Address Poisoning Scams on the Rise Victims of address poisoning were misled into willingly sending over $1.2 million worth of cryptocurrency to scammers, indicating the growing threat of phishing attacks in the crypto ecosystem. Address poisoning, also known as wallet poisoning, happens when scammers send very small transactions that copy the frequently-used wallet addresses of victims. Users, by copy-pasting from transaction history, end up sending cryptocurrency to scam addresses. Cyvers Witnesses a Surge in Crypto Scams Blockchain security firm Cyvers witnessed Ethereum-based pig butchering scams pilfer over $1.2 million in the first three weeks of March. In a March 19 post on X, Cyvers explained: “Attackers send small transactions to victims, replicating their frequently-used wallet addresses. When users copy-paste an address from their transaction history, they might unintentionally send funds to the attacker instead.” These scams have been increasing throughout the year, with the losses reaching $1.8 million in the month of February alone, reports Deddy Lavid, Cyvers’ co-founder and CEO. Inadequate Security Measures Exacerbate Losses Lavid attributes the heightened sophistication of the perpetrators and the absence of pre-transaction verification systems as key factors in the spread of phishing scams. “More users and institutions are utilizing automated tools for crypto transactions, some of which may not have inherent verification mechanisms to detect poisoned addresses.” As the ongoing crypto bull market drives transaction volumes higher, so do the risks. Lavid believes pre-transaction verification would go a long way in stopping phishing attacks. “Unlike traditional fraud detection, many wallets and platforms lack real-time pre-transaction screening that would flag suspicious addresses before funds are sent.” Previous High-Profile Cases Address poisoning scams have already cost investors tens of millions. In May 2024, $71 million worth of Wrapped Bitcoin (WBTC) was unknowingly transferred by an investor to a scam wallet. The attacker had created a lookalike address and enticed the victim with a small transaction. Intensifying pressure from blockchain sleuths however goaded the attacker into reversing the funds days later. Phishing Scams: A New Crypto Threat Phishing scams have become one of the largest threats to the cryptocurrency industry, aside from traditional hacks. One of the most notorious types is pig butchering, where scammers build trust with victims over a long time before tricking them into transferring funds. Ethereum-based pig butchering scams alone cost the industry over $5.5 billion across 200,000 detected instances in 2024, per Cyvers. The grooming process lasts one to two weeks in 35% of cases and up to three months in 10% of manipulation cases. Disturbing Victim Statistics 75% of victims lost over half of their net worth to pig butchering scams. The most targeted demographic was males aged 30 to 49. Phishing attacks represented the most expensive crypto attack vector in 2024, with more than $1 billion pilfered in 296 attacks. The Need for Better Security Solutions The increase in address poisoning and phishing attacks is a stark reminder of the urgent need for better security solutions. Pre-transaction verification services can play a critical role in preventing huge financial losses and protecting crypto investors from more sophisticated cyber attacks.
