By Chris Hollingworth 
Victims of address poisoning scams fell prey to scammers, resulting in a staggering loss of over $1.2 million in cryptocurrency funds. This alarming trend highlights the troubling surge of cryptocurrency phishing attacks, particularly through a method known as address poisoning or wallet poisoning scams. In these schemes, fraudsters deceive victims into sending their digital assets to fraudulent addresses under their control.
On March 19, onchain security firm Cyvers reported that pig butchering schemes on the Ethereum network had drained the crypto industry of more than $1.2 million within a span of nearly three weeks. Attackers execute these schemes by sending small transactions to victims, mirroring addresses frequently used by the targets. When users unknowingly copy and paste an address from their transaction history, they inadvertently transfer funds to the scammers instead of the intended recipient.
According to Deddy Lavid, the co-founder and CEO of Cyvers, address poisoning scams have been on the rise since the start of the year, resulting in losses exceeding $1.8 million in February alone. Lavid attributes this surge to the increasing sophistication of attackers and the absence of robust pre-transaction security measures. Many users and institutions now rely on automated tools for crypto transactions, some of which lack built-in verification mechanisms to detect fraudulent addresses.
Despite the heightened transaction volume driven by the crypto bull market, implementing pre-transaction verification methods could potentially thwart a significant portion of phishing attacks. Lavid emphasizes that unlike traditional fraud detection systems, many wallets and platforms lack real-time screening processes that could flag suspicious addresses before funds are transferred.
Address poisoning scams have a dark history of causing substantial financial harm, with incidents like the $71 million Wrapped Bitcoin transfer in May 2024 serving as cautionary tales. In this case, an investor mistakenly sent funds to a bait wallet address set up by a scammer, only to have the amount returned days later following increased scrutiny from blockchain investigators.
Phishing scams, including pig butchering schemes, pose a significant threat to the crypto industry alongside traditional hacking methods. These elaborate schemes involve intricate manipulation tactics aimed at persuading investors to voluntarily transfer their assets to fraudulent crypto addresses. In 2024, pig butchering scams on the Ethereum network alone resulted in losses exceeding $5.5 billion across 200,000 identified cases.
Cyvers data reveals that victims of pig butchering scams typically undergo a grooming period lasting one to two weeks in 35% of cases, with 10% of scams involving grooming periods stretching up to three months. Alarmingly, 75% of victims lose more than half of their net worth to these scams, with males aged 30 to 49 being the most targeted demographic.
In the landscape of crypto security threats, phishing scams emerged as the top concern in 2024, accounting for over $1 billion in losses across 296 incidents. These scams stand out as one of the most financially damaging attack vectors for the crypto industry, underscoring the urgent need for heightened vigilance and enhanced security measures among market participants.
The perpetuation of these scams serves as a stark reminder of the importance of safeguarding one’s digital assets and exercising caution in all cryptocurrency transactions. As the industry grapples with evolving threats, staying informed and adopting robust security practices are essential in mitigating the risks associated with malicious activities in the crypto space.
