Jameson Lopp, a co-founder and security manager at Bitcoin storage company Casa, has warned about the rise of attacks known as ‘Bitcoin address poisoning.’ These attacks involve mimicking users’ wallet addresses. Lopp has identified around 48,000 suspicious transactions by analyzing the Bitcoin blockchain over an 18-month period. Some victims of these attacks have lost significant amounts of digital currency. The attacks are economically viable when transaction fees on the Bitcoin network are low. Attackers create a similar address to the user’s previous addresses, deposit some Bitcoin into that address, and then send it to the user’s real address. This action results in the fake address being recorded in the user’s transaction history. This could lead the user to mistakenly copy the fake address in the future and transfer their funds to it. An anonymous Bitcoin developer named Mononaut also warned about these attacks in January, advising users to be cautious about copying addresses from transaction histories. According to Lopp’s findings, the first instances of these attacks were identified on July 7, 2023, in block number 797570. After a break, these attacks resumed from December 12, 2023, in block 819455 and continued until January 28, 2025, in block 881172. It is worth noting that more than 12,000 target addresses did not receive any transactions, and most of them received less than 10 deposits. Attackers typically target addresses with balances of less than 1 Bitcoin. Lopp concluded by recommending users not to rely on memory or transaction histories to copy their wallet addresses and to use safer methods for fund transfers.
