Wang Chun Also Fell Victim: A $50 Million 'Tuition' - Why Do Address Poisoning Attacks Keep Succeeding?

marsbitPublicado a 2025-12-22Actualizado a 2025-12-22

Resumen

On December 19, a cryptocurrency user fell victim to an address poisoning attack, losing 50 million USDT (approximately $50 million). The attacker first sent a small test transaction of 50 USDT from a Binance exchange wallet. Hours later, the victim transferred 49,999,950 USDT to what they believed was their own address but was actually a hacker-controlled wallet with a similar beginning and ending character sequence. The hacker quickly laundered the funds by converting USDT to DAI, then to ETH, and finally moving most of the assets into the privacy tool Tornado Cash. The victim, likely an institutional entity given transaction patterns and rapid response, publicly offered the hacker a $1 million reward for returning 98% of the funds and threatened legal action. Address poisoning attacks exploit user carelessness by creating deceptive addresses that mimic legitimate ones. Such attacks have been rising since 2022, with one Bitcoin incident alone involving 49,000 cases since 2023. High-profile figures like F2Pool’s Wang Chun have also suffered similar losses. While some victims have recovered funds through negotiation, this case remains unresolved as the hacker has not responded. The incident underscores the critical need for double-checking addresses in crypto transactions.

At around midnight Beijing time yesterday, on-chain analyst Specter X discovered a case where nearly 50 million USDT was transferred to a hacker's address due to failure to carefully verify the transfer address.

According to the author's investigation, this address (0xcB80784ef74C98A89b6Ab8D96ebE890859600819) withdrew 50 USDT from Binance at approximately 13:00 Beijing time on the 19th for a test transaction before a large withdrawal.

About 10 hours later, the address withdrew 49,999,950 USDT from Binance in one go. Combined with the previous 50 USDT withdrawal, the total amounted to exactly 50 million.

Approximately 20 minutes later, the address that received the 50 million USDT first transferred 50 USDT to 0xbaf4...95F8b5 for testing.

Within less than 15 minutes after the test transfer was completed, the hacker's address 0xbaff...08f8b5 transferred 0.005 USDT to the address holding the remaining 49,999,950 USDT. The address used by the hacker had similar beginning and ending characters to the address that received the 50 USDT, indicating a clear "address poisoning" attack.

10 minutes later, when the address beginning with 0xcB80 was preparing to transfer the remaining 40 million+ USDT, likely due to negligence, it copied the address from the previous transaction—the one used by the hacker for "poisoning"—and directly sent nearly 50 million USDT into the hands of the hacker.

With $50 million secured, the hacker began money laundering actions 30 minutes later. According to SlowMist monitoring, the hacker first swapped USDT for DAI via MetaMask, then used all the DAI to purchase approximately 16,690 Ethereum, kept 10 ETH, and transferred the remaining Ethereum to Tornado Cash.

Around 16:00 Beijing time yesterday, the victim addressed the hacker on-chain, stating that formal criminal proceedings had been initiated and that a substantial amount of reliable intelligence about the hacker's activities had been collected with the assistance of law enforcement, cybersecurity agencies, and multiple blockchain protocols. The victim stated that the hacker could keep $1 million and return the remaining 98% of the funds; if complied with, no further action would be taken; if not, criminal and civil liabilities would be pursued through legal channels, and the hacker's identity would be made public. However, as of now, the hacker has not responded.

According to data compiled by the Arkham platform, this address has records of large transfers with addresses associated with Binance, Kraken, Coinhako, and Cobo. Binance, Kraken, and Cobo need no introduction, while Coinhako might be a less familiar name. Coinhako is a Singapore-based cryptocurrency exchange platform established in 2014. It obtained a Major Payment Institution license from the Monetary Authority of Singapore in 2022, making it a regulated exchange in Singapore.

Given that this address uses multiple exchange platforms and Cobo's custody services, and its ability to quickly contact various parties and complete the tracking of the hacker within 24 hours of the incident, the author speculates that this address most likely belongs to an institution rather than an individual.

A "Careless Mistake" Leads to Major Loss

The only explanation for falling victim to an "address poisoning" attack is "carelessness." Such attacks can be avoided simply by double-checking the address before transferring, but clearly, the protagonist of this incident skipped this crucial step.

Address poisoning attacks began to emerge in 2022, originating from "vanity address" generators—tools that allow customization of the beginning of an EVM address. For example, the author could generate an address starting with 0xeric to make the address more labeled.

This tool was later discovered by hackers to have a design flaw allowing brute-force attacks on private keys, leading to several major fund theft incidents. However, the ability to generate addresses with customized beginnings and endings also gave some ill-intentioned individuals a "clever idea": by generating addresses similar in beginning and ending to a user's commonly used transfer addresses, and transferring small amounts to the user's other addresses, some users might, due to carelessness, mistake the hacker's address for their own and actively send on-chain assets into the hacker's pocket.

Past on-chain information shows that the address beginning with 0xcB80 was a major target for such poisoning attacks even before this incident, with attacks beginning nearly a year ago. This attack method essentially involves hackers betting that you will eventually get lazy or inattentive and fall for it. Ironically, it is this seemingly transparent attack method that continues to ensnare "careless" victims one after another.

Regarding this incident, F2Pool co-founder Wang Chun expressed sympathy for the victim on Twitter (X), mentioning that last year, to test if his address had a private key leak, he transferred 500 BTC to it, only to have 490 BTC stolen by hackers. Although Wang Chun's experience was unrelated to address poisoning attacks, he likely meant to convey that everyone has moments of "stupidity," and we should not blame the victim for carelessness but rather direct our criticism towards the hackers.

$50 million is no small amount, but it is not the largest loss from such attacks. In May 2024, an address transferred over $70 million worth of WBTC to a hacker's address due to a similar attack, but the victim eventually recovered almost all the funds with the assistance of security company Match Systems and the Cryptex exchange. However, in this case, the hacker quickly converted the stolen funds into ETH and transferred them to Tornado Cash, making it uncertain whether recovery is possible.

In April, Casa co-founder and chief security officer Jameson Lopp warned that address poisoning attacks are spreading rapidly, with as many as 48,000 such incidents occurring on the Bitcoin network alone since 2023.

Including fake Zoom meeting links on Telegram, these attack methods are not sophisticated, but it is precisely this "simple" approach that can make people let their guard down. For those of us in the dark forest, being extra cautious is never wrong.

Preguntas relacionadas

QWhat is the total amount of USDT lost in the address poisoning attack described in the article?

A50 million USDT, worth approximately $50 million.

QHow did the hacker execute the address poisoning attack in this case?

AThe hacker sent a small test transaction (0.005 USDT) from an address with a similar beginning and end to the victim's target address, tricking the victim into copying the wrong address for the large transfer.

QWhat did the victim do after discovering the theft, and what was the hacker's response?

AThe victim filed a criminal complaint and offered to let the hacker keep $1 million if 98% of the funds were returned. The hacker did not respond and instead laundered the funds through token swaps and Tornado Cash.

QWhat is address poisoning, and why is it effective despite being a simple attack?

AAddress poisoning involves creating a fake address with similar starting and ending characters to a victim's常用 address. It preys on human error, as users may carelessly copy the wrong address from their transaction history.

QWhich prominent figure in the crypto space shared a similar experience of loss due to carelessness, and what did they lose?

AF2Pool co-founder Wang Chun shared that he lost 490 BTC after transferring 500 BTC to test for private key leaks, highlighting that even experienced individuals can make costly mistakes.

Lecturas Relacionadas

KOL's Perspective: Why Is SOL Set to Rise from This Point?

**Summary: Why SOL is Positioned for Growth at This Level** The article argues that SOL is poised for an upward move from its current price point, citing several key factors. Primarily, SOL has just broken out of a 4-month consolidation phase. This breakout signals a return of risk appetite to the broader crypto market, as SOL is seen as a key indicator of overall crypto health. The token's ownership has reportedly shifted from short-term traders and tourists to long-term accumulators, leading to low volume. Any meaningful increase in trading activity could thus trigger significant upward momentum. Fundamental strengths include strong institutional adoption, integration with DeFi and RWAs (Real-World Assets), and the potential benefits from the Clarity Act. Despite its high volatility—having dropped 70% from its all-time high but still up 12x from its bear market low—SOL is highlighted as one of the few tokens from the last cycle to reach new highs. It boasts a robust ecosystem of applications, users, and protocols. Future catalysts include the expected influx of AI developers following the Miami Accelerate conference, which focused on AI on Solana. Furthermore, Solana is positioned as the premier chain for memecoin activity, a trend expected to continue and drive network usage and fees. The article concludes that recent price action reflects a healthy transfer to long-term holders, setting the stage for growth.

marsbitHace 42 min(s)

KOL's Perspective: Why Is SOL Set to Rise from This Point?

marsbitHace 42 min(s)

Those Pre-Bitcoin PoW Protocols Have Recently Been Reimplemented

This article details a recent surge in replicating pre-Bitcoin Proof-of-Work (PoW) protocols, specifically focusing on Hal Finney's 2004 RPOW (Reusable Proofs of Work). Within five days in May 2026, multiple independent builders in the Bitcoin/cypherpunk community launched projects inspired by this early electronic cash proposal. The initiative began with Fred Krueger's `rpow2.com`, a centralized but auditable system that replaced RPOW's original IBM 4758 hardware with Ed25519 signatures. Initially a faithful replica, it later adopted Bitcoin-like features (21M supply cap, difficulty adjustment) and a controversial 5.24% founder allocation. This sparked rapid forks, including `rpow4.com` which incorporated full Bitcoin parameters, a prediction market (`rpowmarket.com`), and a DEX (`rpow2swap.com`). Concurrently, Mike In Space created a prototype of Wei Dai's 1998 b-money proposal (`b-money.replit.app`), pushing the historical exploration even further back. The article contrasts these centralized, server-dependent experiments with Bitcoin's core innovation of decentralized, trustless consensus. It also highlights a parallel development: the `HASH` project on Ethereum, which uses smart contract hooks to enable a purely fair-launch, browser-mineable PoW token with 0% allocations to team or VCs. The collective activity is framed as a meme-driven, educational exploration of cypherpunk history rather than a serious financial movement, with all projects heavily disclaiming any investment value.

marsbitHace 47 min(s)

Those Pre-Bitcoin PoW Protocols Have Recently Been Reimplemented

marsbitHace 47 min(s)

South Korean Exchanges 'Battle' Regulators, Challenging the Boundaries of Enforcement and Legislation

South Korea's cryptocurrency industry is engaged in a rare, direct confrontation with regulators. The Financial Intelligence Unit (FIU), the primary anti-money laundering (AML) watchdog, has recently imposed heavy penalties on major exchanges like Upbit and Bithumb for alleged violations involving unregistered overseas VASPs and AML procedures. However, exchanges are now actively challenging these actions in court and through industry associations. In a significant shift, the Seoul Administrative Court ruled in favor of Upbit's operator, Dunamu, overturning part of an FIU-ordered business suspension. The court found the FIU's penalty criteria and justification insufficiently clear. Similarly, the court suspended the enforcement of a six-month business suspension against Bithumb pending a final ruling, citing potential irreversible harm to the exchange. Beyond legal battles, the industry is contesting proposed legislative amendments. The Digital Asset eXchange Alliance (DAXA) strongly opposes a draft rule that would mandate Suspicious Transaction Reports (STRs) for all crypto transfers over 10 million KRW (~$6,800). DAXA argues this "poison pill" clause violates legal principles and would overwhelm the STR system, increasing reports from 63,000 to an estimated 5.45 million annually for major exchanges, thereby crippling effective AML monitoring. This conflict highlights a structural tension in South Korea's crypto governance: comprehensive digital asset laws are still developing, while regulators rely heavily on AML enforcement. The industry's move from passive compliance to active legal and legislative challenges signifies a new phase, pressing for clearer rules and more proportionate enforcement. While short-term disputes may intensify, this clash could ultimately lead to a more mature and sustainable regulatory framework for South Korea's vibrant crypto market.

marsbitHace 1 hora(s)

South Korean Exchanges 'Battle' Regulators, Challenging the Boundaries of Enforcement and Legislation

marsbitHace 1 hora(s)

Earnings Report, CLARITY Bill, and Warsh's Arrival: CRCL Faces Three Major Tests This Week

Circle (CRCL) faces three major tests this week that will significantly impact its stock price and valuation. First, on May 11, it will release its Q1 2026 earnings. Key metrics to watch are overall revenue and EPS, the proportion of revenue paid to distributors like Coinbase, and growth in non-interest income. The market also awaits Circle's stance on renegotiating its revenue-sharing contract with Coinbase, which expires in August. Second, on May 14, the U.S. Senate Banking Committee will vote on the CLARITY Act. This bill aims to establish a clear federal regulatory framework for digital assets. A recent compromise proposal would ban yield on static stablecoin reserves but allow rewards for active ones. Its passage, currently seen as likely by prediction markets, would be a major positive for the industry and Circle. Finally, on May 15, Kevin Warsh will succeed Jerome Powell as Federal Reserve Chair. Warsh's proposed policy of quantitative tightening combined with interest rate cuts could pose a short-term headwind for CRCL, as lower rates reduce Circle's primary revenue from USDC reserves. However, long-term prospects may improve as Warsh, a known crypto investor who opposes a Fed CBDC, is seen as potentially favorable to regulated private stablecoins like USDC.

marsbitHace 1 hora(s)

Earnings Report, CLARITY Bill, and Warsh's Arrival: CRCL Faces Three Major Tests This Week

marsbitHace 1 hora(s)

After 50x Storage Surge, Justin Sun Always Looks to the Next Decade

Sun Yuchen, known for his controversial stunts like a $30 million lunch with Warren Buffett (canceled due to a kidney stone) and eating a $6.2 million duct-taped banana, is often overshadowed by a significant fact: his decade-long track record of spotting major investment trends. In 2016, he famously advised young people to invest in Bitcoin, Nvidia, Tesla, and Tencent instead of buying property. A hypothetical $20,000 investment in Nvidia and Tesla from that list would now be worth over 50 million RMB. His latest major call was on November 6, 2025, predicting a "50x storage opportunity" tied to the AI boom, which materialized with Sandisk's stock surging nearly 50-fold by 2026. Looking ahead, Sun now focuses on the next frontier: Physical AI. He identifies four key areas: 1. **Embodied AI/Robotics**: He sees this reaching its "iPhone moment," with companies like UBTech and Galaxy General leading in commercialization. 2. **Drones**: Viewed as the first commercially viable form of Physical AI, revolutionizing sectors from warfare (e.g., AeroVironment's Switchblade) to logistics. 3. **Spatial Computing**: Beyond VR, it's about AI understanding physical space, a foundational technology for robotics and autonomous systems, exemplified by Apple's Vision Pro. 4. **Space Exploration**: After a 2025 suborbital flight with Blue Origin, Sun advocates for space as the ultimate frontier, discussing blockchain's potential role in space asset management and data transactions. His investment philosophy involves betting on entire, inevitable trends rather than single companies. For robotics, he sees Tesla (the body/manufacturer) and Nvidia (the brain/AI platform) as complementary plays. In defense drones, he highlights companies making tanks obsolete (AeroVironment) and those augmenting fighter jets (Kratos). For space, he participated in Blue Origin's flight and anticipates SpaceX's potential IPO to redefine the sector's valuation. Sun Yuchen's vision frames the next two decades not as a revolution in information flow (like the internet), but in the fundamental operation of the physical world through AI-powered robots, autonomous systems, and spatial intelligence, ultimately extending human and AI activity into space. While many still focus on conventional assets, he continues to look toward the next technological horizon.

marsbitHace 2 hora(s)

After 50x Storage Surge, Justin Sun Always Looks to the Next Decade

marsbitHace 2 hora(s)

Trading

Spot

Futuros

Artículos destacados

Cómo comprar CC

¡Bienvenido a HTX.com! Hemos hecho que comprar CC(Canton) (CC) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar CC(Canton) (CC) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu CC(Canton) (CC)Después de comprar tu CC(Canton) (CC), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear CC(Canton) (CC)Tradear fácilmente con CC(Canton) (CC) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

159 Vistas totalesPublicado en 2026.04.21Actualizado en 2026.04.21

Cómo comprar BLEND

¡Bienvenido a HTX.com! Hemos hecho que comprar Fluent (BLEND) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar Fluent (BLEND) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu Fluent (BLEND)Después de comprar tu Fluent (BLEND), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear Fluent (BLEND)Tradear fácilmente con Fluent (BLEND) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

162 Vistas totalesPublicado en 2026.04.24Actualizado en 2026.04.24

Cómo comprar ACN

¡Bienvenido a HTX.com! Hemos hecho que comprar AITECH CLOUD NETWORK (ACN) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar AITECH CLOUD NETWORK (ACN) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu AITECH CLOUD NETWORK (ACN)Después de comprar tu AITECH CLOUD NETWORK (ACN), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear AITECH CLOUD NETWORK (ACN)Tradear fácilmente con AITECH CLOUD NETWORK (ACN) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

92 Vistas totalesPublicado en 2026.04.28Actualizado en 2026.04.28

Discusiones

Bienvenido a la comunidad de HTX. Aquí puedes mantenerte informado sobre los últimos desarrollos de la plataforma y acceder a análisis profesionales del mercado. A continuación se presentan las opiniones de los usuarios sobre el precio de A (A).