Wang Chun Also Fell Victim: A $50 Million 'Tuition' - Why Do Address Poisoning Attacks Keep Succeeding?

marsbitPublicado em 2025-12-22Última atualização em 2025-12-22

Resumo

On December 19, a cryptocurrency user fell victim to an address poisoning attack, losing 50 million USDT (approximately $50 million). The attacker first sent a small test transaction of 50 USDT from a Binance exchange wallet. Hours later, the victim transferred 49,999,950 USDT to what they believed was their own address but was actually a hacker-controlled wallet with a similar beginning and ending character sequence. The hacker quickly laundered the funds by converting USDT to DAI, then to ETH, and finally moving most of the assets into the privacy tool Tornado Cash. The victim, likely an institutional entity given transaction patterns and rapid response, publicly offered the hacker a $1 million reward for returning 98% of the funds and threatened legal action. Address poisoning attacks exploit user carelessness by creating deceptive addresses that mimic legitimate ones. Such attacks have been rising since 2022, with one Bitcoin incident alone involving 49,000 cases since 2023. High-profile figures like F2Pool’s Wang Chun have also suffered similar losses. While some victims have recovered funds through negotiation, this case remains unresolved as the hacker has not responded. The incident underscores the critical need for double-checking addresses in crypto transactions.

At around midnight Beijing time yesterday, on-chain analyst Specter X discovered a case where nearly 50 million USDT was transferred to a hacker's address due to failure to carefully verify the transfer address.

According to the author's investigation, this address (0xcB80784ef74C98A89b6Ab8D96ebE890859600819) withdrew 50 USDT from Binance at approximately 13:00 Beijing time on the 19th for a test transaction before a large withdrawal.

About 10 hours later, the address withdrew 49,999,950 USDT from Binance in one go. Combined with the previous 50 USDT withdrawal, the total amounted to exactly 50 million.

Approximately 20 minutes later, the address that received the 50 million USDT first transferred 50 USDT to 0xbaf4...95F8b5 for testing.

Within less than 15 minutes after the test transfer was completed, the hacker's address 0xbaff...08f8b5 transferred 0.005 USDT to the address holding the remaining 49,999,950 USDT. The address used by the hacker had similar beginning and ending characters to the address that received the 50 USDT, indicating a clear "address poisoning" attack.

10 minutes later, when the address beginning with 0xcB80 was preparing to transfer the remaining 40 million+ USDT, likely due to negligence, it copied the address from the previous transaction—the one used by the hacker for "poisoning"—and directly sent nearly 50 million USDT into the hands of the hacker.

With $50 million secured, the hacker began money laundering actions 30 minutes later. According to SlowMist monitoring, the hacker first swapped USDT for DAI via MetaMask, then used all the DAI to purchase approximately 16,690 Ethereum, kept 10 ETH, and transferred the remaining Ethereum to Tornado Cash.

Around 16:00 Beijing time yesterday, the victim addressed the hacker on-chain, stating that formal criminal proceedings had been initiated and that a substantial amount of reliable intelligence about the hacker's activities had been collected with the assistance of law enforcement, cybersecurity agencies, and multiple blockchain protocols. The victim stated that the hacker could keep $1 million and return the remaining 98% of the funds; if complied with, no further action would be taken; if not, criminal and civil liabilities would be pursued through legal channels, and the hacker's identity would be made public. However, as of now, the hacker has not responded.

According to data compiled by the Arkham platform, this address has records of large transfers with addresses associated with Binance, Kraken, Coinhako, and Cobo. Binance, Kraken, and Cobo need no introduction, while Coinhako might be a less familiar name. Coinhako is a Singapore-based cryptocurrency exchange platform established in 2014. It obtained a Major Payment Institution license from the Monetary Authority of Singapore in 2022, making it a regulated exchange in Singapore.

Given that this address uses multiple exchange platforms and Cobo's custody services, and its ability to quickly contact various parties and complete the tracking of the hacker within 24 hours of the incident, the author speculates that this address most likely belongs to an institution rather than an individual.

A "Careless Mistake" Leads to Major Loss

The only explanation for falling victim to an "address poisoning" attack is "carelessness." Such attacks can be avoided simply by double-checking the address before transferring, but clearly, the protagonist of this incident skipped this crucial step.

Address poisoning attacks began to emerge in 2022, originating from "vanity address" generators—tools that allow customization of the beginning of an EVM address. For example, the author could generate an address starting with 0xeric to make the address more labeled.

This tool was later discovered by hackers to have a design flaw allowing brute-force attacks on private keys, leading to several major fund theft incidents. However, the ability to generate addresses with customized beginnings and endings also gave some ill-intentioned individuals a "clever idea": by generating addresses similar in beginning and ending to a user's commonly used transfer addresses, and transferring small amounts to the user's other addresses, some users might, due to carelessness, mistake the hacker's address for their own and actively send on-chain assets into the hacker's pocket.

Past on-chain information shows that the address beginning with 0xcB80 was a major target for such poisoning attacks even before this incident, with attacks beginning nearly a year ago. This attack method essentially involves hackers betting that you will eventually get lazy or inattentive and fall for it. Ironically, it is this seemingly transparent attack method that continues to ensnare "careless" victims one after another.

Regarding this incident, F2Pool co-founder Wang Chun expressed sympathy for the victim on Twitter (X), mentioning that last year, to test if his address had a private key leak, he transferred 500 BTC to it, only to have 490 BTC stolen by hackers. Although Wang Chun's experience was unrelated to address poisoning attacks, he likely meant to convey that everyone has moments of "stupidity," and we should not blame the victim for carelessness but rather direct our criticism towards the hackers.

$50 million is no small amount, but it is not the largest loss from such attacks. In May 2024, an address transferred over $70 million worth of WBTC to a hacker's address due to a similar attack, but the victim eventually recovered almost all the funds with the assistance of security company Match Systems and the Cryptex exchange. However, in this case, the hacker quickly converted the stolen funds into ETH and transferred them to Tornado Cash, making it uncertain whether recovery is possible.

In April, Casa co-founder and chief security officer Jameson Lopp warned that address poisoning attacks are spreading rapidly, with as many as 48,000 such incidents occurring on the Bitcoin network alone since 2023.

Including fake Zoom meeting links on Telegram, these attack methods are not sophisticated, but it is precisely this "simple" approach that can make people let their guard down. For those of us in the dark forest, being extra cautious is never wrong.

Perguntas relacionadas

QWhat is the total amount of USDT lost in the address poisoning attack described in the article?

A50 million USDT, worth approximately $50 million.

QHow did the hacker execute the address poisoning attack in this case?

AThe hacker sent a small test transaction (0.005 USDT) from an address with a similar beginning and end to the victim's target address, tricking the victim into copying the wrong address for the large transfer.

QWhat did the victim do after discovering the theft, and what was the hacker's response?

AThe victim filed a criminal complaint and offered to let the hacker keep $1 million if 98% of the funds were returned. The hacker did not respond and instead laundered the funds through token swaps and Tornado Cash.

QWhat is address poisoning, and why is it effective despite being a simple attack?

AAddress poisoning involves creating a fake address with similar starting and ending characters to a victim's常用 address. It preys on human error, as users may carelessly copy the wrong address from their transaction history.

QWhich prominent figure in the crypto space shared a similar experience of loss due to carelessness, and what did they lose?

AF2Pool co-founder Wang Chun shared that he lost 490 BTC after transferring 500 BTC to test for private key leaks, highlighting that even experienced individuals can make costly mistakes.

Leituras Relacionadas

Morning Post | Trump Media Group Releases Q1 Financial Report; Top Three DeFi Applications Return Nearly $100 Million in Revenue to Token Holders in 30 Days; Michael Saylor Shares Bitcoin Tracker Info Again

**Title: Daily Briefing | Trump Media Group Releases Q1 Report; Top 3 DeFi Apps Return Nearly $100M to Token Holders; Michael Saylor Signals Potential Bitcoin Buy** **Summary:** Key developments in the past 24 hours include: * **Economic Outlook:** Goldman Sachs has pushed back its forecast for the next two Federal Reserve interest rate cuts to December 2026 and March 2027, citing persistent inflationary pressures from energy costs. This delayed timeline is expected to tighten liquidity flow into risk assets, including cryptocurrencies. * **DeFi & Revenue:** Data from DefiLlama shows that three leading DeFi applications—Hyperliquid, Pump.fun, and EdgeX—collectively distributed $96.3 million in revenue to their token holders over the last 30 days. This trend highlights a shift in the crypto community's focus towards real protocol earnings and sustainable economic models. * **Corporate Bitcoin Moves:** Michael Saylor, founder of MicroStrategy (note: referred to as 'Strategy' in the text, likely a typographical error), has signaled potential upcoming Bitcoin purchases by posting a "Bitcoin Tracker" update, following a pattern that typically precedes the company's official disclosure of new acquisitions. * **Market Integrity:** Prediction market platform Polymarket announced updates to address platform issues, including identifying and banning clusters of accounts involved in "ghost-fill" activities and implementing measures to prevent bulk account creation. * **Regulation:** The Bank of England Governor warned that stablecoin regulation could lead to tensions between US and international regulators. In South Korea, the National Tax Service has launched a pilot program to entrust seized virtual assets to private custody firms for management. * **Meme Token Trends:** GMGN data lists the top trending meme tokens on Ethereum (e.g., HEX, SHIB), Solana (e.g., FWOG, TROLL), and Base (e.g., SKITTEN, PEPE) over the past day. **Financial Note:** Trump Media & Technology Group reported a Q1 loss of approximately $4 billion, primarily attributed to unrealized losses on its Bitcoin and other digital asset holdings.

链捕手Há 26m

Morning Post | Trump Media Group Releases Q1 Financial Report; Top Three DeFi Applications Return Nearly $100 Million in Revenue to Token Holders in 30 Days; Michael Saylor Shares Bitcoin Tracker Info Again

链捕手Há 26m

Telegram Takes Direct Control of TON, Social Traffic Rewrites the Public Chain Narrative

Telegram founder Pavel Durov announced that Telegram will replace the TON Foundation as the core driver and largest validator of The Open Network (TON). Key initiatives include a sixfold reduction in transaction fees, performance upgrades, and improved developer tools within the next few weeks. This marks a strategic shift from Telegram merely providing user access to deeply integrating TON into its platform's core infrastructure. The goal is to transform Telegram's massive social traffic into sustainable on-chain activity. While viral mini-apps like Notcoin have demonstrated Telegram's ability to drive user adoption, TON aims to support frequent, low-value transactions inherent to social platforms—such as tipping, in-app payments, and game rewards. Ultra-low fees and sub-second finality (0.6 seconds) are crucial to making blockchain interactions seamless and nearly invisible within the Telegram user experience. However, Telegram's increased central role raises questions about network decentralization. Durov argues that Telegram's participation will attract more large validators, thereby enhancing decentralization. TON also offers high annual staking rewards (18.8%), aiming to retain capital within its ecosystem. The fundamental challenge for TON is no longer leveraging Telegram's user base, but becoming an indispensable, seamless infrastructure layer for Telegram's everyday applications—moving from an adjacent chain to an embedded utility.

marsbitHá 28m

Telegram Takes Direct Control of TON, Social Traffic Rewrites the Public Chain Narrative

marsbitHá 28m

Telegram Takes Direct Control of TON, Social Traffic Reshapes Public Chain Narrative

Telegram's founder, Pavel Durov, has announced a major shift in the development of The Open Network (TON). Telegram will now become the core driver of TON, replacing the TON Foundation and becoming its largest validator. The focus will be on technical upgrades over the next few weeks, including slashing network fees by six times to near-zero and improving finality time to 0.6 seconds. This move signifies a deeper integration between Telegram and TON, moving beyond just providing a user base. The goal is to transform Telegram's vast social traffic and built-in features—like Mini Apps, payments, and bots—into sustainable, on-chain usage scenarios. The reduced fees and faster speeds are crucial for enabling the small, frequent transactions typical of social interactions. While this promises stronger execution and product alignment, it raises questions about centralization. Durov argues Telegram's involvement will attract more validators, enhancing decentralization, but the outcome remains to be seen. Additionally, TON's high annual staking reward of 18.8% aims to retain capital within the ecosystem. The key challenge for TON is no longer just leveraging Telegram's entry point, but becoming an invisible, seamless infrastructure layer within Telegram's daily use. Its success hinges on converting viral attention into lasting, embedded utility.

Odaily星球日报Há 37m

Telegram Takes Direct Control of TON, Social Traffic Reshapes Public Chain Narrative

Odaily星球日报Há 37m

OpenAI Post-Training Engineer Weng Jiayi Proposes a New Paradigm Hypothesis for Agentic AI

OpenAI engineer Weng Jiayi's "Heuristic Learning" experiments propose a new paradigm for Agentic AI, suggesting that intelligent agents can improve not just by training neural networks, but also by autonomously writing and refining code based on environmental feedback. In the experiment, a coding agent (powered by Codex) was tasked with developing and maintaining a programmatic strategy for the Atari game Breakout. Starting from a basic prompt, the agent iteratively wrote code, ran the game, analyzed logs and video replays to identify failures, and then modified the code. Through this engineering loop of "code-run-debug-update," it evolved a pure Python heuristic strategy that achieved a perfect score of 864 in Breakout and performed competitively with deep reinforcement learning (RL) algorithms in MuJoCo control tasks like Ant and HalfCheetah. This approach, termed Heuristic Learning (HL), contrasts with Deep RL. In HL, experience is captured in readable, modifiable code, tests, logs, and configurations—a software system—rather than being encoded solely into opaque neural network weights. This offers potential advantages in explainability, auditability for safety-critical applications, easier integration of regression tests to combat catastrophic forgetting, and more efficient sample use in early learning stages, as demonstrated in broader tests on 57 Atari games. However, the blog acknowledges clear limitations. Programmatic strategies struggle with tasks requiring long-horizon planning or complex perception (e.g., Montezuma's Revenge), areas where neural networks excel. The future vision is a hybrid architecture: specialized neural networks for fast perception (System 1), HL systems for rules, safety, and local recovery (also System 1), and LLM agents providing high-level feedback and learning from the HL system's data (System 2). The core proposition is that in the era of capable coding agents, a significant portion of an AI's learned experience could be maintained as an auditable, evolving software system.

marsbitHá 1h

OpenAI Post-Training Engineer Weng Jiayi Proposes a New Paradigm Hypothesis for Agentic AI

marsbitHá 1h

Your Claude Will Dream Tonight, Don't Disturb It

This article explores the recent phenomenon of AI companies increasingly using anthropomorphic language—like "thinking," "memory," "hallucination," and now "dreaming"—to describe machine learning processes. Focusing on Anthropic's newly announced "Dreaming" feature for its Claude Agent platform, the piece explains that this function is essentially an automated, offline batch processing of an agent's operational logs. It analyzes past task sessions to identify patterns, optimize future actions, and consolidate learnings into a persistent memory system, akin to a form of reinforcement learning and self-correction. The article draws parallels to similar features in other AI agent systems like Hermes Agent and OpenClaw, which also implement mechanisms for reviewing historical data, extracting reusable "skills," and strengthening long-term memory. It notes a key difference from human dreaming: these AI "dreams" still consume computational resources and user tokens. Further context is provided by discussing the technical challenges of managing AI "memory" or context, highlighting the computational expense of large context windows and innovations like Subquadratic's new model claiming drastically longer contexts. The core critique argues that this strategic use of human-centric vocabulary does more than market products; it subtly reshapes user perception. By framing algorithms with terms associated with consciousness, companies blur the line between tool and autonomous entity. This linguistic shift can influence user expectations, tolerance for errors, and even perceptions of responsibility when systems fail, potentially diverting scrutiny from the companies and engineers behind the technology. The article concludes by speculating that terms like "daydreaming" for predictive task simulation might be next, continuing this trend of embedding the idea of an "inner life" into computational processes.

marsbitHá 1h

Your Claude Will Dream Tonight, Don't Disturb It

marsbitHá 1h

Trading

Spot
Futuros

Artigos em Destaque

Como comprar CC

Bem-vindo à HTX.com!Tornámos a compra de CC(Canton) (CC) simples e conveniente.Segue o nosso guia passo a passo para iniciar a tua jornada no mundo das criptos.Passo 1: cria a tua conta HTXUtiliza o teu e-mail ou número de telefone para te inscreveres numa conta gratuita na HTX.Desfruta de um processo de inscrição sem complicações e desbloqueia todas as funcionalidades.Obter a minha contaPasso 2: vai para Comprar Cripto e escolhe o teu método de pagamentoCartão de crédito/débito: usa o teu visa ou mastercard para comprar CC(Canton) (CC) instantaneamente.Saldo: usa os fundos da tua conta HTX para transacionar sem problemas.Terceiros: adicionamos métodos de pagamento populares, como Google Pay e Apple Pay, para aumentar a conveniência.P2P: transaciona diretamente com outros utilizadores na HTX.Mercado de balcão (OTC): oferecemos serviços personalizados e taxas de câmbio competitivas para os traders.Passo 3: armazena teu CC(Canton) (CC)Depois de comprar o teu CC(Canton) (CC), armazena-o na tua conta HTX.Alternativamente, podes enviá-lo para outro lugar através de transferência blockchain ou usá-lo para transacionar outras criptomoedas.Passo 4: transaciona CC(Canton) (CC)Transaciona facilmente CC(Canton) (CC) no mercado à vista da HTX.Acede simplesmente à tua conta, seleciona o teu par de trading, executa as tuas transações e monitoriza em tempo real.Oferecemos uma experiência de fácil utilização tanto para principiantes como para traders experientes.

240 Visualizações TotaisPublicado em {updateTime}Atualizado em 2026.04.21

Como comprar CC

Como comprar BLEND

Bem-vindo à HTX.com!Tornámos a compra de Fluent (BLEND) simples e conveniente.Segue o nosso guia passo a passo para iniciar a tua jornada no mundo das criptos.Passo 1: cria a tua conta HTXUtiliza o teu e-mail ou número de telefone para te inscreveres numa conta gratuita na HTX.Desfruta de um processo de inscrição sem complicações e desbloqueia todas as funcionalidades.Obter a minha contaPasso 2: vai para Comprar Cripto e escolhe o teu método de pagamentoCartão de crédito/débito: usa o teu visa ou mastercard para comprar Fluent (BLEND) instantaneamente.Saldo: usa os fundos da tua conta HTX para transacionar sem problemas.Terceiros: adicionamos métodos de pagamento populares, como Google Pay e Apple Pay, para aumentar a conveniência.P2P: transaciona diretamente com outros utilizadores na HTX.Mercado de balcão (OTC): oferecemos serviços personalizados e taxas de câmbio competitivas para os traders.Passo 3: armazena teu Fluent (BLEND)Depois de comprar o teu Fluent (BLEND), armazena-o na tua conta HTX.Alternativamente, podes enviá-lo para outro lugar através de transferência blockchain ou usá-lo para transacionar outras criptomoedas.Passo 4: transaciona Fluent (BLEND)Transaciona facilmente Fluent (BLEND) no mercado à vista da HTX.Acede simplesmente à tua conta, seleciona o teu par de trading, executa as tuas transações e monitoriza em tempo real.Oferecemos uma experiência de fácil utilização tanto para principiantes como para traders experientes.

128 Visualizações TotaisPublicado em {updateTime}Atualizado em 2026.04.24

Como comprar BLEND

Como comprar ACN

Bem-vindo à HTX.com!Tornámos a compra de AITECH CLOUD NETWORK (ACN) simples e conveniente.Segue o nosso guia passo a passo para iniciar a tua jornada no mundo das criptos.Passo 1: cria a tua conta HTXUtiliza o teu e-mail ou número de telefone para te inscreveres numa conta gratuita na HTX.Desfruta de um processo de inscrição sem complicações e desbloqueia todas as funcionalidades.Obter a minha contaPasso 2: vai para Comprar Cripto e escolhe o teu método de pagamentoCartão de crédito/débito: usa o teu visa ou mastercard para comprar AITECH CLOUD NETWORK (ACN) instantaneamente.Saldo: usa os fundos da tua conta HTX para transacionar sem problemas.Terceiros: adicionamos métodos de pagamento populares, como Google Pay e Apple Pay, para aumentar a conveniência.P2P: transaciona diretamente com outros utilizadores na HTX.Mercado de balcão (OTC): oferecemos serviços personalizados e taxas de câmbio competitivas para os traders.Passo 3: armazena teu AITECH CLOUD NETWORK (ACN)Depois de comprar o teu AITECH CLOUD NETWORK (ACN), armazena-o na tua conta HTX.Alternativamente, podes enviá-lo para outro lugar através de transferência blockchain ou usá-lo para transacionar outras criptomoedas.Passo 4: transaciona AITECH CLOUD NETWORK (ACN)Transaciona facilmente AITECH CLOUD NETWORK (ACN) no mercado à vista da HTX.Acede simplesmente à tua conta, seleciona o teu par de trading, executa as tuas transações e monitoriza em tempo real.Oferecemos uma experiência de fácil utilização tanto para principiantes como para traders experientes.

75 Visualizações TotaisPublicado em {updateTime}Atualizado em 2026.04.28

Como comprar ACN

Discussões

Bem-vindo à Comunidade HTX. Aqui, pode manter-se informado sobre os mais recentes desenvolvimentos da plataforma e obter acesso a análises profissionais de mercado. As opiniões dos utilizadores sobre o preço de A (A) são apresentadas abaixo.

活动图片

Categorias popularesright-arrow

Etiquetas Popularesright-arrow