Expert Warns of Rising Address Poisoning Attacks on Bitcoin Blockchain
A prominent Bitcoin security expert has issued a cautionary warning regarding the increasing prevalence of address poisoning attacks on the blockchain. These attacks have become more feasible as low transaction fees allow hackers to target a larger number of wallet addresses for a relatively modest expense.
In an address poisoning attack, an assailant creates a transaction that appears to be from a newly-generated wallet. This wallet's first and last characters mimic those of the target wallet, or one with which the target has recently interacted. Consequently, when the victim attempts to send funds to their intended recipient, they may inadvertently select the fraudulent address from their transaction history, resulting in funds being sent to the hacker instead of the legitimate wallet.
Jameson Lopp, the co-founder and chief security officer of Casa, a firm specializing in Bitcoin secure storage, conducted a thorough analysis of these address poisoning attacks. He undertook a comprehensive scan of the entire Bitcoin blockchain, identifying a staggering 48,000 suspected attacks since the beginning of 2023. Lopp's investigation focused on transactions characterized by one input and one output, involving two distinct wallets displaying identical first four and last four characters—a strong indicator of address poisoning.
Among the findings, Lopp pinpointed at least one instance of a likely successful attack. In this case, a victim unwittingly sent 0.1 BTC to a malicious address. Alarmingly, just twelve hours later, the same victim sent another 0.1 BTC to what was presumably the correct wallet. Lopp commented, “That one successful trickery could have easily resulted in a much higher ROI because the address from which the funds were spent held nearly 8 BTC.”
Although the probability of a single attack being successful is relatively low, the current environment of low transaction fees encourages bad actors to execute thousands of such attacks in quick succession. According to data from The Block, average Bitcoin transaction fees have remained quite low since July 2024.
Lopp articulated his concerns while presenting his findings at the MIT Bitcoin Expo, stating, “The attacks are a result of the fact that we're in a very low-fee environment. If we had higher fees, I think that would greatly disincentivize people from conducting a lot of these dusting attacks unless they figured out alternative methods to enhance their attack success rate.”
Address poisoning attacks are not exclusive to Bitcoin; they have been observed on other blockchain platforms as well. For instance, in May 2024, an Ethereum user fell victim to a similar attack, resulting in a loss of $71 million. Fortunately, the funds were later recovered following negotiations. A comparable tactic was recognized as part of the breach of the Japanese cryptocurrency exchange DMM Bitcoin.
In light of these alarming trends, Lopp has proposed that wallet software developers should implement user warnings to help mitigate the risks associated with address poisoning attacks. He suggested that it would be straightforward for wallets to flag potential threats, remarking, “I think it would be easy for wallets to say, ‘Oh, this came from a similar looking address,’ and throw up a big red flag: do not interact.”
Disclaimer: The Block is an independent media outlet providing news, research, and data. As of November 2023, Foresight Ventures is a majority investor in The Block, which continues to operate independently to offer objective and timely information about the cryptocurrency industry.
© 2025 The Block. All Rights Reserved. This article is for informational purposes only and should not be construed as legal, tax, investment, financial, or other advice.
