Victims of sophisticated address poisoning scams lost over $1.2 million in March, highlighting the growing threat of cryptocurrency phishing attacks. According to Cyvers, a blockchain security firm, pre-transaction verification solutions could prevent a significant portion of these attacks.
How Address Poisoning Scams Work
Address poisoning — also known as wallet poisoning — involves tricking users into sending funds to fraudulent wallet addresses. Scammers send small transactions to victims’ wallets, creating addresses that closely resemble frequently used ones. When victims copy-paste an address from their transaction history, they may unknowingly send funds to the scammer’s wallet.
In a March 19 post on X (formerly Twitter), Cyvers reported that address poisoning scams on Ethereum have cost the crypto industry over $1.2 million in the first three weeks of March alone.
“Attackers send small transactions to victims, mimicking their frequently used wallet addresses. When users copy-paste an address from their transaction history, they might accidentally send funds to the scammer instead,” Cyvers wrote.
Growing Sophistication of Scammers
Deddy Lavid, co-founder and CEO of Cyvers, noted that address poisoning scams have been increasing since the start of the year, with losses exceeding $1.8 million in February. He attributed the rise to the growing sophistication of attackers and the lack of pre-transaction security measures.
“More users and institutions are leveraging automated tools for crypto transactions, some of which may not have built-in verification mechanisms to detect poisoned addresses,” Lavid told Cointelegraph.
While increased transaction volumes driven by the crypto bull market have contributed to the rise in scams, Lavid stressed that pre-transaction verification could significantly reduce phishing attacks.
“Unlike traditional fraud detection, many wallets and platforms lack real-time pre-transaction screening that could flag suspicious addresses before funds are sent,” he added.
High-Profile Cases and Unexpected Outcomes
Address poisoning scams have already resulted in significant losses. In May 2024, an investor mistakenly sent $71 million worth of Wrapped Bitcoin (WBTC) to a bait wallet address created by a scammer who had mimicked the victim’s frequently used address.
In a surprising twist, the scammer later returned the $71 million after increased attention from blockchain investigators prompted a change of heart.
Phishing Scams: A Growing Threat to Crypto
Phishing scams remain one of the biggest threats to the crypto industry, alongside traditional hacking.
Pig butchering scams — a type of phishing scheme involving long-term manipulation tactics — have cost the industry over $5.5 billion across 200,000 identified cases on the Ethereum network in 2024, according to Cyvers.
Victims of pig butchering scams are often groomed over one to two weeks in 35% of cases, while 10% of scams involve grooming periods lasting up to three months. Alarmingly, 75% of victims lost more than half of their net worth, with men aged 30 to 49 being the most affected demographic.
Phishing scams were the most damaging attack vector of 2024, netting over $1 billion across 296 incidents, making them the top crypto security threat of the year.
