Members of the Pi network community are raising alarms about a growing scam method that has already drained millions of Pi tokens from users' wallets.
The system takes advantage of the payment request feature in the network and the inherent transparency of blockchain data. The Pi Core team is temporarily disabling payment requests as losses increase.
Pioneers warn of a scam method that leads to the draining of Pi from wallets.
According to several community alerts circulated on X (formerly Twitter), fraudsters can scan the Pi blockchain to identify wallet addresses and view their Pi balances.
Once a wallet with a large balance is identified, the attacker sends a payment request directly to the holder. If the recipient presses 'Approve', the Pi is immediately transferred to the fraudster's wallet and cannot be recovered.
The Pi OpenMainnet 2025 community account warned that the mechanism is often misunderstood as a technical flaw.
"Previously, people called this 'a system flaw,' but honestly, it's not a flaw at all," the post stated. "This is exactly how the wallet was designed to work. The only way you will lose Pi coins is if you personally agree to the transaction."
The same message confirmed that the threat lies in social engineering and not in the protocol's failure. Fraudsters may disguise requests to appear legitimate or impersonate trusted contacts, increasing the likelihood that users will agree to transfers without verification.
A widespread scam
Community-led blockchain tracking points to a single wallet address as a major hub of activity.
The address—GCD3SZ3TFJAESWFZFROZZHNRM5KWFO25TVNR6EMLWNYL47V5A72HBWXP—has been accused of stealing between 700,000 and 800,000 Pi monthly. According to reports, cumulative losses have now exceeded 4.4 million Pi.
Data shared by Pi Network Update shows steady monthly flows to the address:
About 877,900 Pi in July 2025
743,000 Pi in August
757,000 Pi in September
563,000 Pi in October
622,700 Pi in November, and
over 838,000 Pi in December.
The figures suggest a coordinated and sustained operation rather than isolated incidents, with the spike in December indicating an acceleration of activity.
The volume of theft has raised concerns among pioneers, many of whom are new to on-chain transactions. Therefore, they may not be aware of the risks of approving unsolicited requests.
Pay team disrupts payment requests
In response, the Pay team temporarily suspended the 'Send Payment Request' feature. Community notifications indicate that the step was taken after a surge in fraudulent activity.
"Currently, the Pi team has suspended these requests (perhaps because fraud has gotten out of control)," said Pi Network Alerts in a post.
However, the suspension is described as a temporary measure and not a permanent solution. The feature may be reactivated once protective measures or additional user protections are evaluated.
Until then, community guidance is unequivocal. The network advises users not to accept or approve any payment requests sent to their wallets, regardless of who appears to be the sender.
Warnings confirm that fraudsters may impersonate friends or family members or even official Pi accounts.
The incident highlights a broader challenge for blockchain networks: balancing transparency and ease of use while maintaining user security.
While the Pi protocol works as intended, the loop highlights how easily social engineering can exploit standard features to create attack vectors.
As payment requests continued to be disrupted at the end of the year, the Pi currency of the Pay network was trading at $0.20381, up nearly 1% over the last 24 hours.
Meanwhile, members of the Pi community continue to track suspicious wallets and enhance security warnings. They urge vigilance as the complexities and prevalence of fraud increase.