Jameson Lopp, co-founder and Chief Security Officer of Bitcoin custody firm Casa, raises alarms over a recent wave of address poisoning attacks now targeting Bitcoin users. The method previously seen on the Ethereum blockchain relies on social engineering tactics to manipulate transaction behavior, and Lopp’s data suggests the threat is growing across the Bitcoin network.
In a newly released analysis, Lopp revealed that his team scanned the entire Bitcoin blockchain and identified over 48,000 suspicious transactions since mid-2023 that bear the hallmarks of poisoning attacks.
These transactions typically involve a one-input, one-output structure with two addresses that share the same first and last four characters, a tactic meant to deceive users into copying the wrong address during future transactions.
While only one successful theft has been confirmed on Bitcoin so far; a victim mistakenly sent 0.1 BTC to a spoofed address before sending the same amount to the intended recipient 12 hours later—the case revealed deeper concerns.
Lopp pointed out that the wallet involved in the mistaken transfer held nearly 8 BTC at the time, suggesting that a small error could have easily resulted in a much larger loss.
Lopp emphasized that while the dollar value lost on Bitcoin so far remains relatively low, the uptick in attempts should not be ignored.
Low Fees Fuel Rise in Bitcoin ‘Address Poisoning’ Attacks
With Bitcoin transaction fees at multi-month lows, attackers are increasingly exploiting the cost efficiency to carry out a growing number of address poisoning scams, according to Lopp.
At its core, an address poisoning attack works by sending a small amount of Bitcoin from a newly generated wallet that closely resembles a legitimate one—often with matching beginning and ending characters.
This spoofed address then lands in the target’s transaction history. If the victim later copies and pastes from their recent activity without verifying the full string, they could unknowingly send funds directly to an attacker.
While each individual attempt has a low success rate, Lopp explained that the current low-fee environment allows malicious actors to conduct thousands of these transactions at minimal cost.
“The attacks are a result of the fact that we’re in a very low-fee environment,” Lopp said during his presentation at the MIT Bitcoin Expo.
“If we had high fees going on, I think that would greatly disincentivize people from doing a lot of these dusting attacks—unless they figured out other ways to increase their attack success rate.”
This attack method has already proven costly in other ecosystems. In one high-profile Ethereum case last May, a user lost $71 million due to address poisoning. Although those funds were later recovered, the incident underscored how a single mistake could lead to catastrophic losses.
To mitigate future risks, Lopp suggested that wallet developers can play a critical role. He proposed implementing automated warnings that would flag lookalike addresses as suspicious—especially if they’ve never been manually approved or labeled by the user.
“Wallets could easily throw up a red flag: ‘This resembles an existing address—do not interact,’” he said.
With spoofing strategies evolving and attackers taking advantage of declining fees, the onus is now on users and software providers to stay one step ahead. While Bitcoin’s decentralized design makes censorship difficult, proactive security design may be the best way to keep users protected.
Quick Facts:
- Over 48,000 suspected Bitcoin address poisoning attacks have been identified since mid-2023, according to Casa’s Jameson Lopp.
- Attackers use lookalike wallet addresses to trick users into sending funds to the wrong recipient.
- Only one confirmed Bitcoin theft has been observed, but the targeted wallet held nearly 8 BTC.
- Low transaction fees are enabling attackers to scale these scams cheaply, raising concerns about the broader adoption of the tactic.
