Wang Chun Also Fell Victim: A $50 Million 'Tuition' - Why Do Address Poisoning Attacks Keep Succeeding?

marsbitPubblicato 2025-12-22Pubblicato ultima volta 2025-12-22

Introduzione

On December 19, a cryptocurrency user fell victim to an address poisoning attack, losing 50 million USDT (approximately $50 million). The attacker first sent a small test transaction of 50 USDT from a Binance exchange wallet. Hours later, the victim transferred 49,999,950 USDT to what they believed was their own address but was actually a hacker-controlled wallet with a similar beginning and ending character sequence. The hacker quickly laundered the funds by converting USDT to DAI, then to ETH, and finally moving most of the assets into the privacy tool Tornado Cash. The victim, likely an institutional entity given transaction patterns and rapid response, publicly offered the hacker a $1 million reward for returning 98% of the funds and threatened legal action. Address poisoning attacks exploit user carelessness by creating deceptive addresses that mimic legitimate ones. Such attacks have been rising since 2022, with one Bitcoin incident alone involving 49,000 cases since 2023. High-profile figures like F2Pool’s Wang Chun have also suffered similar losses. While some victims have recovered funds through negotiation, this case remains unresolved as the hacker has not responded. The incident underscores the critical need for double-checking addresses in crypto transactions.

At around midnight Beijing time yesterday, on-chain analyst Specter X discovered a case where nearly 50 million USDT was transferred to a hacker's address due to failure to carefully verify the transfer address.

According to the author's investigation, this address (0xcB80784ef74C98A89b6Ab8D96ebE890859600819) withdrew 50 USDT from Binance at approximately 13:00 Beijing time on the 19th for a test transaction before a large withdrawal.

About 10 hours later, the address withdrew 49,999,950 USDT from Binance in one go. Combined with the previous 50 USDT withdrawal, the total amounted to exactly 50 million.

Approximately 20 minutes later, the address that received the 50 million USDT first transferred 50 USDT to 0xbaf4...95F8b5 for testing.

Within less than 15 minutes after the test transfer was completed, the hacker's address 0xbaff...08f8b5 transferred 0.005 USDT to the address holding the remaining 49,999,950 USDT. The address used by the hacker had similar beginning and ending characters to the address that received the 50 USDT, indicating a clear "address poisoning" attack.

10 minutes later, when the address beginning with 0xcB80 was preparing to transfer the remaining 40 million+ USDT, likely due to negligence, it copied the address from the previous transaction—the one used by the hacker for "poisoning"—and directly sent nearly 50 million USDT into the hands of the hacker.

With $50 million secured, the hacker began money laundering actions 30 minutes later. According to SlowMist monitoring, the hacker first swapped USDT for DAI via MetaMask, then used all the DAI to purchase approximately 16,690 Ethereum, kept 10 ETH, and transferred the remaining Ethereum to Tornado Cash.

Around 16:00 Beijing time yesterday, the victim addressed the hacker on-chain, stating that formal criminal proceedings had been initiated and that a substantial amount of reliable intelligence about the hacker's activities had been collected with the assistance of law enforcement, cybersecurity agencies, and multiple blockchain protocols. The victim stated that the hacker could keep $1 million and return the remaining 98% of the funds; if complied with, no further action would be taken; if not, criminal and civil liabilities would be pursued through legal channels, and the hacker's identity would be made public. However, as of now, the hacker has not responded.

According to data compiled by the Arkham platform, this address has records of large transfers with addresses associated with Binance, Kraken, Coinhako, and Cobo. Binance, Kraken, and Cobo need no introduction, while Coinhako might be a less familiar name. Coinhako is a Singapore-based cryptocurrency exchange platform established in 2014. It obtained a Major Payment Institution license from the Monetary Authority of Singapore in 2022, making it a regulated exchange in Singapore.

Given that this address uses multiple exchange platforms and Cobo's custody services, and its ability to quickly contact various parties and complete the tracking of the hacker within 24 hours of the incident, the author speculates that this address most likely belongs to an institution rather than an individual.

A "Careless Mistake" Leads to Major Loss

The only explanation for falling victim to an "address poisoning" attack is "carelessness." Such attacks can be avoided simply by double-checking the address before transferring, but clearly, the protagonist of this incident skipped this crucial step.

Address poisoning attacks began to emerge in 2022, originating from "vanity address" generators—tools that allow customization of the beginning of an EVM address. For example, the author could generate an address starting with 0xeric to make the address more labeled.

This tool was later discovered by hackers to have a design flaw allowing brute-force attacks on private keys, leading to several major fund theft incidents. However, the ability to generate addresses with customized beginnings and endings also gave some ill-intentioned individuals a "clever idea": by generating addresses similar in beginning and ending to a user's commonly used transfer addresses, and transferring small amounts to the user's other addresses, some users might, due to carelessness, mistake the hacker's address for their own and actively send on-chain assets into the hacker's pocket.

Past on-chain information shows that the address beginning with 0xcB80 was a major target for such poisoning attacks even before this incident, with attacks beginning nearly a year ago. This attack method essentially involves hackers betting that you will eventually get lazy or inattentive and fall for it. Ironically, it is this seemingly transparent attack method that continues to ensnare "careless" victims one after another.

Regarding this incident, F2Pool co-founder Wang Chun expressed sympathy for the victim on Twitter (X), mentioning that last year, to test if his address had a private key leak, he transferred 500 BTC to it, only to have 490 BTC stolen by hackers. Although Wang Chun's experience was unrelated to address poisoning attacks, he likely meant to convey that everyone has moments of "stupidity," and we should not blame the victim for carelessness but rather direct our criticism towards the hackers.

$50 million is no small amount, but it is not the largest loss from such attacks. In May 2024, an address transferred over $70 million worth of WBTC to a hacker's address due to a similar attack, but the victim eventually recovered almost all the funds with the assistance of security company Match Systems and the Cryptex exchange. However, in this case, the hacker quickly converted the stolen funds into ETH and transferred them to Tornado Cash, making it uncertain whether recovery is possible.

In April, Casa co-founder and chief security officer Jameson Lopp warned that address poisoning attacks are spreading rapidly, with as many as 48,000 such incidents occurring on the Bitcoin network alone since 2023.

Including fake Zoom meeting links on Telegram, these attack methods are not sophisticated, but it is precisely this "simple" approach that can make people let their guard down. For those of us in the dark forest, being extra cautious is never wrong.

Domande pertinenti

QWhat is the total amount of USDT lost in the address poisoning attack described in the article?

A50 million USDT, worth approximately $50 million.

QHow did the hacker execute the address poisoning attack in this case?

AThe hacker sent a small test transaction (0.005 USDT) from an address with a similar beginning and end to the victim's target address, tricking the victim into copying the wrong address for the large transfer.

QWhat did the victim do after discovering the theft, and what was the hacker's response?

AThe victim filed a criminal complaint and offered to let the hacker keep $1 million if 98% of the funds were returned. The hacker did not respond and instead laundered the funds through token swaps and Tornado Cash.

QWhat is address poisoning, and why is it effective despite being a simple attack?

AAddress poisoning involves creating a fake address with similar starting and ending characters to a victim's常用 address. It preys on human error, as users may carelessly copy the wrong address from their transaction history.

QWhich prominent figure in the crypto space shared a similar experience of loss due to carelessness, and what did they lose?

AF2Pool co-founder Wang Chun shared that he lost 490 BTC after transferring 500 BTC to test for private key leaks, highlighting that even experienced individuals can make costly mistakes.

Letture associate

Q2 2026 Bitcoin Valuation: Why $143,000 Remains Achievable?

In Q2 2026, Bitcoin's valuation target of $143,000 remains achievable, representing a potential 2x upside from the current $70,500 price. Despite a 27% decline since Q1, the overall macro environment remains supportive. Global M2 liquidity hit a record $13.44 trillion, though Chinese-driven liquidity (over 60% of growth) has limited access to Bitcoin markets. U.S. monetary policy, a key driver, faced delays due to Iran conflict-induced oil price spikes, pushing March CPI to 3.3% and reducing Fed rate cut expectations. However, the easing direction persists. On-chain metrics show recovery from panic zones, with key resistance at $78,000 (long-term holder cost basis). Institutional flows turned positive, with Bitcoin ETFs seeing net inflows and corporate buying accelerating. Yet, network activity reveals stagnation—active addresses fell 13.2% YoY, suggesting superficial transaction growth. The revised $143K target (down from $185.5K in Q1) applies a -10% adjustment for weak fundamentals (BTCFi ecosystem contraction) and +20% for macro support. Key catalysts include breaking $78K, sustained ETF inflows, and geopolitical stability aiding Fed policy shifts.

marsbit9 min fa

Q2 2026 Bitcoin Valuation: Why $143,000 Remains Achievable?

marsbit9 min fa

Goldman Sachs Bows Down, Bitcoin Finally Breaks Through the Gates of Wall Street

Wall Street giants, including Goldman Sachs, Morgan Stanley, Charles Schwab, and the New York Stock Exchange, have reversed their long-standing opposition to Bitcoin and are now actively embracing it. After years of dismissing Bitcoin as a scam, a bubble, or a tool for illicit activities, these institutions are launching Bitcoin ETFs, enabling spot trading, and building dedicated crypto infrastructure. Goldman Sachs, which once called Bitcoin a "fraud tool," is now offering Bitcoin ETFs. Morgan Stanley, which internally banned the term "cryptocurrency," has launched its largest-ever ETF backed by Bitcoin. Charles Schwab has opened spot crypto trading for its retail clients, integrating Bitcoin alongside traditional assets. The NYSE is building robust infrastructure to support digital assets, signaling a long-term commitment. This dramatic shift is driven not by a change in ideology but by economic necessity. As Bitcoin repeatedly survived market crashes and grew into a multi-trillion-dollar asset class, ignoring it became too costly. Wall Street’s business model relies on capturing fees, and Bitcoin’s rise represented a massive wealth transfer occurring outside their ecosystem. The fear of missing out (FOMO) and client demand forced these institutions to capitulate. The article frames this as a historic surrender to Bitcoin’s mathematical inevitability. Unlike the trust-based traditional financial system, Bitcoin operates on decentralized, transparent, and unchangeable rules. Its scarcity and resilience make it a hedge against fiat currency devaluation and systemic risk. The narrative has flipped: not holding Bitcoin is now seen as the greater risk. The author concludes that Bitcoin has not been co-opted by Wall Street; instead, it has co-opted Wall Street, marking a fundamental shift in the global financial architecture.

marsbit54 min fa

Goldman Sachs Bows Down, Bitcoin Finally Breaks Through the Gates of Wall Street

marsbit54 min fa

Cardano Maintains Lead As Most Actively Developed Network In The Crypto Space

Cardano has emerged as the most actively developed blockchain network in the crypto space, surpassing major competitors like Ethereum, XRP, and BNB Chain in all-time code commits. According to data from Everstake, the network has accumulated over 478,100 commits, reflecting a strong focus on infrastructure upgrades, protocol improvements, and ecosystem expansion. This development activity is seen as a key indicator of long-term fundamental strength, even as ADA’s price remains in a multi-year bear cycle. Analysts suggest that if the bearish trend continues, ADA could drop toward $0.10 by year-end, which may present a strategic buying opportunity for the next bull cycle.

bitcoinist1 h fa

Cardano Maintains Lead As Most Actively Developed Network In The Crypto Space

bitcoinist1 h fa

OpenAI Launches Workflow Agent, GPTs Begin Countdown

OpenAI has launched Workspace Agents, an evolution of GPTs designed for teams. This new feature allows users to create reusable, shareable agents that automate repetitive workflows. Driven by Codex, these agents operate within their own workspace, can access files, call tools, and run continuously in the background. Users describe a workflow—such as collecting information, making judgments, generating results, and sending outputs—to ChatGPT, which then builds the agent. The entire team can use and refine the agent via ChatGPT or Slack. Once set up, the agent runs autonomously. Workspace Agents are team-shared, code-free, and manageable with predefined permissions and controls. They are suitable for structured, repeatable tasks involving multiple tools and continuous operation, such as software review, feedback整理, report generation, sales follow-up, and risk assessment. The system operates within clear rules, with sensitive actions requiring human confirmation. It aims to transform workflows from being person-dependent to being documented, executable, and reusable—akin to scientific management principles. Competing solutions from Microsoft and Google are also emerging in this space.

marsbit1 h fa

OpenAI Launches Workflow Agent, GPTs Begin Countdown

marsbit1 h fa

The Richest Fed Chair in History? Three Challenges Kevin Warsh Is About to Face

Kevin Warsh, nominated by Trump as the next Federal Reserve Chair, faces three major challenges as he prepares to take office. With a personal investment portfolio exceeding $130 million, including holdings in crypto protocols and public chains, he is set to become the wealthiest Fed chair in history. Warsh, known for his historically hawkish stance, has recently shifted his position, arguing that AI is a powerful deflationary force that could boost productivity. However, rising CPI and energy prices pose a risk to this outlook. He strongly defended Fed independence, stating that it is eroded not by political pressure but by the institution’s own missteps, such as blurring the lines between monetary and fiscal policy during the 2021-2022 inflation period. Additionally, Warsh advocates for significant balance sheet reduction while potentially cutting rates—a combination that markets find unsettling. He also proposes modernizing inflation measurement with real-time data, including stablecoins and on-chain pricing, to improve policy responsiveness. His confirmation is currently delayed due to a political investigation into current Chair Powell, adding uncertainty to his appointment.

marsbit1 h fa

The Richest Fed Chair in History? Three Challenges Kevin Warsh Is About to Face

marsbit1 h fa

Trading

Spot

Futures

Articoli Popolari

Come comprare CFG

Benvenuto in HTX.com! Abbiamo reso l'acquisto di Centrifuge (CFG) semplice e conveniente. Segui la nostra guida passo passo per intraprendere il tuo viaggio nel mondo delle criptovalute.Step 1: Crea il tuo Account HTXUsa la tua email o numero di telefono per registrarti il tuo account gratuito su HTX. Vivi un'esperienza facile e sblocca tutte le funzionalità,Crea il mio accountStep 2: Vai in Acquista crypto e seleziona il tuo metodo di pagamentoCarta di credito/debito: utilizza la tua Visa o Mastercard per acquistare immediatamente CentrifugeCFG.Bilancio: Usa i fondi dal bilancio del tuo account HTX per fare trading senza problemi.Terze parti: abbiamo aggiunto metodi di pagamento molto utilizzati come Google Pay e Apple Pay per maggiore comodità.P2P: Fai trading direttamente con altri utenti HTX.Over-the-Counter (OTC): Offriamo servizi su misura e tassi di cambio competitivi per i trader.Step 3: Conserva Centrifuge (CFG)Dopo aver acquistato Centrifuge (CFG), conserva nel tuo account HTX. In alternativa, puoi inviare tramite trasferimento blockchain o scambiare per altre criptovalute.Step 4: Scambia Centrifuge (CFG)Scambia facilmente Centrifuge (CFG) nel mercato spot di HTX. Accedi al tuo account, seleziona la tua coppia di trading, esegui le tue operazioni e monitora in tempo reale. Offriamo un'esperienza user-friendly sia per chi ha appena iniziato che per i trader più esperti.

506 Totale visualizzazioniPubblicato il 2026.03.19Aggiornato il 2026.03.19

Cosa è WL

I. Introduzione al ProgettoWorldLand è una L2 o side chain di Ethereum, progettata come una soluzione dal basso verso l'alto per migliorare l'ecosistema di Ethereum.II. Informazioni sul Token1) Informazioni di BaseNome del token: WL (WorldLand）III. Link CorrelatiSito web：https://worldland.foundation/Esploratori：https://bscscan.com/address/0x8aaB31fbc69C92fa53f600910Cf0f215531F8239Social：https://x.com/WorldLand_space Nota: L'introduzione al progetto proviene dai materiali pubblicati o forniti dal team ufficiale del progetto, che sono solo a scopo di riferimento e non costituiscono consulenza per gli investimenti. HTX non si assume alcuna responsabilità per eventuali perdite dirette o indirette risultanti.

289 Totale visualizzazioniPubblicato il 2026.03.28Aggiornato il 2026.03.28

Come comprare WL

Benvenuto in HTX.com! Abbiamo reso l'acquisto di WorldLand (WL) semplice e conveniente. Segui la nostra guida passo passo per intraprendere il tuo viaggio nel mondo delle criptovalute.Step 1: Crea il tuo Account HTXUsa la tua email o numero di telefono per registrarti il tuo account gratuito su HTX. Vivi un'esperienza facile e sblocca tutte le funzionalità,Crea il mio accountStep 2: Vai in Acquista crypto e seleziona il tuo metodo di pagamentoCarta di credito/debito: utilizza la tua Visa o Mastercard per acquistare immediatamente WorldLandWL.Bilancio: Usa i fondi dal bilancio del tuo account HTX per fare trading senza problemi.Terze parti: abbiamo aggiunto metodi di pagamento molto utilizzati come Google Pay e Apple Pay per maggiore comodità.P2P: Fai trading direttamente con altri utenti HTX.Over-the-Counter (OTC): Offriamo servizi su misura e tassi di cambio competitivi per i trader.Step 3: Conserva WorldLand (WL)Dopo aver acquistato WorldLand (WL), conserva nel tuo account HTX. In alternativa, puoi inviare tramite trasferimento blockchain o scambiare per altre criptovalute.Step 4: Scambia WorldLand (WL)Scambia facilmente WorldLand (WL) nel mercato spot di HTX. Accedi al tuo account, seleziona la tua coppia di trading, esegui le tue operazioni e monitora in tempo reale. Offriamo un'esperienza user-friendly sia per chi ha appena iniziato che per i trader più esperti.

203 Totale visualizzazioniPubblicato il 2026.03.28Aggiornato il 2026.03.28

Discussioni

Benvenuto nella Community HTX. Qui puoi rimanere informato sugli ultimi sviluppi della piattaforma e accedere ad approfondimenti esperti sul mercato. Le opinioni degli utenti sul prezzo di A A sono presentate come di seguito.