Onchain security firm Cyvers has identified a surge in address poisoning scams, where attackers trick users into transferring funds to fraudulent wallet addresses. In just under three weeks, these scams have led to over $1.2 million in losses, adding to the broader trend of phishing-related fraud, which remains a major concern for crypto investors. Meanwhile, a separate investigation by Global Ledger has linked Grinex, a newly established crypto exchange, to the sanctioned trading platform Garantex. The report suggests that Garantex operators have transferred liquidity and customer funds to Grinex in an effort to circumvent US sanctions, raising concerns about regulatory enforcement and illicit financial activity. Garantex Operators Allegedly Launch New Exchange Grinex to Evade US Sanctions The operators of the now-sanctioned cryptocurrency exchange Garantex have reportedly launched a new trading platform, according to findings from blockchain analytics firm Global Ledger. The firm’s latest report claims that Grinex, a newly established exchange , is effectively a continuation of Garantex, which was blacklisted by US authorities for allegedly facilitating illicit financial transactions. Swiss-based Global Ledger revealed in its investigation that Grinex was set up shortly after Garantex’s abrupt downfall, following the US Department of Justice’s (DOJ) and European authorities’ coordinated crackdown on the platform. The analytics firm asserts that conclusive onchain evidence directly links Grinex to Garantex, reinforcing concerns that the operators are circumventing international sanctions. ”Grinex is not an independent entity but rather a full-fledged successor to Garantex, continuing its financial operations despite the exchange’s official shutdown,” Global Ledger stated in its report published on Wednesday. The DOJ, in collaboration with authorities from Germany and Finland, recently froze several domains linked to Garantex, a move aimed at dismantling its infrastructure. Since its inception in 2019, Garantex reportedly processed over $96 billion in illicit funds, playing a crucial role in laundering proceeds from darknet markets and ransomware attacks, according to US officials. In April 2022, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Garantex, marking it as the third-largest crypto exchange ever to face such penalties. Despite these sanctions, blockchain analytics firm Elliptic later reported that the exchange continued transacting approximately $60 billion in crypto following its blacklisting. The crackdown on Garantex escalated earlier this year when US authorities issued criminal indictments against its principal operators, Aleksej Besciokov and Aleksandr Mira Serda. Besciokov has since been detained in India and is currently facing extradition to the United States. Mira Serda, however, remains at large. With mounting pressure on Garantex, its operators appear to have shifted liquidity and user funds to Grinex, using it as a workaround to continue operations under a new name. Global Ledger's investigation found that Grinex is using identical infrastructure to Garantex, suggesting a direct transfer of its technology, assets, and customer base. Onchain data indicates that between Feb. 8 and March 1, Garantex facilitated the movement of billions of A7A5 stablecoin tokens on the Tron blockchain to addresses controlled by Grinex. The A7A5 stablecoin, issued by Russia’s Promsvyazbank through its cross-border payment platform A7, is reportedly being used as a ruble-backed digital currency to support Grinex’s liquidity. The findings suggest that Grinex has already processed nearly $30 million in transactions, further solidifying its operational status as an active exchange. A Test of Sanctions Enforcement The emergence of Grinex presents a significant challenge for global regulators seeking to clamp down on illicit financial networks within the crypto ecosystem. The United States and its allies have repeatedly warned that Russian-linked financial entities and exchanges are actively developing ways to bypass sanctions and continue facilitating unlawful transactions. Tether, the issuer of the world’s largest stablecoin, has already responded to enforcement efforts by freezing $23 million worth of USDT linked to Garantex, showcasing a coordinated industry response to illicit crypto activity. However, the creation of Grinex raises concerns about the effectiveness of existing measures and the ability of sanctioned entities to persist through strategic rebranding. The revelations from Global Ledger’s report are expected to prompt additional action from US authorities and their international partners. Investigations into Grinex’s activities could lead to further domain seizures, asset freezes, and even secondary sanctions against entities providing financial infrastructure to the new exchange. Additionally, Promsvyazbank’s involvement in issuing the A7A5 stablecoin could bring increased scrutiny to Russian banks and financial institutions facilitating crypto transactions for sanctioned actors. If confirmed, it may result in broader enforcement measures targeting Russian digital payment platforms. As authorities ramp up their efforts to curb crypto-based money laundering, the battle between regulators and illicit financial networks is poised to intensify. Crypto Investors Lose $1.2 Million to Address Poisoning Scams as Phishing Attacks Surge In other news, the cryptocurrency industry continues to grapple with an alarming rise in phishing scams, with address poisoning scams stealing over $1.2 million from unsuspecting victims in just under three weeks. According to onchain security firm Cyvers, these attacks have grown in both frequency and sophistication, exposing critical vulnerabilities in how digital assets are transferred. The latest data sheds light on a troubling trend of crypto investors falling prey to meticulously designed scams that trick them into sending funds to fraudulent addresses. The surge in these attacks raises urgent concerns about the security infrastructure of cryptocurrency transactions and the effectiveness of current fraud prevention measures. Address poisoning, also referred to as wallet poisoning, is a deceptive phishing tactic where scammers exploit users’ reliance on transaction history to send funds. Attackers send tiny transactions to a victim's wallet using an address that closely resembles one the victim has interacted with before. If a user copy-pastes the wrong address when transferring funds, they unknowingly send their assets straight into the scammer’s wallet. “Attackers send small transactions to victims, mimicking their frequently used wallet addresses. When users copy-paste an address from their transaction history, they might accidentally send funds to the scammer instead,” Cyvers wrote in a post on X on March 19. This exploit relies on users failing to carefully verify wallet addresses before transferring funds. Since blockchain transactions are irreversible, any funds sent to a scammer’s address cannot be recovered unless the attacker voluntarily returns them. According to Deddy Lavid, CEO and co-founder of Cyvers, address poisoning scams have been on the rise since the start of the year, with February alone seeing over $1.8 million in losses. Lavid attributes the growing prevalence of these scams to two key factors: The increasing sophistication of scammers, who are creating near-identical wallet addresses to deceive users. The lack of real-time pre-transaction verification mechanisms, which could prevent users from mistakenly sending funds to fraudulent addresses. ”More users and institutions are leveraging automated tools for crypto transactions, some of which may not have built-in verification mechanisms to detect poisoned addresses,” Lavid explained in an interview. The impact of address poisoning scams has not only been widespread but also financially devastating. One of the most infamous cases occurred in May 2024, when an investor mistakenly sent $71 million worth of Wrapped Bitcoin (WBTC) to a fraudulent address. The scammer had successfully created an address mimicking the victim’s known contacts and baited them into making the costly transfer. Surprisingly, the attacker returned the funds days later, allegedly due to mounting pressure from blockchain investigators and the growing public attention on the case. However, the vast majority of victims in similar scams have had no such luck. This highlights the power of blockchain transparency, where all transactions are permanently recorded on-chain, allowing security firms and the wider crypto community to track stolen funds. While address poisoning has gained traction, pig butchering scams have emerged as another dangerous phishing scheme, with far-reaching financial consequences. Unlike address poisoning, pig butchering scams involve a much more sophisticated form of deception. Attackers establish long-term communication with victims, grooming them over weeks or even months to gain their trust before ultimately persuading them to invest in fraudulent crypto platforms. Once the victims deposit their funds, the scammers vanish with their money. According to Cyvers, pig butchering scams on the Ethereum network alone have cost the crypto industry over $5.5 billion in 2024, with over 200,000 identified cases. The average grooming period for victims lasts one to two weeks in 35% of cases, while in 10% of scams, the process extends up to three months. Data also suggests that males aged 30 to 49 are the most frequent victims, with 75% of them losing over half their net worth to these types of scams. With cryptocurrency adoption growing worldwide, phishing attacks have become the most expensive security threat to the industry in 2024. Cyvers' analysis revealed that phishing scams have resulted in over $1 billion in losses across 296 separate incidents, making them the costliest attack vector of the year. Address poisoning and pig butchering schemes are just two of the many phishing tactics deployed by scammers. Other variations include: Fake wallet applications that steal users’ private keys. Malicious phishing emails that trick users into entering sensitive information. Counterfeit customer support scams, where attackers pose as official representatives of crypto exchanges or DeFi platforms. These social engineering tactics exploit the lack of regulatory oversight in the crypto industry, making them harder to detect and prevent. How to Protect Yourself From Address Poisoning and Phishing Scams As scammers develop increasingly sophisticated strategies, investors must take proactive steps to secure their digital assets. Security experts recommend the following: Manually verify all wallet addresses before transferring funds, rather than relying on copy-paste from transaction history. Use wallet address whitelisting, available on many crypto exchanges, to ensure funds are only sent to trusted addresses. Enable real-time security features on crypto wallets that flag suspicious addresses before transactions are executed. Beware of unsolicited small transactions from unknown addresses—this could be an attempt to ”poison” your wallet history. Stay informed about emerging threats by following updates from blockchain security firms. With phishing scams evolving rapidly, prevention is the best defense. While regulators and blockchain security firms work to combat fraudulent activities, individual users must also exercise caution to avoid falling victim.
