Wang Chun Also Fell Victim: A $50 Million 'Tuition' - Why Do Address Poisoning Attacks Keep Succeeding?

marsbitPubblicato 2025-12-22Pubblicato ultima volta 2025-12-22

Introduzione

On December 19, a cryptocurrency user fell victim to an address poisoning attack, losing 50 million USDT (approximately $50 million). The attacker first sent a small test transaction of 50 USDT from a Binance exchange wallet. Hours later, the victim transferred 49,999,950 USDT to what they believed was their own address but was actually a hacker-controlled wallet with a similar beginning and ending character sequence. The hacker quickly laundered the funds by converting USDT to DAI, then to ETH, and finally moving most of the assets into the privacy tool Tornado Cash. The victim, likely an institutional entity given transaction patterns and rapid response, publicly offered the hacker a $1 million reward for returning 98% of the funds and threatened legal action. Address poisoning attacks exploit user carelessness by creating deceptive addresses that mimic legitimate ones. Such attacks have been rising since 2022, with one Bitcoin incident alone involving 49,000 cases since 2023. High-profile figures like F2Pool’s Wang Chun have also suffered similar losses. While some victims have recovered funds through negotiation, this case remains unresolved as the hacker has not responded. The incident underscores the critical need for double-checking addresses in crypto transactions.

At around midnight Beijing time yesterday, on-chain analyst Specter X discovered a case where nearly 50 million USDT was transferred to a hacker's address due to failure to carefully verify the transfer address.

According to the author's investigation, this address (0xcB80784ef74C98A89b6Ab8D96ebE890859600819) withdrew 50 USDT from Binance at approximately 13:00 Beijing time on the 19th for a test transaction before a large withdrawal.

About 10 hours later, the address withdrew 49,999,950 USDT from Binance in one go. Combined with the previous 50 USDT withdrawal, the total amounted to exactly 50 million.

Approximately 20 minutes later, the address that received the 50 million USDT first transferred 50 USDT to 0xbaf4...95F8b5 for testing.

Within less than 15 minutes after the test transfer was completed, the hacker's address 0xbaff...08f8b5 transferred 0.005 USDT to the address holding the remaining 49,999,950 USDT. The address used by the hacker had similar beginning and ending characters to the address that received the 50 USDT, indicating a clear "address poisoning" attack.

10 minutes later, when the address beginning with 0xcB80 was preparing to transfer the remaining 40 million+ USDT, likely due to negligence, it copied the address from the previous transaction—the one used by the hacker for "poisoning"—and directly sent nearly 50 million USDT into the hands of the hacker.

With $50 million secured, the hacker began money laundering actions 30 minutes later. According to SlowMist monitoring, the hacker first swapped USDT for DAI via MetaMask, then used all the DAI to purchase approximately 16,690 Ethereum, kept 10 ETH, and transferred the remaining Ethereum to Tornado Cash.

Around 16:00 Beijing time yesterday, the victim addressed the hacker on-chain, stating that formal criminal proceedings had been initiated and that a substantial amount of reliable intelligence about the hacker's activities had been collected with the assistance of law enforcement, cybersecurity agencies, and multiple blockchain protocols. The victim stated that the hacker could keep $1 million and return the remaining 98% of the funds; if complied with, no further action would be taken; if not, criminal and civil liabilities would be pursued through legal channels, and the hacker's identity would be made public. However, as of now, the hacker has not responded.

According to data compiled by the Arkham platform, this address has records of large transfers with addresses associated with Binance, Kraken, Coinhako, and Cobo. Binance, Kraken, and Cobo need no introduction, while Coinhako might be a less familiar name. Coinhako is a Singapore-based cryptocurrency exchange platform established in 2014. It obtained a Major Payment Institution license from the Monetary Authority of Singapore in 2022, making it a regulated exchange in Singapore.

Given that this address uses multiple exchange platforms and Cobo's custody services, and its ability to quickly contact various parties and complete the tracking of the hacker within 24 hours of the incident, the author speculates that this address most likely belongs to an institution rather than an individual.

A "Careless Mistake" Leads to Major Loss

The only explanation for falling victim to an "address poisoning" attack is "carelessness." Such attacks can be avoided simply by double-checking the address before transferring, but clearly, the protagonist of this incident skipped this crucial step.

Address poisoning attacks began to emerge in 2022, originating from "vanity address" generators—tools that allow customization of the beginning of an EVM address. For example, the author could generate an address starting with 0xeric to make the address more labeled.

This tool was later discovered by hackers to have a design flaw allowing brute-force attacks on private keys, leading to several major fund theft incidents. However, the ability to generate addresses with customized beginnings and endings also gave some ill-intentioned individuals a "clever idea": by generating addresses similar in beginning and ending to a user's commonly used transfer addresses, and transferring small amounts to the user's other addresses, some users might, due to carelessness, mistake the hacker's address for their own and actively send on-chain assets into the hacker's pocket.

Past on-chain information shows that the address beginning with 0xcB80 was a major target for such poisoning attacks even before this incident, with attacks beginning nearly a year ago. This attack method essentially involves hackers betting that you will eventually get lazy or inattentive and fall for it. Ironically, it is this seemingly transparent attack method that continues to ensnare "careless" victims one after another.

Regarding this incident, F2Pool co-founder Wang Chun expressed sympathy for the victim on Twitter (X), mentioning that last year, to test if his address had a private key leak, he transferred 500 BTC to it, only to have 490 BTC stolen by hackers. Although Wang Chun's experience was unrelated to address poisoning attacks, he likely meant to convey that everyone has moments of "stupidity," and we should not blame the victim for carelessness but rather direct our criticism towards the hackers.

$50 million is no small amount, but it is not the largest loss from such attacks. In May 2024, an address transferred over $70 million worth of WBTC to a hacker's address due to a similar attack, but the victim eventually recovered almost all the funds with the assistance of security company Match Systems and the Cryptex exchange. However, in this case, the hacker quickly converted the stolen funds into ETH and transferred them to Tornado Cash, making it uncertain whether recovery is possible.

In April, Casa co-founder and chief security officer Jameson Lopp warned that address poisoning attacks are spreading rapidly, with as many as 48,000 such incidents occurring on the Bitcoin network alone since 2023.

Including fake Zoom meeting links on Telegram, these attack methods are not sophisticated, but it is precisely this "simple" approach that can make people let their guard down. For those of us in the dark forest, being extra cautious is never wrong.

Crypto di tendenza

Domande pertinenti

QWhat is the total amount of USDT lost in the address poisoning attack described in the article?

A50 million USDT, worth approximately $50 million.

QHow did the hacker execute the address poisoning attack in this case?

AThe hacker sent a small test transaction (0.005 USDT) from an address with a similar beginning and end to the victim's target address, tricking the victim into copying the wrong address for the large transfer.

QWhat did the victim do after discovering the theft, and what was the hacker's response?

AThe victim filed a criminal complaint and offered to let the hacker keep $1 million if 98% of the funds were returned. The hacker did not respond and instead laundered the funds through token swaps and Tornado Cash.

QWhat is address poisoning, and why is it effective despite being a simple attack?

AAddress poisoning involves creating a fake address with similar starting and ending characters to a victim's常用 address. It preys on human error, as users may carelessly copy the wrong address from their transaction history.

QWhich prominent figure in the crypto space shared a similar experience of loss due to carelessness, and what did they lose?

AF2Pool co-founder Wang Chun shared that he lost 490 BTC after transferring 500 BTC to test for private key leaks, highlighting that even experienced individuals can make costly mistakes.

Letture associate

Claude Accused of Becoming Dumber by the Entire Internet, Anthropic Steps In to Reveal: It’s Not the Model That’s Tricking You

When users complained that Claude was "getting dumber," the root cause wasn't the AI model itself. In an official blog post, Anthropic clarified the critical difference between two key settings in Claude Code: Model and Effort. Model refers to the core "brain"—the fixed, trained weights of a specific AI (like Sonnet, Opus, or Fable). Changing the Model addresses *capability* ("can it do this?"), but its knowledge is static post-training. Effort, however, controls the AI's *approach and thoroughness* for a specific task. A higher Effort level instructs Claude to read more files, run tests, perform verification, and complete multi-step reasoning before responding, significantly increasing its "work output" for that job. Conversely, low Effort leads to quicker, less thorough replies. This distinction explains the March 2024 uproar where users experienced a sudden drop in Claude's performance. The cause was not a model change but Anthropic quietly lowering the *default* Effort setting from "high" to "medium" to reduce latency, which was later reverted. The key insight is that a smaller, capable model (like Sonnet) on high Effort can often outperform a larger, more powerful model (like Opus) on low Effort for many tasks. The article provides a practical troubleshooting framework: if Claude makes an error, first check the context and instructions. If it seems to skip necessary steps or validations, increase Effort. If it diligently attempts the task but fails conceptually or makes consistent factual errors despite good context, then consider switching to a more capable Model. The takeaway is a shift in focus: effective AI programming is less about always choosing the "strongest" model and more about intelligently *orchestrating* models and effort levels—acting like a project manager to assign the right "brain" with the right level of diligence for each job, optimizing both results and cost.

marsbit1 h fa

Claude Accused of Becoming Dumber by the Entire Internet, Anthropic Steps In to Reveal: It’s Not the Model That’s Tricking You

marsbit1 h fa

Will the Ethereum Foundation Evolve into a 'Mascot'? Diversified Organizations Are Fragmenting Its Functions

The Ethereum Foundation (EF) is undergoing significant internal turmoil and functional erosion. Following its largest-ever layoff of 54 staff (20% of its workforce) and a major organizational restructuring announced in June, its Protocol Support Team has been officially dissolved. This comes alongside the high-profile resignation of key figures like co-executive director Xiaowei Wang, bringing senior departures this year to at least eight. Criticism of EF's rigid structure, opaque decision-making, and perceived lack of a clear value narrative for ETH has intensified within the community. The layoffs have catalyzed the emergence of independent, non-profit organizations like Ethlabs and Ethereum Institutional, founded by former EF researchers and members. These entities are now taking on core functions such as protocol research/development and institutional adoption, effectively fragmenting the EF's traditional leadership role. Concurrently, EF's security team is adapting to technological change, deploying specialized AI agents to audit Ethereum's codebase, which successfully discovered a critical vulnerability (CVE-2026-34219). While EF states AI complements rather than replaces researchers, it signals a potential future shift in its operational model. Faced with these challenges—internal restructuring, talent drain, the rise of competing organizations, and AI integration—the Ethereum Foundation appears to be stepping back from a central commanding role. Analysts and community observers speculate it may increasingly transition towards a symbolic "ecosystem mascot" function, while decentralized initiatives drive Ethereum's future growth and institutional adoption.

marsbit1 h fa

Will the Ethereum Foundation Evolve into a 'Mascot'? Diversified Organizations Are Fragmenting Its Functions

marsbit1 h fa

Nearly a Hundred Players Rush into Embodied Data: With 4.47 Billion Yuan in Financing in One Year, Who Can Really Make Money by 'Selling Data'?

The domestic embodied AI data industry has attracted nearly 100 players, with 70 focused on data collection and 27 on data infrastructure. In the past year, 15 independent embodied data service providers raised approximately 4.47 billion yuan. Despite this growth, the sector remains early-stage, fragmented, and faces significant challenges. Data collection methods are diverse, categorized into four main routes: teleoperation of real robots, human demonstration without a robot (using motion capture, exoskeletons, etc.), simulation synthesis, and distillation from internet videos. Most companies (43%) adopt hybrid approaches, combining multiple routes, as no single method can meet all training needs. Teleoperation alone is pursued by 31% of players, often by state-owned platforms and robot companies, while newer firms favor asset-light, no-hardware human demonstration. Independent data service providers now form the largest player group (40%), indicating the emergence of a distinct industry segment rather than just a subsidiary function for robot makers. Two-thirds of all players are "embodied-native" startups, while one-third are companies that pivoted from fields like AI data annotation, which are more prevalent in the data infrastructure layer. Current annual industry capacity is estimated at 1.6-1.8 million hours plus 70-80 million data points, with a short-term goal to increase this 15-20 fold within 1-3 years. Data collection factories are spread across 20 provinces in China, concentrated in the Yangtze River Delta, Beijing-Tianjin-Hebei, and Pearl River Delta regions. Financially, the 4.47 billion yuan raised in the past year pales compared to the 43.8 billion yuan raised by the broader embodied intelligence sector in just the first half of 2026, highlighting that data remains a less "sexy" bet for investors. The 15 funded independent providers show clear stratification: a top tier led by a unicorn (Lightwheel Intelligence, 3.1 billion yuan), a middle tier of 11 firms raising tens to hundreds of millions, and an early-stage tier of 3 companies. Sixty-nine investment institutions have participated, but none have made concentrated bets, reflecting uncertainty about viable business models. Over half of these funded companies are less than a year old, most are at pre-A or A rounds, and profitability remains largely unproven. In summary, the embodied data industry has become an independent track creating jobs and local economic activity. However, it is still nascent, with unformed consensus, unsolved problems, and unproven business models. The coming 1-2 years will be a critical validation window to see if companies can build sustainable, profitable businesses purely by "selling data."

marsbit4 h fa

Nearly a Hundred Players Rush into Embodied Data: With 4.47 Billion Yuan in Financing in One Year, Who Can Really Make Money by 'Selling Data'?

marsbit4 h fa

Trading

Spot

Articoli Popolari

Come comprare O

Benvenuto in HTX.com! Abbiamo reso l'acquisto di O1 exchange (O) semplice e conveniente. Segui la nostra guida passo passo per intraprendere il tuo viaggio nel mondo delle criptovalute.Step 1: Crea il tuo Account HTXUsa la tua email o numero di telefono per registrarti il tuo account gratuito su HTX. Vivi un'esperienza facile e sblocca tutte le funzionalità,Crea il mio accountStep 2: Vai in Acquista crypto e seleziona il tuo metodo di pagamentoCarta di credito/debito: utilizza la tua Visa o Mastercard per acquistare immediatamente O1 exchangeO.Bilancio: Usa i fondi dal bilancio del tuo account HTX per fare trading senza problemi.Terze parti: abbiamo aggiunto metodi di pagamento molto utilizzati come Google Pay e Apple Pay per maggiore comodità.P2P: Fai trading direttamente con altri utenti HTX.Over-the-Counter (OTC): Offriamo servizi su misura e tassi di cambio competitivi per i trader.Step 3: Conserva O1 exchange (O)Dopo aver acquistato O1 exchange (O), conserva nel tuo account HTX. In alternativa, puoi inviare tramite trasferimento blockchain o scambiare per altre criptovalute.Step 4: Scambia O1 exchange (O)Scambia facilmente O1 exchange (O) nel mercato spot di HTX. Accedi al tuo account, seleziona la tua coppia di trading, esegui le tue operazioni e monitora in tempo reale. Offriamo un'esperienza user-friendly sia per chi ha appena iniziato che per i trader più esperti.

78 Totale visualizzazioniPubblicato il 2026.06.19Aggiornato il 2026.06.29

Come comprare O

Come comprare PROS

Benvenuto in HTX.com! Abbiamo reso l'acquisto di Pharos (PROS) semplice e conveniente. Segui la nostra guida passo passo per intraprendere il tuo viaggio nel mondo delle criptovalute.Step 1: Crea il tuo Account HTXUsa la tua email o numero di telefono per registrarti il tuo account gratuito su HTX. Vivi un'esperienza facile e sblocca tutte le funzionalità,Crea il mio accountStep 2: Vai in Acquista crypto e seleziona il tuo metodo di pagamentoCarta di credito/debito: utilizza la tua Visa o Mastercard per acquistare immediatamente PharosPROS.Bilancio: Usa i fondi dal bilancio del tuo account HTX per fare trading senza problemi.Terze parti: abbiamo aggiunto metodi di pagamento molto utilizzati come Google Pay e Apple Pay per maggiore comodità.P2P: Fai trading direttamente con altri utenti HTX.Over-the-Counter (OTC): Offriamo servizi su misura e tassi di cambio competitivi per i trader.Step 3: Conserva Pharos (PROS)Dopo aver acquistato Pharos (PROS), conserva nel tuo account HTX. In alternativa, puoi inviare tramite trasferimento blockchain o scambiare per altre criptovalute.Step 4: Scambia Pharos (PROS)Scambia facilmente Pharos (PROS) nel mercato spot di HTX. Accedi al tuo account, seleziona la tua coppia di trading, esegui le tue operazioni e monitora in tempo reale. Offriamo un'esperienza user-friendly sia per chi ha appena iniziato che per i trader più esperti.

74 Totale visualizzazioniPubblicato il 2026.06.22Aggiornato il 2026.06.29

Come comprare PROS

Cosa è VERONA

I. Introduzione al Progetto VERONA è una blockchain costruita per tutti, ovunque attraverso l'astrazione della catena. Utilizzando il suo livello di astrazione generalizzato, VERONA si distingue integrando funzionalità blockchain complesse, come conti, firme e interoperabilità, direttamente a livello di protocollo. Questo approccio consente di interagire con le applicazioni blockchain senza la necessità di comprendere le tecnologie sottostanti.1) Informazioni di Base Nome:VERONA(VERONA)III. Link Correlati Link al sito ufficiale:https://xion.burnt.com/ Whitepaper:https://xion.burnt.com/whitepaper.pdf Esploratori:https://explorer.burnt.com/ Social Media: https://x.com/burnt_xion Nota: L'introduzione al progetto proviene dai materiali pubblicati o forniti dal team ufficiale del progetto, che è solo a scopo di riferimento e non costituisce consulenza per investimenti. HTX non si assume responsabilità per eventuali perdite dirette o indirette risultanti.

102 Totale visualizzazioniPubblicato il 2026.06.22Aggiornato il 2026.06.22

Cosa è VERONA

Discussioni

Benvenuto nella Community HTX. Qui puoi rimanere informato sugli ultimi sviluppi della piattaforma e accedere ad approfondimenti esperti sul mercato. Le opinioni degli utenti sul prezzo di A A sono presentate come di seguito.

活动图片