 |
| Address Poisoning |
New Fraud Tactic Uses Similar-Looking Addresses
Bitcoin (BTC) users must exercise extreme caution when entering addresses. Bitcoin security expert Jameson Lopp has issued a warning about the rising threat of "address poisoning" attacks. This scam employs social engineering to deceive users by exploiting addresses that closely resemble legitimate ones.
Lopp, the Chief Security Officer (CSO) at Casa, explained the mechanics of this attack in a post dated February 6th. Attackers select a specific address from a victim's transaction history and then generate a Bitcoin address (BTC) that shares the same first and last characters. This manipulation aims to trick the victim into sending funds to the attacker's malicious address. Lopp's analysis reveals that these attacks, first observed on July 7th, 2023, have occurred intermittently, with approximately 48,000 affected transactions recorded over an 18-month period ending January 28th, 2025.
"During this period, there were approximately 48,000 transactions that potentially fall under address poisoning attacks, which is establishing itself as a new form of security threat targeting users," Lopp stated. He urged Bitcoin users to meticulously verify addresses before sending any funds and called for improvements in wallet interfaces to display all address characters clearly.
Cryptocurrency Fraud Losses Exceed $1.6 Billion in Q1 2025
Address poisoning attacks have already resulted in substantial financial losses. Cybersecurity firm Cyvers reported losses of $1.2 million in March 2025 alone. According to Cyvers CEO Deddy Lavid, similar attacks caused $1.8 million in losses in February of the same year.Blockchain security company PeckShield estimates that total losses from cryptocurrency hacks in the first quarter of 2025 exceeded $1.6 billion. Notably, $1.4 billion of this total stems from the Bybit hack in February, which stands as one of the largest hacking incidents in cryptocurrency history.
The Lazarus Group, a North Korean hacker group known for its state-sponsored activities, has been implicated in these attacks. They are known to employ various social engineering techniques, including fake job offers, virtual meetings with fictitious venture capitalists, and social media phishing, to steal cryptocurrencies and sensitive data.
These emerging security threats pose a significant challenge to Bitcoin users and the broader cryptocurrency market. Thorough verification during payment processes and enhanced security systems are becoming essential measures to prevent losses.