Source: Cointelegraph Original: "{title}"

Jameson Lopp, the Chief Security Officer of the Bitcoin custody company Casa, has issued a warning about Bitcoin address poisoning attacks, a form of social engineering scam that deceives victims into sending funds to malicious addresses by using addresses similar to those in the victims' transaction history.

According to Lopp's article on February 6, threat actors generate Bitcoin addresses that match the first and last digits of addresses in the victims' transaction history. Lopp analyzed such attacks in the history of the Bitcoin blockchain and found:

These types of transactions first appeared in block 797570, on July 7, 2023, when there were 36 such transactions. It remained quiet until block 819455, and after December 12, 2023, these transactions began to erupt regularly, continuing until block 881172 on January 28, 2025, followed by a two-month interruption before starting again.

During this 18-month period, nearly 48,000 transactions matched the characteristics of this potential address poisoning, Lopp added.

Example of an address poisoning attack. Source: Jameson Lopp

The executive urged Bitcoin holders to thoroughly check addresses before sending funds and called for improvements in wallet interfaces to fully display addresses. Lopp's warning highlights emerging cybersecurity vulnerabilities and fraud schemes troubling the industry.

According to cybersecurity company Cyvers, over $1.2 million was stolen through address deception attacks in March 2025. Cyvers CEO Deddy Lavid stated that such attacks caused users to lose $1.8 million in February.

Blockchain security company PeckShield estimated that total losses from cryptocurrency hacks in the first quarter of 2025 exceeded $1.6 billion, with the Bybit hack accounting for the vast majority of the stolen funds.

The Bybit hack in February resulted in a loss of $1.4 billion, marking the largest cryptocurrency hack in history.

Cybersecurity experts have linked these attacks to state-sponsored hackers from North Korea, who use complex and evolving social engineering schemes to steal cryptocurrency and sensitive data from targets.

Common social engineering scams by the Lazarus Group include fake job opportunities, Zoom video meetings with impersonated venture capitalists, and phishing scams on social media.

Related: Cryptocurrency hacks in the first quarter of 2025 caused $2 billion in losses, with $1.63 billion stemming from access control vulnerabilities.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。