Wang Chun Also Fell Victim: A $50 Million 'Tuition' - Why Do Address Poisoning Attacks Keep Succeeding?

marsbitPublicado a 2025-12-22Actualizado a 2025-12-22

Resumen

On December 19, a cryptocurrency user fell victim to an address poisoning attack, losing 50 million USDT (approximately $50 million). The attacker first sent a small test transaction of 50 USDT from a Binance exchange wallet. Hours later, the victim transferred 49,999,950 USDT to what they believed was their own address but was actually a hacker-controlled wallet with a similar beginning and ending character sequence. The hacker quickly laundered the funds by converting USDT to DAI, then to ETH, and finally moving most of the assets into the privacy tool Tornado Cash. The victim, likely an institutional entity given transaction patterns and rapid response, publicly offered the hacker a $1 million reward for returning 98% of the funds and threatened legal action. Address poisoning attacks exploit user carelessness by creating deceptive addresses that mimic legitimate ones. Such attacks have been rising since 2022, with one Bitcoin incident alone involving 49,000 cases since 2023. High-profile figures like F2Pool’s Wang Chun have also suffered similar losses. While some victims have recovered funds through negotiation, this case remains unresolved as the hacker has not responded. The incident underscores the critical need for double-checking addresses in crypto transactions.

At around midnight Beijing time yesterday, on-chain analyst Specter X discovered a case where nearly 50 million USDT was transferred to a hacker's address due to failure to carefully verify the transfer address.

According to the author's investigation, this address (0xcB80784ef74C98A89b6Ab8D96ebE890859600819) withdrew 50 USDT from Binance at approximately 13:00 Beijing time on the 19th for a test transaction before a large withdrawal.

About 10 hours later, the address withdrew 49,999,950 USDT from Binance in one go. Combined with the previous 50 USDT withdrawal, the total amounted to exactly 50 million.

Approximately 20 minutes later, the address that received the 50 million USDT first transferred 50 USDT to 0xbaf4...95F8b5 for testing.

Within less than 15 minutes after the test transfer was completed, the hacker's address 0xbaff...08f8b5 transferred 0.005 USDT to the address holding the remaining 49,999,950 USDT. The address used by the hacker had similar beginning and ending characters to the address that received the 50 USDT, indicating a clear "address poisoning" attack.

10 minutes later, when the address beginning with 0xcB80 was preparing to transfer the remaining 40 million+ USDT, likely due to negligence, it copied the address from the previous transaction—the one used by the hacker for "poisoning"—and directly sent nearly 50 million USDT into the hands of the hacker.

With $50 million secured, the hacker began money laundering actions 30 minutes later. According to SlowMist monitoring, the hacker first swapped USDT for DAI via MetaMask, then used all the DAI to purchase approximately 16,690 Ethereum, kept 10 ETH, and transferred the remaining Ethereum to Tornado Cash.

Around 16:00 Beijing time yesterday, the victim addressed the hacker on-chain, stating that formal criminal proceedings had been initiated and that a substantial amount of reliable intelligence about the hacker's activities had been collected with the assistance of law enforcement, cybersecurity agencies, and multiple blockchain protocols. The victim stated that the hacker could keep $1 million and return the remaining 98% of the funds; if complied with, no further action would be taken; if not, criminal and civil liabilities would be pursued through legal channels, and the hacker's identity would be made public. However, as of now, the hacker has not responded.

According to data compiled by the Arkham platform, this address has records of large transfers with addresses associated with Binance, Kraken, Coinhako, and Cobo. Binance, Kraken, and Cobo need no introduction, while Coinhako might be a less familiar name. Coinhako is a Singapore-based cryptocurrency exchange platform established in 2014. It obtained a Major Payment Institution license from the Monetary Authority of Singapore in 2022, making it a regulated exchange in Singapore.

Given that this address uses multiple exchange platforms and Cobo's custody services, and its ability to quickly contact various parties and complete the tracking of the hacker within 24 hours of the incident, the author speculates that this address most likely belongs to an institution rather than an individual.

A "Careless Mistake" Leads to Major Loss

The only explanation for falling victim to an "address poisoning" attack is "carelessness." Such attacks can be avoided simply by double-checking the address before transferring, but clearly, the protagonist of this incident skipped this crucial step.

Address poisoning attacks began to emerge in 2022, originating from "vanity address" generators—tools that allow customization of the beginning of an EVM address. For example, the author could generate an address starting with 0xeric to make the address more labeled.

This tool was later discovered by hackers to have a design flaw allowing brute-force attacks on private keys, leading to several major fund theft incidents. However, the ability to generate addresses with customized beginnings and endings also gave some ill-intentioned individuals a "clever idea": by generating addresses similar in beginning and ending to a user's commonly used transfer addresses, and transferring small amounts to the user's other addresses, some users might, due to carelessness, mistake the hacker's address for their own and actively send on-chain assets into the hacker's pocket.

Past on-chain information shows that the address beginning with 0xcB80 was a major target for such poisoning attacks even before this incident, with attacks beginning nearly a year ago. This attack method essentially involves hackers betting that you will eventually get lazy or inattentive and fall for it. Ironically, it is this seemingly transparent attack method that continues to ensnare "careless" victims one after another.

Regarding this incident, F2Pool co-founder Wang Chun expressed sympathy for the victim on Twitter (X), mentioning that last year, to test if his address had a private key leak, he transferred 500 BTC to it, only to have 490 BTC stolen by hackers. Although Wang Chun's experience was unrelated to address poisoning attacks, he likely meant to convey that everyone has moments of "stupidity," and we should not blame the victim for carelessness but rather direct our criticism towards the hackers.

$50 million is no small amount, but it is not the largest loss from such attacks. In May 2024, an address transferred over $70 million worth of WBTC to a hacker's address due to a similar attack, but the victim eventually recovered almost all the funds with the assistance of security company Match Systems and the Cryptex exchange. However, in this case, the hacker quickly converted the stolen funds into ETH and transferred them to Tornado Cash, making it uncertain whether recovery is possible.

In April, Casa co-founder and chief security officer Jameson Lopp warned that address poisoning attacks are spreading rapidly, with as many as 48,000 such incidents occurring on the Bitcoin network alone since 2023.

Including fake Zoom meeting links on Telegram, these attack methods are not sophisticated, but it is precisely this "simple" approach that can make people let their guard down. For those of us in the dark forest, being extra cautious is never wrong.

Preguntas relacionadas

QWhat is the total amount of USDT lost in the address poisoning attack described in the article?

A50 million USDT, worth approximately $50 million.

QHow did the hacker execute the address poisoning attack in this case?

AThe hacker sent a small test transaction (0.005 USDT) from an address with a similar beginning and end to the victim's target address, tricking the victim into copying the wrong address for the large transfer.

QWhat did the victim do after discovering the theft, and what was the hacker's response?

AThe victim filed a criminal complaint and offered to let the hacker keep $1 million if 98% of the funds were returned. The hacker did not respond and instead laundered the funds through token swaps and Tornado Cash.

QWhat is address poisoning, and why is it effective despite being a simple attack?

AAddress poisoning involves creating a fake address with similar starting and ending characters to a victim's常用 address. It preys on human error, as users may carelessly copy the wrong address from their transaction history.

QWhich prominent figure in the crypto space shared a similar experience of loss due to carelessness, and what did they lose?

AF2Pool co-founder Wang Chun shared that he lost 490 BTC after transferring 500 BTC to test for private key leaks, highlighting that even experienced individuals can make costly mistakes.

Lecturas Relacionadas

CLARITY Act: Banking Trade Groups Push For Yield Agreement Revision – Details

US banking trade groups are urging revisions to the stablecoin yield compromise in the upcoming CLARITY Act ahead of a key committee markup. The Act currently aims to ban all passive, deposit-like interest on stablecoins to prevent competition with traditional bank savings, while allowing rewards tied to active uses like staking or transactions. In a letter, groups including the American Banking Association and Bank Policy Institute proposed stricter language to eliminate perceived loopholes for passive yield and prevent deposit flight from banks. However, these efforts are reportedly viewed as minor by some lawmakers. The Senate Banking Committee is scheduled to mark up the bill on May 14, a critical step before it can advance through Congress.

bitcoinistHace 13 hora(s)

CLARITY Act: Banking Trade Groups Push For Yield Agreement Revision – Details

bitcoinistHace 13 hora(s)

This Finance CEO Picks Solana Instead Of Bitcoin — Here’s Why

Finance CEO Raoul Pal prefers Solana over Bitcoin, citing its high throughput and low transaction costs as better suited for the future crypto-AI era. He believes Solana is ideal for machine-to-machine microtransactions and AI-driven DeFi activity, predicting AI agents will soon dominate DeFi users. While Bitcoin serves as a store of value, Pal sees higher growth in networks built for mass, automated transactions. This view was highlighted at Consensus 2026, where AI integration and crypto infrastructure were key themes.

bitcoinistHace 13 hora(s)

This Finance CEO Picks Solana Instead Of Bitcoin — Here’s Why

bitcoinistHace 13 hora(s)

Gensyn AI: Don't Let AI Repeat the Mistakes of the Internet

In recent months, the rapid growth of the AI industry has attracted significant talent from the crypto sector. A persistent question among researchers intersecting both fields is whether blockchain can become a foundational part of AI infrastructure. While many previous AI and Crypto projects focused on application layers (like AI Agents, on-chain reasoning, data markets, and compute rentals), few achieved viable commercial models. Gensyn differentiates itself by targeting the most critical and expensive layer of AI: model training. Gensyn aims to organize globally distributed GPU resources into an open AI training network. Developers can submit training tasks, nodes provide computational power, and the network verifies results while distributing incentives. The core issue addressed is not decentralization for its own sake, but the increasing centralization of compute power among tech giants. In the era of large models, access to GPUs (like the H100) has become a decisive bottleneck, dictating the pace of AI development. Major AI companies are heavily dependent on large cloud providers for compute resources. Gensyn's approach is significant for several reasons: 1) It operates at the core infrastructure layer (model training), the most resource-intensive and technically demanding part of the AI value chain. 2) It proposes a more open, collaborative model for compute, potentially increasing resource utilization by dynamically pooling idle GPUs, similar to early cloud computing logic. 3) Its technical moat lies in solving complex challenges like verifying training results, ensuring node honesty, and maintaining reliability in a distributed environment—making it more of a deep-tech infrastructure company. 4) It targets a validated, high-growth market with genuine demand, rather than pursuing blockchain integration without purpose. Ultimately, the boundaries between Crypto and AI are blurring. AI requires global resource coordination, incentive mechanisms, and collaborative systems—areas where crypto-native solutions excel. Gensyn represents a step toward making advanced training capabilities more accessible and collaborative, moving beyond a niche controlled by a few giants. If successful, it could evolve into a fundamental piece of AI infrastructure, where the most enduring value in the AI era is often created.

marsbitHace 14 hora(s)

Gensyn AI: Don't Let AI Repeat the Mistakes of the Internet

marsbitHace 14 hora(s)

Why is China's AI Developing So Fast? The Answer Lies Inside the Labs

A US researcher's visit to China's top AI labs reveals distinct cultural and organizational factors driving China's rapid AI development. While talent, data, and compute are similar to the West, Chinese labs excel through a pragmatic, execution-focused culture: less emphasis on individual stardom and conceptual debate, and more on teamwork, engineering optimization, and mastering the full tech stack. A key advantage is the integration of young students and researchers who approach model-building with fresh perspectives and low ego, prioritizing collective progress over personal credit. This contrasts with the US culture of self-promotion and "star scientist" narratives. Chinese labs also exhibit a strong "build, don't buy" mentality, preferring to develop core capabilities—like data pipelines and environments—in-house rather than relying on external services. The ecosystem feels more collaborative than tribal, with mutual respect among labs. While government support exists, its scale is unclear, and technical decisions appear driven by labs, not state mandates. Chinese companies across sectors, from platforms to consumer tech, are building their own foundational models to control their tech destiny, reflecting a broader cultural drive for technological sovereignty. Demand for AI is emerging, with spending patterns potentially mirroring cloud infrastructure more than traditional SaaS. Despite challenges like a less mature data industry and GPU shortages, Chinese labs are propelled by vast talent, rapid iteration, and deep integration with the open-source community. The competition is evolving beyond a pure model race into a contest of organizational execution, developer ecosystems, and industrial pragmatism.

marsbitHace 15 hora(s)

Why is China's AI Developing So Fast? The Answer Lies Inside the Labs

marsbitHace 15 hora(s)

3 Years, 5 Times: The Rebirth of a Century-Old Glass Factory

Corning, a 175-year-old glass company, is experiencing a dramatic revival as a key player in AI infrastructure, driven by surging demand for high-performance optical fiber in data centers. AI data centers require vastly more fiber than traditional ones—5 to 10 times as much per rack—to handle high-speed data transmission between GPUs. This structural demand shift, coupled with supply constraints from the lengthy expansion cycle for fiber preforms, has created a significant supply-demand gap. Nvidia has invested in Corning, along with Lumentum and Coherent, in a $4.5 billion total commitment to secure the optical supply chain for AI. Corning's competitive edge lies in its expertise in producing ultra-low-loss, high-density, and bend-resistant specialty fiber, which is critical for 800G+ and future 1.6T data rates. Its deep involvement in co-packaged optics (CPO) with partners like Nvidia further solidifies its position. While not the largest fiber manufacturer globally, Corning's revenue from enterprise/data center clients now exceeds 40% of its optical communications sales, and it has secured multi-year supply agreements with major hyperscalers including Meta and Nvidia. Financially, Corning's optical communications revenue has surged, doubling from $1.3 billion in 2023 to over $3 billion in 2025. Its stock price has risen nearly 6-fold since late 2023. Key future catalysts include the rollout of Nvidia's CPO products and the scale of undisclosed customer agreements. However, risks include high current valuations and potential disruption from next-generation technologies like hollow-core fiber. The company's long-term bet on light over electricity, maintained even through the telecom bubble crash, is now being validated by the AI boom.

marsbitHace 16 hora(s)

3 Years, 5 Times: The Rebirth of a Century-Old Glass Factory

marsbitHace 16 hora(s)

Trading

Spot

Futuros

Artículos destacados

Cómo comprar CC

¡Bienvenido a HTX.com! Hemos hecho que comprar CC(Canton) (CC) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar CC(Canton) (CC) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu CC(Canton) (CC)Después de comprar tu CC(Canton) (CC), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear CC(Canton) (CC)Tradear fácilmente con CC(Canton) (CC) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

158 Vistas totalesPublicado en 2026.04.21Actualizado en 2026.04.21

Cómo comprar BLEND

¡Bienvenido a HTX.com! Hemos hecho que comprar Fluent (BLEND) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar Fluent (BLEND) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu Fluent (BLEND)Después de comprar tu Fluent (BLEND), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear Fluent (BLEND)Tradear fácilmente con Fluent (BLEND) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

161 Vistas totalesPublicado en 2026.04.24Actualizado en 2026.04.24

Cómo comprar ACN

¡Bienvenido a HTX.com! Hemos hecho que comprar AITECH CLOUD NETWORK (ACN) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar AITECH CLOUD NETWORK (ACN) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu AITECH CLOUD NETWORK (ACN)Después de comprar tu AITECH CLOUD NETWORK (ACN), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear AITECH CLOUD NETWORK (ACN)Tradear fácilmente con AITECH CLOUD NETWORK (ACN) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

91 Vistas totalesPublicado en 2026.04.28Actualizado en 2026.04.28

Discusiones

Bienvenido a la comunidad de HTX. Aquí puedes mantenerte informado sobre los últimos desarrollos de la plataforma y acceder a análisis profesionales del mercado. A continuación se presentan las opiniones de los usuarios sobre el precio de A (A).