Two crypto users lost $12.25 million and $50 million after copying incorrect wallet addresses.
In January, a crypto user lost $12.25 million by copying the wrong wallet address. In December as well, another one ended up losing $50 million in a similar way.
Together, the two incidents cost $62 million, according to the popular Web3 security solution, Scam Sniffer.
Crypto Blunders
Signature phishing attacks also surged in January. In fact, Scam Sniffer found that $6.27 million was stolen from 4,741 victims, which is a 207% increase from December. The largest cases involved $3.02 million from SLVon and XAUt via permit/increaseAllowance, and $1.08 million from aEthLBTC via permit.
Two wallets alone accounted for 65% of all phishing losses.
Address poisoning is a scam where attackers send small transactions from wallet addresses that closely resemble real ones, hoping users copy the wrong address from their transaction history. This can lead to funds being sent directly to scammers by mistake. Signature phishing further increases the risk by tricking users into signing malicious approvals that give attackers permission to move funds later. As such, these tactics rely on social engineering and human error, and may make even experienced users vulnerable.
In November last year, a crypto holder lost over $3 million worth of PYTH tokens after mistakenly sending funds to a scammer’s wallet. The error occurred when the victim copied a fake deposit address from their transaction history.
Blockchain analysts at Lookonchain said the attacker created a lookalike address matching the first four characters of the real wallet and sent a tiny SOL transaction to appear legitimate. The victim later transferred 7 million PYTH tokens without fully verifying the address and fell victim to an address poisoning attack. The transferred stash was worth about $3.08 million at that time.
You may also like:
Coordinated Multisig Scam Attempt
Amidst the growing frequency of such attacks, the non-custodial wallet, Safe, formerly known as Gnosis Safe, also issued a warning for its users about a large-scale address poisoning and social engineering campaign targeting multisig wallets. According to the platform, attackers created thousands of lookalike Safe addresses to trick users into sending funds to the wrong destination. It disclosed that the incident was not a protocol exploit, infrastructure breach, or smart contract vulnerability.
Safe identified around 5,000 malicious addresses, which have now been flagged and removed from the Safe Wallet interface to reduce the risk of accidental fund transfers.
SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
