TLDR;
- Trugard and Webacy launched an AI tool to detect crypto address poisoning scams.
- The tool analyzes transaction patterns and behavior to flag spoofed wallet addresses in real time.
- Over $1.2 million was lost to address poisoning attacks in March 2025 alone.
- It achieved 97% accuracy and adapts to new scam tactics using synthetic training data.
In a major stride toward enhancing the security of crypto transactions, cybersecurity innovators Trugard and Webacy have unveiled a pioneering artificial intelligence system designed to identify and prevent the increasingly prevalent scam known as crypto address poisoning.
This development comes at a crucial time when crypto theft via sophisticated social engineering techniques continues to surge, inflicting millions of dollars in losses on unsuspecting users.
Crypto address poisoning exploits the very foundation of trust in blockchain transactions, wallet addresses. The scam hinges on trickery involving the subtle manipulation of transaction histories. Attackers carefully craft wallet addresses that closely resemble legitimate ones, often matching key characters at the beginning or end, exploiting how users typically verify addresses.
By sending tiny, seemingly insignificant transactions from these counterfeit addresses to genuine wallets, scammers “pollute” the victim’s transaction history. Later, when the victim attempts to copy an address for a legitimate transfer, they may unwittingly select the poisoned, fraudulent address. The outcome is devastating with funds being sent irretrievably to attackers.
Trugard, Webacy Launch AI Defense
As per a Thursday announcement, Trugard and Webacy have collaborated to deliver an AI-powered defense mechanism embedded in an upgraded API now accessible to developers and end-users alike. This tool leverages advanced machine learning techniques, including a model built with XGBoost, enriched by behavioral analytics, graph theory, and temporal anomaly detection to accurately flag suspicious addresses and transactions in real time.
Unlike traditional security solutions that rely heavily on static blocklists or manual reviews, this AI-driven system boasts a dynamic, continuously learning architecture. It adapts to evolving scam tactics by analyzing patterns in transaction behavior, identifying near-zero value token transfers and scrutinizing the timing of suspicious activity. The system’s ability to map networks of interconnected addresses further reveals coordinated attack campaigns, enabling proactive threat detection before users suffer financial damage.
Webacy’s co-founder, Maika Isogawa, highlighted the underestimated nature of address poisoning as a risk vector.
“It exploits a simple assumption: what you see is what you get,” she explained.
97% Accuracy Detection
Notably, the AI’s efficacy is reflected in rigorous testing, where it achieved 97% accuracy in detecting known poisoning cases. Given the staggering numbers, with over 270 million poisoning attempts between mid-2022 and mid-2024 on major networks like Ethereum and BNB Chain, resulting in $83 million in stolen funds, the need for such intelligent safeguards is undeniable.
A stark reminder of the urgent threat posed by this scam came earlier this year. In March alone, attackers using address poisoning techniques netted $1.2 million in just three weeks, with one victim losing more than $760,000 in a single incident. Such high-profile losses underscore how devastating these scams can be for individuals and institutions alike.
Jeremiah O’Connor, CTO of Trugard, noted how expertise from traditional cybersecurity realms has been successfully adapted to tackle threats unique to Web3.
“Most existing systems are reactive and rule-based, unable to keep pace with the sophisticated and fast-evolving tactics used by attackers,” he said.
In contrast, their AI model thrives on supervised learning, trained on both real and synthetically generated data that simulates a variety of attack scenarios. This approach ensures the system remains robust against new and emerging poisoning techniques.
Looking Forward
The timing of the release is particularly pertinent as incidents of address poisoning and related scams have recently spiked, fueled by factors such as truncated address displays in wallets and near-zero gas fees on Layer 2 blockchains, which make spam-scale attacks economically feasible.
Additionally, advances in AI have unfortunately empowered scammers to generate increasingly convincing fake addresses, making manual vigilance insufficient as a sole defense.
That said, Trugard and Webacy’s AI tool integrates smoothly with existing platforms through plug-and-play APIs, targeting wallets, blockchain explorers, and decentralized finance (DeFi) services. This hybrid security model, combining proprietary detection engines with open-source components and collaborative threat intelligence, aims to foster transparency and community-driven resilience across the Web3 ecosystem.
