Address poisoning attack happened on ton Blockchain

AWmQ...qwrL

5 Mar 2026

Address poisoning attack happened on ton Blockchain

A major incident recently occurred in the crypto space involving Toncoin (TON), where a whale mistakenly sent a huge amount of funds to a scammer due to a simple but costly mistake.

The whale intended to send 126,000 TON, worth roughly $220,000, to a specific wallet address. However, instead of copying the correct address, they accidentally copied a look-alike address from their transaction history.

This happened because a scammer had previously sent a small amount of TON to the whale’s wallet using an address designed to look very similar to the legitimate one. This tactic is sometimes used by scammers to trick users who quickly copy addresses from their recent transactions without carefully checking them.

When the whale prepared to send the large transaction, they only glanced at the first and last characters of the wallet address, assuming it was the correct one. Without double-checking the full address, they proceeded to send 126,000 TON directly to the scammer’s wallet. In blockchain transactions, once funds are sent, they cannot be reversed, making such mistakes extremely dangerous.

Unexpectedly, the scammer reacted in a surprising way. After receiving the funds, the individual returned 116,000 TON, which is worth about $203,000, back to the whale. Along with the transaction, the scammer included a message saying:
“Sorry, the money is too much. I know it’s your hard-earned funds.”

However, the scammer kept 10,000 TON, approximately $17,000, describing it as a form of compensation or reward for returning the majority of the funds.

This unusual event has sparked a lot of discussion in the crypto community. Some people believe the scammer showed a level of honesty by returning most of the funds, while others argue that keeping 10,000 TON still counts as taking advantage of someone’s mistake.

The incident also highlights an important security lesson for crypto users. Scammers often create look-alike wallet addresses and send small transactions to victims so their address appears in the transaction history. When users later copy an address from that history without verifying it fully, they can accidentally send funds to the wrong wallet.

To avoid this kind of mistake, crypto users are strongly advised to carefully verify the entire wallet address, avoid copying addresses from transaction history, and always send a small test transaction first before transferring large amounts of cryptocurrency.

The situation also raises an ethical question for the community:
If someone accidentally sent you 120,000 TON (around $220,000), would you return all of it, keep a portion as a reward, or keep everything?