Pi Network temporarily paused its in-app “send payment request” function after community alerts, when a coordinated social-engineering campaign drained more than 4.4 million PI from user wallets. The goal was straightforward: stop the bleed immediately while the team assessed what extra guardrails were missing.
Investigators traced most of the suspicious inflows to a single destination wallet and concluded this was not a protocol-level exploit, but a pattern of users being tricked into approving transfers. In other words, the chain did what it’s designed to do: once a payment request is approved, the transfer executes and becomes irreversible on-chain.
Special announcement to all #Pioneers.
Stay alert.
Hello #Pioneers, Scammers can find your wallet address on the blockchain and clearly see how many Pi coins you have in your wallet. Once they know your Pi coin balance, they will send you a payment request. As soon as you click… pic.twitter.com/Yqnmjt5cXC
— Pi OpenMainnet 2025 (@Pi_OM_2025) December 30, 2025
How the scam worked and why it scaled
The attackers didn’t need a smart-contract bug. They reportedly used the publicly visible Pi ledger to identify high-balance wallets and then sent crafted payment requests that impersonated trusted contacts or “official” accounts. The moment a victim approved, funds moved instantly—no second chance, no undo.
Pi Core Team posts on X reinforced the core safety message: reject unsolicited payment requests, and treat the feature suspension as a temporary mitigation designed to reduce further losses while safeguards are improved.
Here's how much the top Pi scammer is stealing per month
Payments to GCD3SZ3TFJAESWFZFROZZHNRM5KWFO25TVNR6EMLWNYL47V5A72HBWXP
2025-07: 877902.56
2025-08: 743046.69
2025-09: 757277.21
2025-10: 563096.74
2025-11: 622767.88
2025-12: 838110.68Total: 4402201.77
— r/PiNetwork (@PiNetworkUpdate) December 30, 2025
Across those months, the total exceeded 4.4 million PI, which is consistent with a repeated playbook applied to many victims over time.
Market context and why this hit harder
When the feature was halted, PI was trading around $0.20–$0.20381. That price action already reflected a deep drawdown: PI had fallen roughly 93% from its February 2025 peak of $2.99. Daily trading volume was cited in a wide band—about $8 million to $30 million—and December also included around 105 million PI tokens unlocked, which community commentary linked to extra selling pressure in a market described as illiquid.
The project stressed that the losses relied on user approval—“Scammers have been abusing the payment request feature,” the team warned in its December 30 X post. In community discussion, the operational takeaway is clear: the app needs stronger, clearer transaction warnings and tighter confirmation controls to blunt impersonation tactics. Suggestions raised included multi-factor approvals for payment requests and more explicit confirmation flows before a transfer is finalized.
From a risk and governance perspective, the next communications from core developers—especially any permanent controls tied to payment requests—will be the main signal for whether confidence can be rebuilt. Ongoing token unlocks and their interaction with liquidity and price discovery remain the other near-term pressure point.