Jameson Lopp, chief security officer at Bitcoin (BTC) custody company CASA, issued a warning about Bitcoin’s address addiction attack.
According to a February 6th article in Lopp, threat actors generate BTC addresses that match the first and last numbers of addresses in the victim’s transaction history. LOPP analyzed the history of the Bitcoin blockchain for this type of attack.
“The first such transaction did not appear until July 7, 2023, block 797570, 36 such transactions. Then it was quiet until December 12, 2023 until block 819455.
“Over the last 18 months, 48,000 transactions have been slightly shy that match this profile of potential address addiction,” added Lopp.
Examples of addiction address attacks. Source: Jameson Lopp
The executive urged Bitcoin holders to thoroughly check their addresses before sending funds, asking for a better wallet interface that would display the addresses in full. Lopp’s warning highlights new cybersecurity exploits and fraudulent schemes that plague the industry.
Related: Crypto Exploit, Fraud Loss falls to $28.8 million in March since February’s spike
Dealing with stolen user funds against addiction fraud and exploits and claim billions
More than $1.2 million was stolen in March 2025 through an address addiction attack, according to Cybersecurity company Cyvers. CEVISES CEO Deddy Lavid said these types of attacks would cost $1.8 million users in February.
Blockchain security company Peckshield estimates the total lost to Crypto Hacks in the first quarter of 2025 exceeds $1.6 billion, with Bibit Hack making up the majority of the stolen funds.
The February Buybit Hack, responsible for a loss of $1.4 billion, represents the biggest crypto hack in history.
Cybersecurity experts have used complex and evolving social engineering schemes to link the attacks to hackers belonging to North Korean provinces to steal cryptocurrencies and sensitive data from their targets.
Common Lazaro Group social engineering scams include fraudulent recruitment, Zoom meetings with fake venture capitalists, and phishing scams on social media.
Magazine: Two Auditors Missing $27 million Penpee’s Flaws, Pitya’s “Assert Reward” Bug: crypto-sec
