What is address poisoning and how do I avoid it?

Address poisoning works by sending tiny dust transactions from a wallet whose address matches the first and last 4-6 characters of an address you already interact with. The attacker's address appears in your transaction history. Next time you copy 'the last address you sent to' from history, you accidentally copy theirs.

Defenses:

• Always verify the full address, not just the first/last characters.
• Save important counterparties to an address book.
• For meaningful sums, send a small test transaction first.
• Use wallets that flag dust-from-similar-address as a warning (Rabby does this well).

TRC-20 USDT is the most affected ecosystem because gas is so cheap that poisoning every wallet on the network is economically viable for attackers.