You open your wallet and find a random 0 USDT, or a token you've never seen. Your first reaction is usually: "Did I get hacked?" Don't panic. That thing can't take a cent from you on its own — it was sent to you deliberately, and its target isn't now, it's your next transfer. This is address poisoning (also called the look-alike address scam). This piece explains it in plain terms: what it's actually doing, why it's so sneaky, what to do when you see it, and whether there's any hope if you've already sent to the wrong one.
- The 0 USDT or unknown token that appeared out of nowhere won't reduce your funds — it's there to "plant a mine," not to steal.
- The scammer is betting that on your next transfer you'll copy an address from your history to save effort, and the planted address has nearly the same first and last characters as one you regularly use.
- The only reliable defense: always verify the full address, never just the first and last few characters, and never copy an address from your transfer history.
First, what address poisoning actually is
Start with one premise: on-chain, anyone can send a transfer to your address without your permission. Just like anyone can stuff a flyer into your mailbox — you can't stop it, and you don't need to consent. Address poisoning exploits exactly this.
The scammer watches your transfer records to see which address you regularly send to. Then they generate a wallet address whose first and last characters are nearly identical to that one — say, both starting with 0x7a3f and ending with 9c2e, differing only in the long string in the middle. Then they send a transfer of 0 USDT, or a "token" you've never seen, to your wallet. That transfer dutifully shows up in your transaction history, nestled in among your real records.
Not a cent is gone, and the token is fake and worthless — on the surface, all quiet. But the scammer has succeeded in slipping a "very familiar-looking" address into the history you check every day. That's where "poisoning" comes from: they've dropped a bit of poison into your records, waiting for the day you swallow it by mistake.
Why it's so sneaky
What makes this scam insidious is that it doesn't attack your wallet — it attacks your eyes and your habits.
Think about how you usually transfer. An address is a long, unreadable string of letters and numbers; nobody memorizes it digit by digit. The vast majority of people verify an address by checking only the first few and last few characters — "yep, starts with 0x7a3f, ends with 9c2e, that's it." The lazier ones just tap a record in their transfer history and copy the address straight out, figuring "it worked last time, so reusing it has to be fine."
That's exactly where it goes wrong. The look-alike address the scammer planted has the same first and last characters as the one you use. You glance at it, the ends match, you confidently paste and confirm the transfer — and the money goes straight into the scammer's pocket. By the time you come to your senses, the on-chain transfer is already irreversible, and it's gone.
The scammer is betting on that one careless moment
Address poisoning costs next to nothing: they don't need to hack your wallet, they don't need you to sign anything — they just wait for one of your "save-effort" moments. If one in ten thousand times you copy the wrong address from history, they've won. It's a lie-in-wait scam — high-volume, cheap, and patient for the second you let your guard down.
What that 0 USDT in your wallet means
So when you see something appear in your wallet out of nowhere, first sort out which kind it is:
| What you see | What it actually is | How to handle it |
|---|---|---|
| An incoming 0 USDT transfer | Address poisoning — a look-alike address planted in your history | Don't tap it, don't manage it, treat it as nonexistent; as long as you don't copy from history, you're fine |
| A tiny amount (a few cents) incoming | Also poisoning — on some chains a 0-value transfer isn't possible, so they send a sliver | Same as above, just ignore it |
| An unknown "token" appearing out of nowhere | Most likely a junk airdrop; some lure you to a site to "claim / redeem" | Don't tap, don't visit any linked site, don't approve — see the next section |
Note: the above categorizes the common cases; exact behavior varies by wallet and chain. The core judgment is simple — these things won't reduce your assets on their own; the real risk is the next action they lead you into (copying the address, clicking a link, signing an approval).
Key: when you see it, do nothing
A lot of people get nervous and want to "deal with this dirty thing" — tap it, visit the token's page, even follow a prompt to "claim" or "redeem" it. Do not. Unknown tokens often carry a fake-airdrop hook; the moment you interact or sign an approval, you go from "poisoned" to "drained." The right move is: see it, then do nothing.
The forms poisoning takes
Address poisoning doesn't have just one look. The common types are below, and at heart they all do the same thing — make a stranger's address look familiar:
Zero / tiny-value transfers
The most common. They send 0 USDT or a few cents to your wallet purely to leave a record of a look-alike address in your history. It costs the scammer almost nothing.
Fake tokens / junk airdrops
They drop a scary-named "token" into your wallet out of nowhere, sometimes deliberately showing a high fake value, to lure you to some site to "redeem and cash out" — and that site is usually a phishing page that wants you to sign an approval.
An "echo" mimicking a real transaction
A more advanced play: right after you send a real transfer to some address, the scammer immediately uses a look-alike address to send a small amount or 0 back to you, so the fake address appears right next to your real transaction and looks like "the recipient's receipt" — much more convincing.
Whichever form it takes, your response is the same: don't interact, don't copy, and only ever transfer to a full address you've verified. Remember that one rule and no variant can touch you.
How to prevent it: four habits are enough
Address poisoning sounds scary, but it's especially simple to prevent, because it relies entirely on you "slipping." Build the four habits below and it fails completely:
- Whitelist your regular addresses / save them to an address book. Most wallets and exchanges can save frequent recipient addresses. Save it once, then pick from the whitelist on future transfers instead of hunting for the address each time — that cuts off the "copy from history" path at the root.
- Verify the full address, not just the ends. If you really must check manually, compare the address from start to finish, especially the middle section — the scammer can fake the ends, not the whole address. Find it too long? All the more reason to use a whitelist.
- Never copy an address from your transfer history. This is the one and only doorway through which poisoning gets you. Either pick the address from a whitelist or get it fresh and complete from the other party (sent by them directly, or copied from an official page) — don't take the lazy route through history.
- Before a large transfer, send a small test first. When you're about to send a big amount, send a tiny amount first, wait for the other party to confirm receipt and that the address is correct, then send the bulk. A few extra minutes buys peace of mind.
The one-line rule
Address poisoning preys on "saving effort." As long as you always pick the address from a whitelist or verify the full address on transfers — rather than copying the ends from history — this scam is completely useless against you.
Already sent to the wrong one — what now
If you've already sent coins to that poisoned look-alike address, brace yourself first: once an on-chain transfer is confirmed, it's irreversible. No support agent can reverse it, and no one can freeze the other party's wallet — that's the base rule of the blockchain, not some platform refusing to help. Accepting this actually keeps you from getting harvested a second time by the "recovery scam" that follows. Then do what you can, in order:
Stop right away, don't send a second one
Once you've confirmed you sent to the wrong address, take a breath and don't, in your panic, make another mistake. This one can't be recovered, but don't let the loss grow.
Preserve evidence
Screenshot the transaction record, the recipient address, the amount, and the time, plus what the poisoning record looks like. These are your materials for any later report and for explaining what happened.
Beware anyone offering to "recover it for you"
Someone will soon pop up claiming they can recover your coins, unfreeze, or reverse it, usually asking for a "fee" or "deposit" first. This is almost always a second-wave scam. See USDT recovery / unfreeze scams.
Report it if warranted
For a sizable amount, take your evidence to law enforcement. In the US, file with the FBI's IC3 (ic3.gov) and the FTC (reportfraud.ftc.gov); in the UK, with Action Fraud. For the full evidence and reporting process, see our what to do after you've been scammed.
Honestly: about eighty percent of the time, address-poisoning losses aren't a tech problem — they're a habit problem. The best use of this lesson is to route every transfer through a whitelist and verify the full address from now on. That's more dependable than any "recovery."
FAQ
A 0 USDT transfer just appeared in my wallet — was I hacked?
Usually not. Anyone can send a transfer to your address, and this 0 USDT or unknown token was sent on purpose; it doesn't reduce your funds. The real danger is that it slipped a stranger's address into your history, so if next time you copy an address from history to save effort, you might copy this carefully disguised look-alike. Don't panic, don't tap it, and don't approve anything — just remember not to copy addresses from your history.
Can address poisoning steal the coins in my wallet directly?
No. By itself it just plants a look-alike address in your history; it can't take your coins, and it doesn't need you to sign or approve anything. What it wants is for you to slip and send the money there yourself. So the key to stopping it isn't deleting the record — it's breaking the habit of copying addresses from your history, and switching to verifying the full address or using a whitelist.
I already sent coins to a poisoned look-alike address — can I get them back?
Once an on-chain transfer is confirmed it's irreversible — no one can reverse or freeze it; that's the base rule of the blockchain. If someone reaches out claiming they can recover it, it's almost always a second-wave scam. What you can do is immediately preserve evidence: screenshot the transaction record, note the recipient address and amount, and report it if needed. Turning this into a habit of verifying the full address on every transfer is more realistic than chasing a recovery.
Can I delete that 0 USDT or fake token?
Most wallets can't truly "delete" an on-chain record, but many let you "hide" this kind of junk token so it's out of sight. Hide it or not, that's not the point — what matters is that you never copy an address from your history on a transfer. Sitting there untouched, it can't hurt you.
Address poisoning preys on "saving effort" — a major exchange through the official route saves you a chunk of trouble
A lot of wrong-address slips trace back to transferring carelessly on shady platforms or unfamiliar apps. If you're planning to start trading, the suggestion is to use a major, regulated exchange through its official sign-up route — features like a withdrawal whitelist on a real platform exist precisely to reduce "copied the wrong address" mistakes. OKX is one mainstream exchange; you can reach it through the official sign-up link below, and its official domain is okx.com.
Read next
- Fake airdrops & wallet-approval theft — when that out-of-nowhere "token" tries to get you to click a link and sign an approval, read this.
- Cloned phishing sites & fake exchanges — poisoning often pairs with phishing sites to lure you into acting on a fake page.
- What to do after you've been scammed — evidence, loss-stopping, and reporting after a wrong transfer, covered in full.