address. You paste it. You send money. It's a routine you've probably done hundreds or thousands of times, and that routine is exactly what address poisoning attacks are built to exploit.

It's one of the simplest scams in crypto, and one of the most costly. Between January 2025 and February 2026, Blockaid flagged 65.4 million address poisoning transactions and the tactic is gaining traction. Today we're rolling out new protection in the MetaMask send flow designed to stop it before your funds ever leave your wallet.

What is address poisoning?

Address poisoning preys on a common habit: most of us don't read every character of a wallet address. We check the first few, check the last few, and trust that the middle is fine. Scammers know this.

A scammer watches your public transaction history and creates a "vanity" address that looks almost identical to one you've sent to before, matching the first four and last four characters. They send you a tiny "dust" transaction from that lookalike address, planting it in your activity history—a tactic we flagged as a growing risk across the ecosystem in our February 2026 Crypto Security Report .

Later, when you go to send funds, you copy what looks like a familiar address from your history. Same beginning, same end, different middle. The funds go to the scammer, and on the blockchain there's no way to reverse it.

Real:  0xEdf89FdA047F28…C6341a8ff7ED

Poison: 0xEdf89Ac910Bb52…99x2b8ff7ED

At a glance, virtually no one catches the difference.

How MetaMask Address Poisoning Detection works

Most security tools rely on you to be vigilant and catch the scam yourself. We think the wallet should preemptively flag risks before you encounter them. MetaMask Address Poisoning Detection compares each address you paste against addresses you've interacted with before. If it spots a lookalike, matching the first and last characters but differing in the middle, it stops you with a blocking warning before the transaction goes through.

It's a clear and visible alert at the moment it matters most, just before you send. If you're sending to an address you've never interacted with at all, you'll also see a first-time send warning, giving you a moment to double-check before committing. We built this detection in-house comparing each send against addresses you’ve interacted with before across all EVM networks. (Additional network support coming soon.) 

Showing you more of the address

Detection is essential. So is clarity. For years, wallets commonly truncated addresses down to a handful of characters to save space. But truncation is the exact blind spot scammers exploit. So, we're showing you more:

Before: 0xEdf89…ff7ED

Now: 0xEdf89FdA047F28…C6341a8ff7ED

More visible characters means fewer places for a lookalike address to hide.

Security that keeps you in control

We built Address Poisoning Detection with a simple principle: protect users without taking away self-custody or full control. Some wallets respond to risk by blocking transactions outright. We'd rather give you a meaningful speed bump that surfaces the danger clearly, then lets you decide for yourself. You keep control how to manage your funds and wallet. We make sure you can see what's really happening.

Address Poisoning Detection is now live on MetaMask Mobile and Extension across all EVM networks.