In a recent tweet, Shiba Inu team member Lucie shared a security notice for the SHIB community. Attackers have created thousands of lookalike wallet addresses intended to trick Safe Wallet users into sending funds to the wrong destination.
Lucie noted that this was not a protocol exploit, infrastructure breach, smart contract vulnerability nor a system compromise.
๐จ Security notice for multisig users
A coordinated address poisoning and social engineering campaign is targeting Safe wallets. Attackers created thousands of lookalike wallet addresses designed to trick users into sending funds to the wrong destination.
This was not aโฆ pic.twitter.com/UjgKwKrjGY
โ ๐๐๐๐๐ (@LucieSHIB) February 6, 2026
While 5,000 malicious addresses have been identified, flagged and are being removed from the Safe Wallet interface to reduce accidental interaction, Lucie urges the Shiba Inu community to take necessary precautions as such schemes are easy to replicate.
Such precautions include always confirming the full address or recipients outside the platform, using an address book or allow list and sending a small test transaction first. This might be essential, especially for high-value transfers.
What happened?
On Feb. 6, Safe Labs shared a security update with the crypto community, noting a large-scale address poisoning and social engineering campaign targeting multisig users.
A total of 5,000 addresses have been flagged as malicious via SafeShield (powered by its security partners) and are being removed from Safe Walletโs UI, reducing the risk of accidental interaction.
Address poisoning and social engineering, like phishing, are becoming a growing threat in the crypto market.
In a recent incident, a crypto user lost $50 million due to a copy-paste address mistake. Before transferring 50 million $USDT, the victim had sent 50 $USDT as a test to his own address. The scammer immediately spoofed a wallet with the same first and last four characters and performed an address poisoning attack.
Since many wallets hide the middle part of the address with “…” to make the UI look better, many users often copy the address from transaction histories and usually only check the starting and ending letters. This error caused the user to send the remaining 49,999,950 $USDT to the fake address copied from his transaction history.
The lesson in this incident is that of precaution, to always double-check addresses before making a transfer and never to copy addresses from transaction history for convenience.