NEWSLETTER
Jameson LOPP, the Security Director of the bitcoin Custody Company (btc) Casa, gave the alarm of the poisoning attacks of the bitcoin direction, a social engineering scam that uses similar directions of the history of transactions of a victim to deceive them to send funds to the malicious address.
According to February 6, LOPP <a target="_blank" data-ct-non-breakable="null" href="https://blog.lopp.net/bitcoin-address-poisoning-attacks/” rel=”null” target=”null” text=”null” title=”null”>articleThreat actors generate btc addresses that coincide with the first and last digit of the victim's transaction history addresses. LOPP analyzed bitcoin's blockchain history for this type of attack and found:
“The first transactions of this type did not appear until block 797570, July 7, 2023, which had 36 transactions of this type. Then, all were silent until block 819455, December 12, 2023, after which we can find regular explosions of these transactions until block 881172, January 28, 2025, then there was a break of 2 months before they started again.”
“During these 18 months, only 48,000 transactions were sent that coincide with this possible direction poisoning profile,” LOPP added.
Example of an poisoned address attack. Source: J.<a target="_blank" data-ct-non-breakable="null" href="https://blog.lopp.net/bitcoin-address-poisoning-attacks/” rel=”nofollow noopener” target=”_blank” text=”null” title=”https://blog.lopp.net/bitcoin-address-poisoning-attacks/”>Ameson career
The Executive urged bitcoin headlines to thoroughly verify the addresses before sending funds and requested better wallet interfaces that show addresses completely. The LOPP warning highlights emerging feats of cybersecurity and fraudulent schemes that affect the industry.
Related: Cryptographic exploit, scam losses fall to $ 28.8 million in March after February Spike
Directorate of poisoning and exploits scams claim billions in stolen user funds
According to the cybersecurity firm <a target="_blank" data-ct-non-breakable="null" href="https://x.com/CyversAlerts/status/1902290117013991847″ rel=”null” target=”null” text=”null” title=”null”>BeltMore than $ 1.2 million were stolen through address poisoning attacks in March 2025. The CEO of Cyvers, Deddy Lavid, said that this type of attack cost users $ 1.8 million in February.
The Blockchain Peckshield security firm estimates that the total amount lost in cryptographic tricks in the first quarter of 2025 is exceeding $ 1.6 billion, and the Bybit trick represents the vast majority of stolen funds.
The Bybit trick in February was responsible for $ 1.4 billion in losses and represents the largest cryptographic trick in history.
Cybersecurity experts have linked attacks on North Korean pirates affiliated with the State who use complex and evolving social engineering schemes to steal cryptocurrencies and confidential data of objectives.
Common Social Engineering scams of the Lázaro Group include fraudulent job offers, zoom meetings with fake risk capitalists and phishing scams on social networks.
Magazine: 2 auditors lose $ 27m Penpie Fold, Pythia's 'rewards' error: crypto-Sec
