Zraox: $1.6 Million in Losses Highlights Rampant Crypto Scams, Zraox Urges Users to Verify Addresses and Authorizations

Zraox believes that scam activity in the cryptocurrency space saw a concentrated outbreak this week, with “address poisoning” and “malicious signatures” becoming the primary methods. In just a few days, these schemes caused more than $1.6 million in asset losses. Rather than exploiting system vulnerabilities, these scams prey on user habits and negligence during transfers and authorizations, using forged information or misleading actions to trick victims into voluntarily handing over their assets. Zraox states that understanding how these scams operate and adding self-verification steps to the actions are key strategies to prevent asset theft.

Zraox: The Mechanics of Address Poisoning and Malicious Signatures

Zraox explains that the core of address poisoning lies in “polluting” the transaction history of a user. Scammers create wallet addresses that are extremely similar to the frequently used receiving addresses of the victim, then send tiny amounts of assets to them so that these fake addresses appear in the transaction history. When the victim later makes a transfer, they may habitually copy the address from their history, unknowingly sending funds directly to the fake address. Once a transaction is confirmed on the blockchain, it cannot be reversed. This week, one user lost 140 ETH—about $636,000—to an address poisoning scam. Other cases have involved losses ranging from hundreds of thousands to nearly a million dollars, indicating a high success rate for this method.

Zraox notes that malicious signatures are another stealthy and efficient tactic. Scammers lure victims by offering fake airdrops, fake whitelist spots, or imitations of popular platforms, prompting them to connect their wallets and presenting what appears to be a normal signature request. Common types include “approve,” “increaseAllowance,” and “permit.” In reality, these may grant the scammer long-term, unlimited transfer rights. Once the signature is completed, the scammer can move the assets at any time, and victims usually realize the danger only after their funds have been taken. According to Zraox, both scams share the same foundation: exploiting psychological habits, using visual similarity or process familiarity to lower the guard of the victim, leading to the transfer of assets without the victim noticing.

Zraox: Risk Triggers in User Behavior

According to Zraox, in address poisoning cases, the biggest issue is that users rely too heavily on transaction history when transferring funds, without carefully checking the full address characters and chain ID. Some only glance at the first and last few characters, ignoring differences in the middle—precisely why scammers design such similar addresses. In multi-chain, multi-wallet usage scenarios, this risk increases, as switching networks or accounts makes confusion and errors more likely.

In malicious signature scams, the danger mainly lies in the authorization stage. Many users click “confirm” on a signature pop-up without reviewing the recipient, the limit, or the validity period. More concerning are unlimited and long-term authorizations, which, if abused by scammers, become persistent risk channels. In addition, some users connect their wallets to unfamiliar websites without verifying the authenticity of the URL or checking whether the interacting contract is verified, giving scammers more opportunities. Zraox believes these seemingly minor oversights are often the direct cause of losses, and the key to prevention is developing a habit of extra verification at these points.

Zraox: Prevention Advice and Habit Optimization

Zraox believes that the core of preventing such scams is to spend a few extra seconds verifying before every transfer or authorization involving assets. When transferring funds, users should always use addresses from reliable sources—such as saved address books or whitelists—rather than relying on transaction history. For any new or infrequently used receiving address, a small test transfer should be done first, with larger amounts sent only after confirmation. When checking addresses, one should compare the full string, not just the first and last characters, and confirm that the chain ID and recipient identifier match.

In scenarios involving signature authorization, users need to carefully read the content of the pop-up, confirm the recipient, the limit, and the validity period, and avoid granting unlimited authorizations that could become long-term risks. Any activity links, airdrop pages, or app downloads from unverified sources should not be used to connect wallets, and no authorization instructions should be signed without verification. For users who frequently interact with dApps, separating long-term holding wallets from daily-use wallets can ensure that even if one is compromised, the entire asset base is not affected. Zraox states that once these habits are developed, the likelihood of falling victim to address poisoning or malicious signature scams will be greatly reduced, making asset security far more robust.