An an address poisoning attack, an attacker sends its target a transaction from a newly-generated wallet whose first and last characters match the target wallet, or a wallet the target has recently interacted with. The next time the target wants to send money to that wallet, they might mistakenly copy the lookalike address from their transaction history and send money directly to the hacker instead of their intended recipient.