The CSO of custody firm Casa reports a surge in fraud attempts exploiting similarities between wallet addresses.
Address poisoning attacks on Bitcoin are increasing, according to Jameson Lopp, co-founder and Chief Security Officer of Casa, a company specializing in Bitcoin custody solutions. This type of fraud, which tricks users by exploiting similarities between wallet addresses, is becoming more widespread thanks to low transaction fees, allowing attackers to target many addresses with minimal investment.
How address poisoning attacks work
In an address poisoning attack, the scammer sends a small transaction (usually less than $1) to the victim using a custom-made address (controlled by the attacker) that has the same first and last characters as a recently used address by the victim. When the victim later wants to send funds to the legitimate address, they might mistakenly copy the fake one from their transaction history, unknowingly sending bitcoin directly to the scammer.
But how is it possible to create such a similar address? Through brute force—generating millions of random addresses and discarding the ones that don’t resemble the target. There are many free tools online, known as vanity address generators, designed to create customized or lookalike addresses.
Lopp conducted an in-depth analysis of the entire Bitcoin blockchain, identifying around 48,000 suspicious attacks since 2023. His methodology looked for transactions with one input and one output involving two different addresses that had the same first four and last four characters.
Although most of these attempts were unsuccessful, Lopp documented at least one confirmed fraud, in which a victim sent 0.1 BTC to a malicious address, and then, 12 hours later, sent the same amount to what was likely the intended recipient.
“That single successful trick could have easily yielded a much higher return on investment, as the address from which the funds were spent held nearly 8 BTC,” Lopp noted in his analysis.
Why address poisoning attacks are increasing
During his talk at the MIT Bitcoin Expo, Lopp attributed the rise in these attacks to the current environment of low transaction fees, stating:
“These attacks are a result of us being in a very low-fee environment. If we had higher fees, I think it would greatly discourage people from performing many of these dusting attacks—unless they found other ways to improve their success rates.”
How to protect yourself
This kind of attack is not unique to Bitcoin. Other blockchains have also been affected: in May 2024, an Ethereum user lost $71 million in a similar attack, although the funds were later recovered after negotiations.
Lopp believes software wallet developers could implement user alerts to mitigate the risks of these scams.
“I think it would be easy for wallets to say ‘Oh, this transaction came from a lookalike address’ and flash a big red warning: do not engage,” said Lopp.
The growing prevalence of these attacks highlights the importance of carefully verifying wallet addresses before sending any transaction—double-checking every single character.
