Bitcoin holders are urged to double-check wallet addresses before transferring funds following a new wave of address poisoning attacks that have quietly siphoned millions in user funds.
Jameson Lopp, chief security officer at Bitcoin custody platform Casa, raised the alarm in a February 6 blog post, revealing a disturbing trend of social engineering attacks involving lookalike wallet addresses. The scam, dubbed “address poisoning,” tricks victims into sending funds to malicious addresses that closely resemble ones from their transaction history — typically matching the first and last few characters.
Lopp’s blockchain analysis uncovered that the first traceable attack of this nature occurred in block 797570, mined on July 7, 2023. After a brief lull, activity resumed in block 819455 on December 12, 2023, followed by consistent bursts of malicious transactions. As of block 881172 on January 28, 2025, nearly 48,000 suspicious transactions had been recorded. Though there was a two-month pause after that, the attacks appear to have restarted recently.
“Wallet interfaces need to do a better job of fully displaying and verifying addresses,”
Lopp advised, emphasizing that a more intuitive user experience design could help mitigate these scams.
Data from cybersecurity firm Cyvers revealed that address poisoning schemes alone drained $1.8 million in February 2025 and another $1.2 million in March. Cyvers CEO Deddy Lavid described the trend as a growing threat to individual investors.
In a broader context, blockchain security firm PeckShield estimates that over $1.6 billion was stolen through crypto-related hacks in Q1 2025. The bulk of that came from the February Bybit incident — a record-breaking heist in which hackers made off with $1.4 billion, marking the largest theft in crypto history. Security experts attribute many of these attacks, including the Bybit breach, to state-backed North Korean groups like the Lazarus Group, which employ tactics such as fake Zoom interviews and phishing messages to target and exploit victims.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”