Victims of address poisoning scams have been duped into willingly transferring over $1.2 million to fraudsters, highlighting the troubling increase in cryptocurrency phishing attacks.
Address poisoning, also referred to as wallet poisoning scams, entails deceiving individuals into sending their digital assets to scammer-owned addresses.
Pig butchering schemes on the Ethereum network have already cost the crypto industry upwards of $1.2 million over the last few weeks, illustrating the scale of this issue. Small transactions are sent by attackers to victims, imitating commonly used wallet addresses. If users copy-paste an address from their transaction history, they might unintentionally send funds to the scammer instead.
Since the start of this year, the prevalence of address poisoning scams has risen, leading to losses exceeding $1.8 million in February, as reported by an industry expert.
The increasing sophistication of scammers, alongside a lack of pre-transaction security, has been identified as key factors in this trend. The CEO of a notable security firm noted that:
“As more users and institutions adopt automated tools for crypto transactions, some lack built-in verification systems to identify poisoned addresses.”
While the growing transaction volume during the crypto market upswing contributes to these scams, implementing pre-transaction verification could prevent numerous phishing incidents. The CEO remarked:
“Unlike conventional fraud detection methods, many wallets and platforms do not provide real-time screening before transactions, meaning suspicious addresses may not be flagged in time.”
Related: August saw a 215% surge in crypto phishing, with $55M lost in a single incident
In the past, address poisoning scams have cost investors large sums. Notably, an investor fell victim to a wallet poisoning scheme in May 2024, sending $71 million worth of Wrapped Bitcoin to a fraudulent wallet that had been cleverly disguised. The scammer had created a similar-looking wallet address and executed a small transaction to the victim’s account.
Surprisingly, the attacker returned the $71 million only days later, likely due to escalating scrutiny from blockchain investigators.
Related: Ledger users targeted by a deceptive ‘clear signing’ phishing email
Phishing scams pose an escalating threat to the crypto landscape
Phishing scams are emerging as a significant concern for the crypto sector, alongside traditional hacking activities.
Pig butchering scams are another type of phishing scheme characterized by elaborate and extended manipulation tactics designed to persuade victims to involuntarily forward their assets to deceptive crypto addresses.
The impact of pig butchering schemes on the Ethereum network in 2024 has exceeded $5.5 billion across 200,000 documented cases.
Data indicates that the grooming period for victims in 35% of these cases lasts between one to two weeks, with 10% of scams involving grooming durations of up to three months.
Alarmingly, a vast majority of victims—75%—have reported losing more than half of their net worth due to pig butchering scams, with males aged 30 to 49 being disproportionately affected.
Phishing scams emerged as the leading security threat in the crypto realm for 2024, resulting in over $1 billion in losses from 296 incidents, making it the most financially damaging attack vector faced by the industry.
Magazine: From $200 one day to $2.4M the next: Luke Barwikowski, X Hall of Flame