Cybersecurity firm Scam Sniffer’s January 2026 security report reveals a troubling trend in the cryptocurrency space: phishing attacks are becoming increasingly targeted and devastating. According to the data, signature phishing alone resulted in losses of approximately $6.27 million in January, affecting 4,741 victims.
Escalating Attacks
The start of 2026 marked a sharp downturn in crypto security. Unlike previous broad-spectrum tactics, cybercriminals are now focusing their efforts on "whale hunting." The Scam Sniffer report shows that just two high-net-worth individuals accounted for nearly 65% of all signature phishing losses in January.
The largest single loss reached $3.02 million, resulting from a user signing a malicious "permit" or "increaseAllowance" function. Once granted, this type of authorization allows attackers to transfer unlimited tokens from the victim’s wallet without needing approval for each transaction.
Dual Threats
Currently, crypto wallets face two highly specialized threats: signature phishing and address poisoning. Signature phishing lures users into authorizing malicious smart contract permissions. Address poisoning, on the other hand, is more covert and leverages users’ transaction habits for precision attacks.
Attackers generate "vanity" or lookalike addresses that closely resemble the user’s real address, with identical starting and ending characters. They then send tiny or zero-value transactions to the victim, causing these malicious addresses to appear in the user’s transaction history. When users later need to transfer funds and habitually copy addresses from their history, they may inadvertently select the poisoned address, resulting in their funds being sent directly to the attacker.
The Real Cost
January’s security incidents underscore the harsh reality of these attack methods. In signature phishing, single incidents have seen losses exceeding $3 million. Address poisoning has led to even more staggering losses, with one investor losing $12.25 million in a single transaction after copying the wrong address from their transaction history.
This isn’t an isolated case. In December 2025, another victim lost $50 million using the same method. After the victim tested a transfer of 50 USDT, the attacker quickly created a poisoned address with the same first and last four characters. When the victim later made a large transfer, they copied the wrong address from their history, leading to catastrophic losses.
Defense Guidelines
As attack techniques grow more sophisticated, everyday users need to build multi-layered defenses, upgrading both their habits and technical tools.
First, never copy addresses from your transaction history. Address poisoning specifically exploits this habit. Manually entering addresses or using an address book is a safer alternative.
Second, always verify the entire alphanumeric string of the recipient’s address before making any transfer—don’t just check the first or last few characters. For high-value transactions, always conduct a small test transfer first. Once you’ve confirmed the address is correct, proceed with the larger transfer.
Additionally, treat every signature request with caution. Before authorizing any smart contract, carefully review the scope of permissions being requested. Avoid granting unlimited or overly broad access to your funds.
Smart Protection
Technology is a crucial part of any defense strategy. Storing large assets in a hardware wallet is considered best practice across the industry, as it keeps private keys offline.
Enabling multi-factor authentication is also essential, but prioritize authenticator apps over less secure SMS-based methods. For frequently used addresses, save them in your wallet’s address book or whitelist to minimize the risk of errors from manual entry or copying the wrong address.
Finally, keep your wallet software and security tools up to date. Developers release updates to patch known vulnerabilities, making regular updates a fundamental part of maintaining security.
Even digital gold needs a physical safe. As security incidents surge, the cryptocurrency market remains highly volatile. According to Gate market data as of February 9, the Bitcoin price stands at $70,638.20, with a market cap of $1.41 trillion and a 24-hour trading volume of $801.57 million. Meanwhile, Ethereum is priced at $2,084.02, and Solana is holding steady at $87.22. Bitcoin dominates the market with a 56.14% share. Safe Labs has identified around 5,000 malicious addresses working in concert, and the Shiba Inu team has relayed this security warning to the community.
