- Casa’s chief security officer, Jameson Lopp, warns that Bitcoin address poisoning attacks, where attackers mimic wallet addresses, are surging.
- An 18‑month blockchain study recorded nearly 48,000 suspicious transactions, with some victims losing significant funds.
- According to Lopp, the low fees in Bitcoin’s blockchain fuel these scams.
Jameson Lopp, chief security officer at Bitcoin custody firm Casa, noted a surge in Bitcoin (BTC) address poisoning attacks.
In an address poisoning attack, an attacker sends a transaction from a newly generated wallet whose first and last characters match the target wallet or a wallet the target recently interacted with.
When the victim later attempts to send funds, they might mistakenly copy the lookalike address from their transaction history, directing their money to the hacker.
In his article, Lopp detailed his analysis of the Bitcoin blockchain, noting the following:
The first such transactions did not appear until block 797570, July 7, 2023, which had 36 such transactions. Then, all was quiet until block 819455, December 12, 2023, after which we can find regular bursts of these transactions up until block 881172, January 28, 2025, then there was a 2-month break before they started up again.
Jameson Lopp, chief security officer at CasaRelated: ATO Scrutiny Could Increase for Everyday Investors: Crypto Tax Exec
The Rise of Address Poisoning Scams
Over an 18-month period, he identified around 48,000 transactions that match this pattern of potential address poisoning.
Lopp cited at least one likely successful case in which a victim sent 0.1 BTC to a malicious address and, 12 hours later, sent another 0.1 BTC to what was probably the intended recipient. He noted:
That one successful trickery could have easily resulted in a much higher ROI because the address from which the funds were spent held nearly 8 BTC.
Jameson Lopp, chief security officer at CasaAddress poisoning attacks are not limited to Bitcoin. In May 2024, an Ethereum user reportedly lost US$71M (AU$116M) to a similar attack before recovering the funds through negotiations with the hacker, and a comparable tactic was identified in the hack of Japanese crypto exchange DMM Bitcoin.
According to Lopp, these attacks are becoming popular due to the current low-fee environment:
The attacks are a result of the fact that we’re in a very low-fee environment. If we had high fees going on, I think that would greatly disincentivize people from doing a lot of these dusting attacks, unless they figured out other ways to increase their attack success rate.
Jameson Lopp, chief security officer at CasaRelated: Crypto’s March on Marketing: Why Australia is the World’s Next Proving Ground
Credit: Source link
