- There are rising instances of social engineering and address poisoning in the crypto sector.
- Two people lost over $62 million after copying the wrong addresses during transactions.
- Hackers are increasingly favoring the DAI stablecoin for illicit transfers.
Blockchain analytics platforms have spotted rising instances of social engineering and wallet poisoning within the cryptocurrency ecosystem. A crypto anti-scam group, Scam Sniffer, reported that two individuals lost $12.25 million and $50 million in January 2026 and December 2025, respectively, by copying the wrong addresses from their wallets’ transaction history.
There is a Surge in Signature Phishing
The group also identified a surge in signature phishing, with scammers stealing $6.27 million across 4,741 victims in January 2026, reflecting a 207% spike from similar events in the previous month. The top cases spotted by the blockchain analytics firm include $3.02 million on SLVon and XAUt via permit/increaseAllowance, and $1.08 million from aEthLBTC via permit.
In the meantime, Safe Labs, an enterprise-grade self-custody solutions company, has identified a coordinated effort by malicious actors to create thousands of lookalike Safe addresses. They aim to trick users into sending funds to the wrong destination.
According to Safe Labs, the identified development does not involve protocol exploits, infrastructure breaches, or smart contract vulnerabilities. Instead, the new trend is basically a case of social engineering combined with address poisoning. The firm noted that the outcome of this new pattern is equally significant, with results that put users’ funds at risk.
Hackers Are Turning to DAI as a Preferred Option
Meanwhile, Whitestream, an Israel-based blockchain analysis and intelligence company, has spotted an interesting trend involving the preference of DAI stablecoin for illicit transactions in the blockchain ecosystem. According to Whitestream, bad actors are increasingly adopting the MakerDAO-based digital asset due to its governance protocol, which does not cooperate with authorities in freezing DAI wallets.
The blockchain intelligence firm cited a recent instance where a threat actor targeted a victim by sending a small amount of ETH from an address similar to one the victim had previously interacted with, exposing the wallet to a poisoning attack. According to Whitestream, the hacker sent most of the stolen funds to the Tornado Cash anonymity protocol and swapped more funds via the li.fi bridge from ETH, USDT, and USDC into DAI.
Related: Binance, Kraken Foil Social Engineering Hacks on Support Staff: Reports
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
