Trust Wallet has introduced a new address-poisoning protection feature that prevents crypto users from falling for address-poisoning attacks.

 

According to the company, this new feature automatically checks the destination address against a database of known scam and lookalike addresses to prevent malicious transactions. Because the feature runs automatically, users will receive real-time warnings if a risk is detected.

 

For now, the feature will be supported on 32 Ethereum Virtual Machine (EVM) chains, including Ethereum, BNB Smart Chain, Polygon, Optimism, Arbitrum, Avalanche, and Base.

 

The Menace of Address Poisoning

Address poisoning is a phishing-style attack in which scammers trick users into sending cryptocurrency to the wrong wallet address, usually one that closely resembles a legitimate address. 

 

Here’s how address poisoning works:

• A scammer generates a look-alike wallet address, typically one that shares the same first and last characters as a legitimate address.
• The attacker then sends a tiny, or “dust,” amount of crypto to an unsuspecting user.
• The fake address subsequently appears in the victim’s transaction history.
• Because crypto transactions are irreversible, the user may mistakenly send funds to the poisoned address, losing them permanently.

 

While address poisoning may not look as sophisticated or complex as other forms of crypto attacks, it has had a long history of success for scammers. 

 

In May 2024, a user accidentally sent 1,155 Wrapped Bitcoin (WBTC) worth approximately $68 million to a fake address. The attacker created a fake address that looked like the legitimate address, and due to lack of proper scrutiny, the user fell for it.

 

While in May 2025, a trader lost $2.6 million after falling for two address poisoning scams, and later that year, another trader lost $50 million in USDT after sending them to a poisoned wallet address.

 

 

Address Poisoning is Just a Numbers Game

Knowing that most crypto users rarely fall for address poisoning scams (roughly 1 success per 10,000 attempts), attackers often rely on scale to succeed. 

 

Between July 2022 and June 2024, over 270 million address poisoning attempts were recorded across the Ethereum and BNB Chain, with 6,633 of these attempts successful, leading to a loss of over $83 million. 

 

In another address poisoning campaign, scammers used 82,031 fake addresses on 2,774 victims. The result? Over $69 million was lost. 

 

And just last year, there were about 32,290 recorded address poisoning attacks in September, which affected over 6,000 victims.

 

 

An X user with the username "Sillytuna" has reportedly lost $24 million in Aave Ethereum USDC (aEthUSDC) in an attack that involved a combination of violence, sexual assault, weapons, and threats to life.

 

 

"Bruised, held off while I could, but can't do that much with axes over your hands and feet," Sillytuna wrote. The user further stated that he was, at this point, done with crypto. In his words, "And now... definitely out of crypto ****ers."

 

While the matter has already been reported to law enforcement, no official statement has been issued by the authorities. However, the X user has announced a 10% bounty for whoever helps recover the stolen funds.

 

 

 

How the Crypto Community Reacted

Shortly after the news went viral, the crypto community reacted with mixed feelings, with many commiserating with the user over their loss. Some also raised awareness about the deplorable state of security in the United Kingdom. Apparently, the victim is a UK resident.

 

 

Amid the sympathy from the global crypto community, some, however, doubted the authenticity of the victim's story.

 

According to YokaiCapital, an X user, the victim had not posted anything about crypto before. He also alleges that the victim's account appears to have been bought recently.

 

"He will probably shill the coin at some point or say that he will take donations from the coin," YokaiCapital went on to write. 

 

However, the victim has denied allegations that he intentionally wanted to trend and claims the stolen funds were long-term holdings.

 

 

How the Attackers Moved the Stolen Funds

Tracking the stolen funds, blockchain analytics firm Arkham Intelligence said that the attackers moved the funds across Layer 2 networks, Bitcoin, and Monero, obviously to evade trail.

 

 

 

Roughly $20 million of the stolen funds were stored in two Ethereum addresses as DAI, a stablecoin on the Ethereum network, while $2.48 million was bridged to USDC on Arbitrum.

 

Arkham reported that the attackers sent $2.47 million to Hyperliquid through 19 separate Wagyu accounts, which were used to convert the funds to Monero (XMR).

 

The attackers also bridged $1.1 million to the Bitcoin blockchain using LiFi, noting that 0.5 BTC was deposited into a mixing service, Arkham added.

 

 

 

U.S. law enforcement is quietly trying to sort through a messy and uncomfortable situation involving seized cryptocurrency, a government contractor, and allegations that tens of millions of dollars were improperly siphoned from wallets controlled by federal authorities.

 

At the center of the case is a claim that more than $40 million in seized crypto was moved out of government-linked wallets without authorization. The U.S. Marshals Service has confirmed it is reviewing the allegations, though no charges have been announced and the investigation remains in its early stages.

 

The claims surfaced publicly after blockchain investigators began flagging unusual on-chain movements tied to wallets believed to be associated with assets seized by the U.S. government in prior criminal cases.

 

Blockchain Trails and a Familiar Name

Much of the attention comes from independent blockchain investigators who traced large transfers from wallets associated with seized funds to addresses allegedly controlled by a single individual. According to multiple blockchain intelligence reports, the individual at the center of this incident is identified as John Daghita, known in crypto circles by the alias “Lick”. Analysts such as ZachXBT, an independent blockchain investigator, publicly tied on-chain movements from government-controlled cryptocurrency addresses to wallets controlled by Daghita.

 

ZachXBT’s investigation reportedly traced back transactions involving tens of millions of dollars to wallet addresses that received $24.9 million from a U.S. government account in March 2024. This particular government account is linked to assets seized after the 2016 Bitfinex hack, one of the largest cryptocurrency thefts in history, where authorities later seized funds connected to that case.

 

“Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025”, ZachXBT wrote on X.

 

According to on-chain analysis shared publicly, one wallet received roughly $25 million from a government-controlled address in March 2024. Investigators say the source wallet appears to be tied to cryptocurrency seized in connection with the 2016 Bitfinex hack, a case that has continued to ripple through the crypto industry nearly a decade later.

 

The situation escalated after a dispute in a Telegram group, where the individual allegedly disclosed wallet details that appeared to confirm control over large balances of ether and other digital assets. Once those wallet addresses were public, blockchain analysts quickly began connecting dots.

 

While blockchain data can show where funds move, it cannot on its own establish intent or legality. That distinction has become especially important as the story gains traction.

 

The Contractor Connection

What has made the case particularly sensitive is a reported family link to a government contractor.

 

John Daghita is said to be the son of Dean Daghita, president of Command Services and Support, a Virginia-based firm that holds a federal contract connected to the handling of seized cryptocurrency for the U.S. Marshals Service. The company was awarded that contract in late 2024, following a competitive procurement process that drew objections from rival bidders.

 

The contract reportedly covers the management and liquidation of certain seized digital assets, particularly smaller or less liquid tokens that are not typically handled by large exchanges.

 

There is no public evidence that the contractor itself is under investigation or that the alleged misconduct occurred as part of official company operations. Still, the overlap between government custody, private contractors, and family relationships has raised uncomfortable questions about access controls and oversight.

 

A Broader Problem for Seized Crypto

The allegations land at a time when the U.S. Marshals Service is already under scrutiny for how it manages digital assets. The agency plays a central role in handling property seized in criminal cases, including cryptocurrency tied to fraud, ransomware, darknet markets, and hacking incidents.

 

Over the years, the Marshals Service has accumulated billions of dollars worth of crypto, including large bitcoin holdings seized in high-profile cases. But audits and reporting have repeatedly shown that tracking, accounting, and securing these assets is far from simple.

 

Internal systems were not originally designed for blockchain-based assets, and oversight bodies have previously flagged weaknesses in inventory tracking and custody procedures. In some cases, the agency has struggled to provide a clear accounting of exactly how much crypto it holds at a given time.

 

Those challenges have become more visible as the value of seized crypto has soared and as debates continue in Washington over whether the government should hold, sell, or strategically manage these assets.

 

What Happens Next

For now, the U.S. Marshals Service is keeping its comments limited. Officials have acknowledged the allegations and confirmed that they are being reviewed, but they have not said whether criminal charges are expected or whether any funds have been recovered.

 

Key questions remain unanswered. Investigators will need to determine whether the alleged transfers involved unauthorized access, compromised credentials, or insider misuse of systems tied to crypto custody. Another open issue is whether the case points to individual misconduct or deeper structural weaknesses in how seized digital assets are handled.

 

Until law enforcement provides more clarity, much of the public narrative will continue to be shaped by blockchain analysts and online investigators. As with many crypto-related cases, the transparency of the blockchain offers clues, but not conclusions.

 

What is clear is that the case highlights the growing pains of government agencies adapting to digital assets. As crypto seizures become more common and more valuable, the systems designed to safeguard them are being tested in very real ways.

Trust Wallet Chrome Extension Hack Turns a Quiet Holiday Into a $7 Million Crypto Mess

Crypto has a way of ruining the calendar. Just when things slow down, markets calm, and people log off for the holidays, something breaks. This time it was Trust Wallet, and for some users, it broke badly.

More than $7 million in cryptocurrency was stolen after a compromised version of Trust Wallet’s Chrome browser extension made its way into circulation late last week. The losses came fast, right around December 24, when many users were updating software, traveling, or simply not paying close attention. By the time some noticed something was wrong, their wallets had already been drained.

The issue centered on a specific update to the Trust Wallet Chrome extension. On the surface, it looked like a normal release. No flashing red flags, no obvious warnings. Users installed it the same way they always do, clicking update and moving on. Somewhere along the line, though, malicious code ended up inside that release. Once active, it gave attackers a way to move funds out of users’ wallets quietly and efficiently.

What followed was a familiar pattern for anyone who has watched crypto hacks play out. Wallets that had been untouched for weeks suddenly sent out large transactions. Bitcoin, ether, BNB, and stablecoins flowed into unfamiliar addresses. Analysts tracking the blockchain could see the money moving, hopping between wallets, splitting up, recombining. It was all very visible and completely irreversible.

Trust Wallet confirmed that the breach was limited to one version of the Chrome extension. According to the company, mobile users were not affected, and neither were users who had not installed the compromised update. The company urged anyone using that version to disable it immediately and install the patched release from the official store.

That response helped contain the damage, but it did not undo what had already happened. In crypto, there is no undo button. Once assets leave your wallet, they are gone unless the attacker decides to give them back, which is not something people tend to count on.

Adding to the response, Changpeng Zhao, the Binance co-founder whose company owns Trust Wallet, said affected users would be reimbursed while an internal investigation continues. That promise brought some relief, especially for users who lost significant sums. Still, reimbursement does not erase the bigger concern. People want to know how a malicious update made it through in the first place.

Security researchers were already digging in by the time official statements came out. Some noticed odd wallet activity tied to recent extension updates. Others began pulling apart the extension code, looking for scripts that could leak private data or trigger unauthorized transactions. Warnings spread quickly across social platforms, security channels, and group chats. In crypto, news like this moves faster than press releases.

The episode once again highlighted a long standing weakness in crypto infrastructure. Browser wallet extensions are incredibly popular because they are easy. They connect seamlessly to decentralized exchanges, NFT platforms, and Web3 apps. For many users, they are the default way to interact with crypto on a daily basis. But that convenience comes with risk. Extensions live inside browsers that were never designed to protect private keys holding real money.

A single compromised update can affect thousands of users at once. Unlike phishing attacks that rely on tricking individuals one by one, an extension issue scales instantly. If the update is trusted, users trust it too.

This is why security experts keep repeating the same advice, even if it sounds boring. Large balances should not live in hot wallets. Browser wallets are tools for interaction, not vaults. Hardware wallets and cold storage are slower and less convenient, but they dramatically reduce the risk of exactly this kind of event.

In the aftermath, users have been urged to take several steps. Disable the affected extension. Review transaction histories carefully. Revoke token approvals that might still be active. In some cases, move remaining funds to an entirely new wallet with a fresh seed phrase that was never exposed to the compromised environment. None of this is fun, but waiting is usually worse.

There is also a broader reputational cost. Trust Wallet is one of the most widely used non-custodial wallets in the world. Incidents like this shake confidence, even if the company responds quickly and makes users whole. For newer users especially, it reinforces the idea that crypto is complicated, risky, and unforgiving.

The investigation into how the compromised extension was approved and distributed is still ongoing. Questions remain about whether this was a supply chain issue, a submission process failure, or something else entirely. Those answers will matter, not just for Trust Wallet, but for the wider ecosystem that relies heavily on browser extensions.

 

For now, the lesson is an old one, repeated yet again. In crypto, trust is fragile. Convenience is expensive. And even during the quietest week of the year, something can go wrong fast.

 

Stay Connected

You can stay up to date on all News, Events, and Marketing of Rare Network, including Rare Evo: America’s Premier Blockchain Conference, happening  July 28th-31st, 2026 at The ARIA Resort & Casino, by following our socials on X, LinkedIn, and YouTube. Tickets are available here.