Complex Crypto Address Poisoning Scams Steal $1.2M In March

According to the CEO of Cyvers, a blockchain security firm, pre-transaction verification solutions could prevent a large number of phishing attacks.

Victims of address poisoning scams were deceived into willingly sending over $1.2 million worth of funds to scammers, highlighting the troubling increase in cryptocurrency phishing attacks.

Address poisoning, also known as wallet poisoning scams, involves tricking victims into sending their digital assets to fraudulent addresses controlled by scammers.

Pig butchering schemes on Ethereum have resulted in over $1.2 million in losses within the first three weeks of the month, according to onchain security firm Cyvers in a March 19 post.

"Attackers send small transactions to victims, mimicking their frequently used wallet addresses. When users copy-paste an address from their transaction history, they may inadvertently send funds to the scammer," the firm explained.

Source: Cyvers Alerts

Address poisoning scams have been on the rise since the start of the year, with the industry losing over $1.8 million in February, according to Deddy Lavid, co-founder and CEO of Cyvers.

Lavid pointed to the increasing sophistication of attackers and the absence of pre-transaction security measures as key factors contributing to the surge. He also noted that more users and institutions are using automated tools for crypto transactions, some of which lack built-in verification mechanisms to detect poisoned addresses.

Lavid acknowledged that the higher transaction volume driven by the crypto bull market is a contributing factor, but emphasized that pre-transaction verification methods could prevent a significant number of phishing attacks. He added:

“Unlike traditional fraud detection, many wallets and platforms lack real-time pre-transaction screening that could flag suspicious addresses before funds are sent.”

Address poisoning scams have previously led to significant losses for investors. In May 2024, an investor mistakenly sent $71 million worth of Wrapped Bitcoin to a fraudulent wallet address in a wallet poisoning scam. The scammer created a wallet address with similar alphanumeric characters and sent a small transaction to the victim's account.

However, the attacker returned the $71 million days later, after experiencing a change of heart due to the increasing attention from blockchain investigators.

Phishing scams are increasingly becoming a significant threat to the crypto industry, alongside traditional hacks.

Pig butchering scams, a type of phishing scheme, involve prolonged and complex manipulation tactics designed to deceive investors into willingly transferring their assets to fraudulent crypto addresses.

According to Cyvers, pig butchering schemes on the Ethereum network cost the industry over $5.5 billion across 200,000 identified cases in 2024.

Cyvers data reveals that in 35% of cases, the grooming period for victims lasts between one and two weeks, while 10% of scams involve grooming periods of up to three months.