The chief security officer of a Bitcoin custody firm raised concerns about Bitcoin address poisoning attacks, a type of social engineering fraud that tricks victims into sending funds to malicious addresses by utilizing similar addresses from their transaction history.
In a recent analysis, the official explained that these attackers create Bitcoin addresses that mirror the first and last digits of addresses found within the victim’s transaction records. A thorough examination of the Bitcoin blockchain revealed:
“The initial instances of this attack type appeared after block 797570 on July 7, 2023, with 36 such transactions recorded. Following a period of inactivity until block 819455 on December 12, 2023, regular occurrences of these fraudulent transactions resumed, continuing until block 881172 on January 28, 2025, after which there was another two-month hiatus before they started again.”
“In total, nearly 48,000 transactions matching this potentially fraudulent profile were sent over the span of 18 months,” the executive noted.
Illustration of a poisoned address attack.
The executive urged Bitcoin users to carefully verify addresses prior to transferring any funds and emphasized the need for improved wallet interfaces that display complete addresses. This warning underscores the emerging threats in the realm of cybersecurity that are impacting the cryptocurrency sector.
Address poisoning scams result in significant losses
A cybersecurity firm reported that over $1.2 million was lost to address poisoning attacks in March 2025, highlighting the issue. The CEO of the firm noted that similar attacks resulted in $1.8 million in losses in February.
Another blockchain security company estimated that the total losses from cryptocurrency hacks during the first quarter of 2025 exceeded $1.6 billion, with one hack accounting for a large portion of that amount.
This particular incident in February led to a staggering $1.4 billion in losses, marking it as the largest crypto hack ever recorded.
Experts in cybersecurity have linked these attacks to North Korean state-sponsored hackers who employ sophisticated and changing social engineering tactics to steal cryptocurrencies and sensitive information from victims.
Typical scams associated with this group include fake job offers, fraudulent Zoom meetings with supposed venture capitalists, and phishing attempts on social networking platforms.