Cryptocurrency scam attack damages increase by 200% as hackers shift focus to high-value wallets

Cryptocurrency investors faced a significant surge in sophisticated “signature scam” attacks in January, with total losses skyrocketing by over 200%.

According to data from blockchain security firm Scam Sniffer, signature scam attacks drained approximately $6.3 million from user wallets in just the first month of the year. Although the number of victims decreased by 11%, the total stolen assets increased by 207% compared to December of the previous year.

The Rise of Signature Scams and “Address Poisoning” in January

This discrepancy indicates a clear strategic shift by cybercriminals, who are now focusing on a “whale hunting” approach—targeting a small group of high-value individuals rather than mass attacking smaller accounts.

According to Scam Sniffer’s report, just two victims accounted for nearly 65% of the total losses caused by signature scams in January. In the most severe case, a user lost $3.02 million after signing into a malicious function such as “permit” or “increaseAllowance.”

Cryptocurrency scam losses in January | Source: Scam Sniffer These functions grant third parties unlimited access to transfer tokens from the user’s wallet. This allows attackers to drain assets without requiring user approval for each specific transaction.

While signature scams exploit confusion over access rights, another equally dangerous attack method—called “address poisoning”—is also prevalent in the crypto space.

A typical example of this technique is a case where an investor lost up to $12.25 million in January after accidentally sending funds to a fake address.

“Address poisoning” exploits user habits by creating “fake” or “similar” addresses. These addresses are designed to look like the first and last characters of a legitimate wallet address that appears in the user’s transaction history.

Attackers hope that, instead of verifying the entire string of the address, users will inadvertently copy and paste the fake address from their transaction history.

Security Experts’ Warning

In response to these rising incidents, Safe Labs—formerly known for developing the popular multi-signature wallet Gnosis Safe—issued an urgent security warning. The company detected a well-organized social engineering campaign targeting its users through approximately 5,000 fake addresses.

“We have identified a coordinated effort by malicious actors to create thousands of fake Safe addresses, aiming to deceive users into sending funds to incorrect addresses. This combines social engineering techniques with address poisoning,” a company representative stated.

Given this situation, Safe Labs recommends users carefully verify the entire string of any recipient address before executing large transactions to avoid falling into the attackers’ trap.