Jameson Lopp, the Chief Security Officer at Casa, a Bitcoin (BTC) custody service, has raised concerns about Bitcoin address poisoning attacks—an insidious social engineering scam that exploits similar addresses from a victim’s transaction history to deceive them into sending funds to a fraudulent address.
In Lopp’s article dated February 6, he explains that these malicious actors create BTC addresses mimicking the first and last digits of addresses from the victim’s transaction history. Through his analysis of the Bitcoin blockchain, Lopp reported:
“The first recorded instances of such transactions surfaced in block 797570 on July 7, 2023, where 36 such transactions were noted. Following that, activity remained dormant until block 819455 on December 12, 2023, after which intermittent bursts of these transactions continued until block 881172 on January 28, 2025, before a 2-month hiatus began.”
“In the span of 18 months, nearly 48,000 transactions with the potential address poisoning profile were identified,” Lopp elaborated.
Illustration of a poisoned address attack. Source: Jameson Lopp
The executive urged Bitcoin users to meticulously verify addresses before transferring funds and advocated for enhanced wallet interfaces that display full addresses. Lopp’s alert underscores the rising tide of cybersecurity threats and fraudulent activities that the industry is experiencing.
Related: Crypto exploit, scam losses decline to $28.8M in March after February surge
Address poisoning scams and exploits result in billions of dollars in stolen user funds
As reported by cybersecurity firm Cyvers, address poisoning attacks resulted in the theft of over $1.2 million in March 2025. Cyvers CEO Deddy Lavid noted that these attacks resulted in losses of $1.8 million in February alone.
Blockchain security firm PeckShield estimated that the total attributed to crypto hacks in Q1 2025 surpassed $1.6 billion, with the Bybit hack being responsible for a significant portion of the stolen funds.
The Bybit hack in February led to losses of $1.4 billion, marking it as the largest crypto hack to date.
Cybersecurity specialists have linked these attacks to hackers affiliated with the North Korean regime, who employ intricate and evolving social engineering tactics to pilfer cryptocurrencies and sensitive information from their victims.
Common social engineering scams orchestrated by the Lazarus Group include deceptive job offers, fraudulent Zoom meetings with sham venture capitalists, and phishing schemes on social media platforms.
Magazine: 2 auditors overlook $27M Penpie vulnerability, Pythia’s ‘claim rewards’ bug: Crypto-Sec
