Jameson Lopp sounds alarm on Bitcoin address poisoning attacks

Jameson Lopp, the main information serviceman astatine Bitcoin (BTC) custody institution Casa, sounded the alarm connected Bitcoin code poisoning attacks, a societal engineering scam that uses akin addresses from a victim's transaction past to fool them into sending funds to the malicious address.

According to Lopp's Feb 6 article, the menace actors make BTC addresses that lucifer the archetypal and past digits of addresses from the victim's transaction history. Lopp analyzed the Bitcoin blockchain past for this type of attack and found:

"The archetypal specified transactions did not look until artifact 797570, July 7, 2023, which had 36 specified transactions. Then, each was quiescent until artifact 819455, December 12, 2023, aft which we tin find regular bursts of these transactions up until artifact 881172, January 28, 2025, past determination was a 2-month interruption earlier they started up again."

"Over these 18 months, conscionable shy of 48,000 transactions were sent that lucifer this illustration of imaginable code poisoning," Lopp added.

Example of a poisoned code attack. Source: Jameson Lopp

The enforcement urged Bitcoin holders to thoroughly cheque addresses earlier sending funds and called for amended wallet interfaces that afloat show addresses. Lopp's informing highlights the emerging cybersecurity exploits and fraudulent schemes plaguing the industry.  

Related: Crypto exploit, scam losses driblet to $28.8M successful March aft February spike

Address poisoning scams and exploits assertion billions successful stolen idiosyncratic funds

According to cybersecurity steadfast Cyvers, implicit $1.2 cardinal was stolen done code poisoning attacks successful March 2025. Cyvers CEO Deddy Lavid said these types of attacks outgo users $1.8 cardinal successful February.

Blockchain information steadfast PeckShield estimates the full amount mislaid to crypto hacks successful Q1 2025 to beryllium implicit $1.6 billion, with the Bybit hack accounting for the immense bulk of the stolen funds.

The Bybit hack successful February was liable for $1.4 cardinal successful losses and represents the biggest crypto hack successful history.

Cybersecurity experts person tied the attacks to North Korean state-affiliated hackers that usage analyzable and evolving societal engineering schemes to bargain cryptocurrencies and delicate information from targets.

Common Lazarus Group societal engineering scams see fraudulent occupation offers, zoom meetings with fake task capitalists, and phishing scams connected societal media.

Magazine: 2 auditors miss $27M Penpie flaw, Pythia’s ‘claim rewards’ bug: Crypto-Sec