A TON whale accidentally lost 126,000 TON (around $165,000) after sending the funds to a fraudulent wallet address in an address poisoning scam on The Open Network (TON), the blockchain closely linked to Telegram’s crypto ecosystem. The victim mistakenly copied a lookalike address from transaction history and transferred the funds to the scammer. However, in a rare twist, the attacker later returned 116,000 TON (about $153,000) to the victim and kept 10,000 TON (approximately $13,000), apparently as a “reward” or compensation.
How the Scam Happened
The incident followed a common tactic known as address poisoning, a scam that has been increasingly reported across multiple blockchain networks.
In this case, the attacker created a wallet address that closely resembled the victim’s frequently used address. The first and last characters of the address were intentionally made similar so that it would appear almost identical at a quick glance.
The scammer then sent a small “dust transaction” of about 0.0001 TON to the victim. This transaction caused the fake wallet address to appear in the victim’s wallet transaction history.
When the victim later attempted to send funds, they copied the address from their transaction history. Since many wallet applications display only the first and last characters of wallet addresses, the difference went unnoticed. As a result, the victim mistakenly transferred 126,000 TON directly to the scammer’s wallet.
Transaction Details
Screenshots related to the incident show the following transaction details.
Initial mistaken transfer:
The victim transferred 126,000 TON to the scammer’s poisoned wallet address.
-
From: UQDMP-buv4bHG-…npsRor4a
-
To: UQBYS77mDcjdl6e3R…lklxB8X
-
Amount: 126,000 TON
-
Transaction Date: March 4, 2026
Return transaction from the scammer:
Later, the attacker returned 116,000 TON to the victim’s wallet and included a message in the memo.
-
From: UQBYS77mDcjdl6e3R…lklxB8X
-
To: UQDMP-buv4bHG-…npsRor4a
-
Amount: 116,000 TON
-
Transaction Date: March 4, 2026
The memo attached to the return transaction read:
“I’m sorry, but this is far too much. Please take it back — I know it’s a serious amount of money. Peace.”
Why Address Poisoning Scams Are Increasing
Address poisoning attacks have become more common across several blockchain networks including TON, Ethereum, and TRON.
In these scams, attackers typically:
-
Generate similar-looking wallet addresses
-
Send dust transactions to insert fake addresses into a victim’s transaction history
-
Exploit users who copy wallet addresses directly from previous transactions
A similar incident recently occurred on the Ethereum network, where a user reportedly lost $599K(USDT) in an address poisoning attack.
Security Advice for Crypto Users
Security experts recommend several precautions to avoid falling victim to such scams:
-
Always verify the entire wallet address before sending funds
-
Use saved address books or whitelists for frequent transfers
-
Send a small test transaction before transferring large amounts
Although the scammer’s decision to return most of the funds is rare, the incident highlights the growing risks of address poisoning attacks in the cryptocurrency ecosystem
For a broader view of recent security incidents in the crypto industry, readers can also explore our February 2026 Crypto Security Report, which details several hacking and exploit cases reported during the month. The report highlights how multiple incidents across the ecosystem led to significant crypto losses and reflects the growing security challenges facing blockchain platforms.
