Crypto Phishing Attacks Hit New Record in January 2026
Crypto investors experienced a spike in sophisticated “signature phishing” attacks in January, with losses jumping more than 200%.
According to data from blockchain security firm Scam Sniffer, signature phishing took nearly $6.3 million from user wallets in the first month of the year. While the raw victim count was down 11 percent, the total value stolen was up 207 percent from December.
Signature phishing and address poisoning destruction in January
This difference reflects a shift in tactics among cybercriminals toward “whaling.” The strategy involves targeting a small number of high-net-worth individuals rather than casting a wide net for small retail accounts.
Sponsored
Scam Sniffer reports that nearly 65% of signature phishing losses in January were due to just two victims. In the largest single incident, a user lost $3.02 million after signing a malicious “license” or “increase allowance” function.
These methods provide unlimited access to third-party tokens from wallets. This allows attackers to withdraw funds without asking the user to authorize a particular transaction.
While signature scams rely on confusing permissions, a different and equally damaging threat called “address poisoning” is plaguing the industry.
A good example of this tactic was when an investor lost $12.25 million in January after sending money to a fraudulent address.
Address poisoning exploits user habits by generating “spoof” or “spoof” addresses. These phishing strings mimic the first and last few characters of a legitimate wallet found in a user's transaction history.
The attacker hopes that the user will copy and paste the hacked address from their history instead of verifying the entire string.
An increase in these incidents has prompted Safe Labs, the developer behind the popular multi-sig wallet formerly known as Gnosis Safe, to issue a security warning. The organization identified a coordinated social engineering campaign targeting its user base using approximately 5,000 malicious addresses.
“We identified a concerted effort by malicious actors to create thousands of seemingly safe addresses to trick users into sending money to the wrong destination. This is social engineering combined with address poisoning,” the organization said.
As such, the company cautions users to verify the full alphanumeric code of any recipient's address before executing high-value transfers.
