Sophisticated crypto address poisoning scams drain $1.2M in March

Victims of address poisoning scams were tricked into willingly sending over $1.2 million worth of funds to scammers, showcasing the problematic rise of cryptocurrency phishing attacks.

Address poisoning, or wallet poisoning scams, involves tricking victims into sending their digital assets to fraudulent addresses belonging to scammers.  

Pig butchering schemes on Ethereum have cost the crypto industry over $1.2 million worth of funds in the nearly three weeks since the beginning of the month, wrote onchain security firm Cyvers in a March 19 X post:

“Attackers send small transactions to victims, mimicking their frequently used wallet addresses. When users copy-paste an address from their transaction history, they might accidentally send funds to the scammer instead.”

Address poisoning scams have been growing, since the beginning of the year, costing the industry over $1.8 million in February, according to Deddy Lavid, co-founder and CEO of Cyvers.

The growing sophistication of attackers and the lack of pre-transaction security measures are some of the main reasons for the increase, the CEO told Cointelegraph, adding:

“More users and institutions are leveraging automated tools for crypto transactions, some of which may not have built-in verification mechanisms to detect poisoned addresses.”

While the higher transaction volume due to the crypto bull market is a contributing factor, pre-transaction verification methods may stop a significant amount of phishing attacks, said Lavid, adding:

“Unlike traditional fraud detection, many wallets and platforms lack real-time pre-transaction screening that could flag suspicious addresses before funds are sent.”

Related: August sees 215% rise in crypto phishing, $55M lost in single attack

Address poisoning scams have previously cost investors tens of millions. In May 2024, an investor sent $71 million worth of Wrapped Bitcoin to a bait wallet address, falling victim to a wallet poisoning scam. The scammer created a wallet address with similar alphanumeric characters and made a small transaction to the victim’s account.

However, the attacker returned the $71 million days later, after he had an unexpected change of heart due to the growing attention from blockchain investigators.

Related: Ledger users targeted by malicious ‘clear signing’ phishing email

Phishing scams are a growing problem for the crypto industry

Phishing scams are becoming a growing threat to the crypto industry, next to traditional hacks.

Pig butchering scams are another type of phishing scheme involving prolonged and complex manipulation tactics to trick investors into willingly sending their assets to fraudulent crypto addresses.

Pig butchering schemes on the Ethereum network cost the industry over $5.5 billion across 200,000 identified cases in 2024, according to Cyvers.

The average grooming period for victims lasts between one and two weeks in 35% of cases, while 10% of scams involve grooming periods of up to three months, according to Cyvers data.

In an alarming sign, 75% of victims lost over half of their net worth to pig butchering scams. Males aged 30 to 49 are most affected by these attacks.

Phishing scams were the top crypto security threat of 2024, which netted attackers over $1 billion across 296 incidents as the most costly attack vector for the crypto industry.

Magazine: Down to $200 one day, Pixels founder had $2.4M the next: Luke Barwikowski, X Hall of Flame