A wave of sophisticated address poisoning scams has led to over $1.2 million in losses in just three weeks, exposing the alarming rise of cryptocurrency phishing attacks. These scams manipulate victims into sending funds to fraudulent addresses by mimicking frequently used wallet addresses.

According to on-chain security firm Cyvers, scammers execute this attack by sending small transactions to a victim's wallet, using addresses that closely resemble legitimate ones. When victims later copy-paste an address from their transaction history, they unknowingly transfer funds to the scammer.

This method is gaining traction, with over $1.8 million lost to address poisoning scams in February alone, Cyvers CEO Deddy Lavid revealed. He attributes the surge to increasing reliance on automated crypto tools, many of which lack built-in verification mechanisms to detect poisoned addresses.

The crypto bull market has further intensified scam activity, with higher transaction volumes making users more vulnerable. Lavid emphasized that pre-transaction verification could prevent a substantial number of these attacks, but many wallets and platforms still lack real-time fraud detection.

Scams like these have cost investors tens of millions. In May 2024, a victim mistakenly transferred $71 million in Wrapped Bitcoin to a bait wallet, only for the scammer to return the funds after blockchain investigators caught on.

Beyond address poisoning, phishing scams are escalating across the crypto sector. "Pig butchering" scams—where fraudsters groom victims over weeks or months—robbed investors of $5.5 billion in 2024 alone. Shockingly, 75% of victims lost over half of their net worth, with males aged 30 to 49 being the most targeted.

With phishing scams raking in over $1 billion across 296 incidents in 2024, they have become the biggest security threat to crypto users. As these attacks grow more sophisticated, the industry must urgently implement preemptive security measures to protect investors.