Crypto Phishing Attacks Hit New Record in January 2026

Crypto investors faced a sharp increase in sophisticated “signature phishing” attacks in January, with losses jumping more than 200%.

According to data from blockchain security firm Scam Sniffer, signature phishing drained approximately $6.3 million from user wallets in the first month of the year. While the raw count of victims fell by 11%, the total value stolen surged 207% from December levels.

Signature Phishing and Address Poisoning Wreak Havoc in January

This divergence highlights a tactical shift among cybercriminals toward “whale hunting.” The strategy involves targeting a smaller number of high-net-worth individuals rather than casting a wide net for smaller retail accounts.

Sponsored

Sponsored

Scam Sniffer reported that just two victims accounted for nearly 65% of all signature phishing losses in January. In the largest single incident, a user lost $3.02 million after signing a malicious “permit” or “increaseAllowance” function.

These mechanisms grant a third party indefinite access to move tokens from a wallet. This allows attackers to drain funds without requiring the user to approve a specific transaction.

While signature scams rely on confusing permissions, a separate and equally damaging threat known as “address poisoning” is also plaguing the sector.

In a stark example of this technique, a single investor lost $12.25 million in January after sending funds to a fraudulent address.

Address poisoning exploits user habits by generating “vanity” or “lookalike” addresses. These fraudulent strings mimic the first and last few characters of a legitimate wallet found in a user’s transaction history

The attacker hopes the user will copy and paste the compromised address from their history rather than verifying the full string.

The rise in these incidents prompted Safe Labs, the developer behind the popular multisig wallet formerly known as Gnosis Safe, to issue a security warning. The firm identified a coordinated social engineering campaign targeting its user base, using approximately 5,000 malicious addresses.

Consequently, the firm warned users to always verify the full alphanumeric string of any recipient address before executing high-value transfers.