CZ says address poisoning could be eradicated after trader lost $50 million in scam.
Changpeng “CZ” Zhao has renewed the call for stronger, industry-wide defenses against address poisoning scams.
In a recent post, Binance’s former CEO argued that such attacks can be solved through better protection at the wallet level.
Combating address poisoning attacks
CZ said wallets should automatically check whether a receiving address is associated with known poisoning activity and prevent users from sending funds to it. Noting that this is possible through on-chain queries, he also urged the creation of real-time security alliances that maintain shared blacklists of malicious addresses. This allows wallets to identify risks before transactions are signed.
The crypto exchange founder added that Binance Wallet already issues alerts when users try to send funds to poison addresses, and suggested that spam microtransactions used to pollute transaction history should be completely filtered from wallet interfaces.
“We can completely eradicate these types of poison attacks.”
Trader loses $50 million in USDT
His response comes days after a high-profile incident in which a crypto trader lost nearly $50 million in USDT after falling victim to an address poisoning attack, according to on-chain researchers. Data shared by Lookonchain showed that the victim accidentally transferred 49,999,950 USDT to a scammer-controlled address on December 20, shortly after withdrawing the funds from Binance.
As usual, the trader first sent a test transaction of 50 USDT to what he thought was his own wallet. An attacker then used an automated script to generate a spoofed address that closely resembled the legitimate address. The spoofed address matched the first five and last four characters, but differed in the middle, exactly the part that many wallets shorten with ellipses.
The scammer sent small transactions from this similar address to poison the victim’s transaction history. About 26 minutes after the test transfer, the victim appears to have copied the spoofed address from his history and sent the full amount of $50 million.
You might also like:
According to SlowMist, the attacker quickly laundered the money by exchanging USDT for DAI and then converting it into approximately 16,690 ETH before depositing most of it into Tornado Cash in an attempt to complicate recovery efforts. The victim later posted a message on the chain offering a $1 million whitehat bounty for the return of the money.
Last May, a crypto investor lost about $68 million worth of wrapped bitcoin (WBTC) after falling victim to the scam. Blockchain data showed that the victim accidentally sent more than 1,150 WBTC to a hacker-controlled wallet after copying an address from his transaction history.
SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
#theft #million #USDT #Binances #forces #wallets #block #poison #addresses #default