Wang Chun Also Fell Victim: A $50 Million 'Tuition' - Why Do Address Poisoning Attacks Keep Succeeding?

marsbit2025-12-22 tarihinde yayınlandı2025-12-22 tarihinde güncellendi

Özet

On December 19, a cryptocurrency user fell victim to an address poisoning attack, losing 50 million USDT (approximately $50 million). The attacker first sent a small test transaction of 50 USDT from a Binance exchange wallet. Hours later, the victim transferred 49,999,950 USDT to what they believed was their own address but was actually a hacker-controlled wallet with a similar beginning and ending character sequence. The hacker quickly laundered the funds by converting USDT to DAI, then to ETH, and finally moving most of the assets into the privacy tool Tornado Cash. The victim, likely an institutional entity given transaction patterns and rapid response, publicly offered the hacker a $1 million reward for returning 98% of the funds and threatened legal action. Address poisoning attacks exploit user carelessness by creating deceptive addresses that mimic legitimate ones. Such attacks have been rising since 2022, with one Bitcoin incident alone involving 49,000 cases since 2023. High-profile figures like F2Pool’s Wang Chun have also suffered similar losses. While some victims have recovered funds through negotiation, this case remains unresolved as the hacker has not responded. The incident underscores the critical need for double-checking addresses in crypto transactions.

At around midnight Beijing time yesterday, on-chain analyst Specter X discovered a case where nearly 50 million USDT was transferred to a hacker's address due to failure to carefully verify the transfer address.

According to the author's investigation, this address (0xcB80784ef74C98A89b6Ab8D96ebE890859600819) withdrew 50 USDT from Binance at approximately 13:00 Beijing time on the 19th for a test transaction before a large withdrawal.

About 10 hours later, the address withdrew 49,999,950 USDT from Binance in one go. Combined with the previous 50 USDT withdrawal, the total amounted to exactly 50 million.

Approximately 20 minutes later, the address that received the 50 million USDT first transferred 50 USDT to 0xbaf4...95F8b5 for testing.

Within less than 15 minutes after the test transfer was completed, the hacker's address 0xbaff...08f8b5 transferred 0.005 USDT to the address holding the remaining 49,999,950 USDT. The address used by the hacker had similar beginning and ending characters to the address that received the 50 USDT, indicating a clear "address poisoning" attack.

10 minutes later, when the address beginning with 0xcB80 was preparing to transfer the remaining 40 million+ USDT, likely due to negligence, it copied the address from the previous transaction—the one used by the hacker for "poisoning"—and directly sent nearly 50 million USDT into the hands of the hacker.

With $50 million secured, the hacker began money laundering actions 30 minutes later. According to SlowMist monitoring, the hacker first swapped USDT for DAI via MetaMask, then used all the DAI to purchase approximately 16,690 Ethereum, kept 10 ETH, and transferred the remaining Ethereum to Tornado Cash.

Around 16:00 Beijing time yesterday, the victim addressed the hacker on-chain, stating that formal criminal proceedings had been initiated and that a substantial amount of reliable intelligence about the hacker's activities had been collected with the assistance of law enforcement, cybersecurity agencies, and multiple blockchain protocols. The victim stated that the hacker could keep $1 million and return the remaining 98% of the funds; if complied with, no further action would be taken; if not, criminal and civil liabilities would be pursued through legal channels, and the hacker's identity would be made public. However, as of now, the hacker has not responded.

According to data compiled by the Arkham platform, this address has records of large transfers with addresses associated with Binance, Kraken, Coinhako, and Cobo. Binance, Kraken, and Cobo need no introduction, while Coinhako might be a less familiar name. Coinhako is a Singapore-based cryptocurrency exchange platform established in 2014. It obtained a Major Payment Institution license from the Monetary Authority of Singapore in 2022, making it a regulated exchange in Singapore.

Given that this address uses multiple exchange platforms and Cobo's custody services, and its ability to quickly contact various parties and complete the tracking of the hacker within 24 hours of the incident, the author speculates that this address most likely belongs to an institution rather than an individual.

A "Careless Mistake" Leads to Major Loss

The only explanation for falling victim to an "address poisoning" attack is "carelessness." Such attacks can be avoided simply by double-checking the address before transferring, but clearly, the protagonist of this incident skipped this crucial step.

Address poisoning attacks began to emerge in 2022, originating from "vanity address" generators—tools that allow customization of the beginning of an EVM address. For example, the author could generate an address starting with 0xeric to make the address more labeled.

This tool was later discovered by hackers to have a design flaw allowing brute-force attacks on private keys, leading to several major fund theft incidents. However, the ability to generate addresses with customized beginnings and endings also gave some ill-intentioned individuals a "clever idea": by generating addresses similar in beginning and ending to a user's commonly used transfer addresses, and transferring small amounts to the user's other addresses, some users might, due to carelessness, mistake the hacker's address for their own and actively send on-chain assets into the hacker's pocket.

Past on-chain information shows that the address beginning with 0xcB80 was a major target for such poisoning attacks even before this incident, with attacks beginning nearly a year ago. This attack method essentially involves hackers betting that you will eventually get lazy or inattentive and fall for it. Ironically, it is this seemingly transparent attack method that continues to ensnare "careless" victims one after another.

Regarding this incident, F2Pool co-founder Wang Chun expressed sympathy for the victim on Twitter (X), mentioning that last year, to test if his address had a private key leak, he transferred 500 BTC to it, only to have 490 BTC stolen by hackers. Although Wang Chun's experience was unrelated to address poisoning attacks, he likely meant to convey that everyone has moments of "stupidity," and we should not blame the victim for carelessness but rather direct our criticism towards the hackers.

$50 million is no small amount, but it is not the largest loss from such attacks. In May 2024, an address transferred over $70 million worth of WBTC to a hacker's address due to a similar attack, but the victim eventually recovered almost all the funds with the assistance of security company Match Systems and the Cryptex exchange. However, in this case, the hacker quickly converted the stolen funds into ETH and transferred them to Tornado Cash, making it uncertain whether recovery is possible.

In April, Casa co-founder and chief security officer Jameson Lopp warned that address poisoning attacks are spreading rapidly, with as many as 48,000 such incidents occurring on the Bitcoin network alone since 2023.

Including fake Zoom meeting links on Telegram, these attack methods are not sophisticated, but it is precisely this "simple" approach that can make people let their guard down. For those of us in the dark forest, being extra cautious is never wrong.

İlgili Sorular

QWhat is the total amount of USDT lost in the address poisoning attack described in the article?

A50 million USDT, worth approximately $50 million.

QHow did the hacker execute the address poisoning attack in this case?

AThe hacker sent a small test transaction (0.005 USDT) from an address with a similar beginning and end to the victim's target address, tricking the victim into copying the wrong address for the large transfer.

QWhat did the victim do after discovering the theft, and what was the hacker's response?

AThe victim filed a criminal complaint and offered to let the hacker keep $1 million if 98% of the funds were returned. The hacker did not respond and instead laundered the funds through token swaps and Tornado Cash.

QWhat is address poisoning, and why is it effective despite being a simple attack?

AAddress poisoning involves creating a fake address with similar starting and ending characters to a victim's常用 address. It preys on human error, as users may carelessly copy the wrong address from their transaction history.

QWhich prominent figure in the crypto space shared a similar experience of loss due to carelessness, and what did they lose?

AF2Pool co-founder Wang Chun shared that he lost 490 BTC after transferring 500 BTC to test for private key leaks, highlighting that even experienced individuals can make costly mistakes.

İlgili Okumalar

Toncoin Fees To Drop 6x As Network Moves Toward Feeless Transactions

Telegram founder Pavel Durov announced that the Toncoin (TON) network will reduce transaction fees by six times in one week, lowering the cost to just 0.00039 TON (approximately $0.0005). This fee reduction is part of the "Make TON Great Again" (MTONGA) roadmap and will remain fixed regardless of network congestion. The update follows a recent upgrade that made the network 10 times faster and transactions nearly instant. Durov also hinted that future steps aim to make most transactions fully feeless. Although Telegram discontinued formal involvement with TON due to regulatory issues, Durov remains a strong supporter. Currently, Toncoin is trading around $1.30, down over 8% in the past week.

bitcoinist18 dk önce

Toncoin Fees To Drop 6x As Network Moves Toward Feeless Transactions

bitcoinist18 dk önce

a16z: AI's 'Amnesia', Can Continuous Learning Cure It?

The article "a16z: AI's 'Amnesia' – Can Continual Learning Cure It?" explores the limitations of current large language models (LLMs), which, like the protagonist in the film *Memento*, are trapped in a perpetual present—unable to form new memories after training. While methods like in-context learning (ICL), retrieval-augmented generation (RAG), and external scaffolding (e.g., chat history, prompts) provide temporary solutions, they fail to enable true internalization of new knowledge. The authors argue that compression—the core of learning during training—is halted at deployment, preventing models from generalizing, discovering novel solutions (e.g., mathematical proofs), or handling adversarial scenarios. The piece introduces *continual learning* as a critical research direction to address this, categorizing approaches into three paths: 1. **Context**: Scaling external memory via longer context windows, multi-agent systems, and smarter retrieval. 2. **Modules**: Using pluggable adapters or external memory layers for specialization without full retraining. 3. **Weights**: Enabling parameter updates through sparse training, test-time training, meta-learning, distillation, and reinforcement learning from feedback. Challenges include catastrophic forgetting, safety risks, and auditability, but overcoming these could unlock models that learn iteratively from experience. The conclusion emphasizes that while context-based methods are effective, true breakthroughs require models to compress new information into weights post-deployment, moving from mere retrieval to genuine learning.

marsbit27 dk önce

a16z: AI's 'Amnesia', Can Continuous Learning Cure It?

marsbit27 dk önce

Can a Hair Dryer Earn $34,000? Deciphering the Reflexivity Paradox in Prediction Markets

An individual manipulated a weather sensor at Paris Charles de Gaulle Airport with a portable heat source, causing a Polymarket weather market to settle at 22°C and earning $34,000. This incident highlights a fundamental issue in prediction markets: when a market aims to reflect reality, it also incentivizes participants to influence that reality. Prediction markets operate on two layers: platform rules (what outcome counts as a win) and data sources (what actually happened). While most focus on rules, the real vulnerability lies in the data source. If reality is recorded through a specific source, influencing that source directly affects market settlement. The article categorizes markets by their vulnerability: 1. **Single-point physical data sources** (e.g., weather stations): Easily manipulated through physical interference. 2. **Insider information markets** (e.g., MrBeast video details): Insiders like team members use non-public information to trade. Kalshi fined a剪辑师 $20,000 for insider trading. 3. **Actor-manipulated markets** (e.g., Andrew Tate’s tweet counts): The subject of the market can control the outcome. Evidence suggests Tate’sociated accounts coordinated to profit. 4. **Individual-action markets** (e.g., WNBA disruptions): A single person can execute an event to profit from their pre-placed bets. Kalshi and Polymarket handle these issues differently. Kalshi enforces strict KYC, publicly penalizes insider trading, and reports to regulators. Polymarket, with its anonymous wallet-based system, has historically been more permissive, arguing that insider information improves market accuracy. However, it cooperated with authorities in the "Van Dyke case," where a user traded on classified government information. The core paradox is reflexivity: prediction markets are designed to discover truth, but their financial incentives can distort reality. The more valuable a prediction becomes, the more likely participants are to influence the event itself. The market ceases to be a mirror of reality and instead shapes it.

marsbit1 saat önce

Can a Hair Dryer Earn $34,000? Deciphering the Reflexivity Paradox in Prediction Markets

marsbit1 saat önce

Analyst Reveals Accumulation Level For Dogecoin Before It Rallies To $2

A crypto analyst, Crypto Patel, predicts that Dogecoin (DOGE) could rally to $2, despite currently trading below $0.10. The analyst identifies a key accumulation zone between $0.07 and $0.09, where DOGE has repeatedly tested support without breaking down. Based on a bi-weekly chart using Elliott Wave theory, DOGE is in a Wave 4 consolidation phase within a descending channel. A bounce from this support is expected to trigger a Wave 5 rally, projecting a 2,767% surge toward $2. Price targets are set sequentially at $0.50, $1, and $2, with a stop-loss below $0.048. For a bullish trend reversal, DOGE must break above the $0.10 resistance level, which was recently rejected in April. Analysts emphasize that market conditions and a confirmed higher high are critical for the projected uptrend.

bitcoinist1 saat önce

Analyst Reveals Accumulation Level For Dogecoin Before It Rallies To $2

bitcoinist1 saat önce

Weekly Editor's Picks (0418-0424)

Weekly Editor's Picks (0418-0424) provides in-depth analysis on key developments across macro trends, crypto markets, and policy. Key topics include the oil market nearing a physical supply crisis due to shipping disruptions, even if the Strait of Hormuz reopens. In crypto, reports cover global consumer crypto adoption, a data-driven strategy for trading volatile altcoins, and the state of VC funding. Prediction markets like Polymarket are analyzed not as pure event-guessing games but as systems where understanding legalistic rules creates an edge. Major DeFi protocol Aave is criticized for poor crisis management amid a $300M exploit, while the controversial structure of World Liberty Financial is examined. Other highlights include policy updates like the CLARITY Act, Ethereum’s, airdrop opportunities, and weekly recaps of major incidents like the Kelp DAO hack and SpaceX's AI disclosures.

marsbit2 saat önce

İşlemler

Spot

Futures

Popüler Makaleler

WL Nedir

I. Proje TanıtımıWorldLand, Ethereum ekosistemini geliştirmek için tasarlanmış, Ethereum'un L2 veya yan zinciridir.II. Token Bilgileri1) Temel BilgilerToken adı: WL (WorldLand）III. İlgili BağlantılarWeb sitesi：https://worldland.foundation/Keşif Araçları：https://bscscan.com/address/0x8aaB31fbc69C92fa53f600910Cf0f215531F8239Sosyal Medya：https://x.com/WorldLand_space Not: Proje tanıtımı, resmi proje ekibi tarafından yayımlanan veya sağlanan materyallerden gelmektedir, yalnızca referans amaçlıdır ve yatırım tavsiyesi niteliği taşımaz. HTX, ortaya çıkan doğrudan veya dolaylı kayıplardan sorumluluk kabul etmez.

160 Toplam GörüntülenmeYayınlanma 2026.03.28Güncellenme 2026.03.28

WL Nasıl Satın Alınır

HTX.com’a hoş geldiniz! WorldLand (WL) satın alma işlemlerini basit ve kullanışlı bir hâle getirdik. Adım adım açıkladığımız rehberimizi takip ederek kripto yolculuğunuza başlayın. 1. Adım: HTX Hesabınızı OluşturunHTX'te ücretsiz bir hesap açmak için e-posta adresinizi veya telefon numaranızı kullanın. Sorunsuzca kaydolun ve tüm özelliklerin kilidini açın. Hesabımı Aç2. Adım: Kripto Satın Al Bölümüne Gidin ve Ödeme Yönteminizi SeçinKredi/Banka Kartı: Visa veya Mastercard'ınızı kullanarak anında WorldLand (WL) satın alın.Bakiye: Sorunsuz bir şekilde işlem yapmak için HTX hesap bakiyenizdeki fonları kullanın.Üçüncü Taraflar: Kullanımı kolaylaştırmak için Google Pay ve Apple Pay gibi popüler ödeme yöntemlerini ekledik.P2P: HTX'teki diğer kullanıcılarla doğrudan işlem yapın.Borsa Dışı (OTC): Yatırımcılar için kişiye özel hizmetler ve rekabetçi döviz kurları sunuyoruz.3. Adım: WorldLand (WL) Varlıklarınızı SaklayınWorldLand (WL) satın aldıktan sonra HTX hesabınızda saklayın. Alternatif olarak, blok zinciri transferi yoluyla başka bir yere gönderebilir veya diğer kripto para birimlerini takas etmek için kullanabilirsiniz.4. Adım: WorldLand (WL) Varlıklarınızla İşlem YapınHTX'in spot piyasasında WorldLand (WL) ile kolayca işlemler yapın.Hesabınıza erişin, işlem çiftinizi seçin, işlemlerinizi gerçekleştirin ve gerçek zamanlı olarak izleyin. Hem yeni başlayanlar hem de deneyimli yatırımcılar için kullanıcı dostu bir deneyim sunuyoruz.

207 Toplam GörüntülenmeYayınlanma 2026.03.28Güncellenme 2026.03.28

BASED Nasıl Satın Alınır

HTX.com’a hoş geldiniz! Based (BASED) satın alma işlemlerini basit ve kullanışlı bir hâle getirdik. Adım adım açıkladığımız rehberimizi takip ederek kripto yolculuğunuza başlayın. 1. Adım: HTX Hesabınızı OluşturunHTX'te ücretsiz bir hesap açmak için e-posta adresinizi veya telefon numaranızı kullanın. Sorunsuzca kaydolun ve tüm özelliklerin kilidini açın. Hesabımı Aç2. Adım: Kripto Satın Al Bölümüne Gidin ve Ödeme Yönteminizi SeçinKredi/Banka Kartı: Visa veya Mastercard'ınızı kullanarak anında Based (BASED) satın alın.Bakiye: Sorunsuz bir şekilde işlem yapmak için HTX hesap bakiyenizdeki fonları kullanın.Üçüncü Taraflar: Kullanımı kolaylaştırmak için Google Pay ve Apple Pay gibi popüler ödeme yöntemlerini ekledik.P2P: HTX'teki diğer kullanıcılarla doğrudan işlem yapın.Borsa Dışı (OTC): Yatırımcılar için kişiye özel hizmetler ve rekabetçi döviz kurları sunuyoruz.3. Adım: Based (BASED) Varlıklarınızı SaklayınBased (BASED) satın aldıktan sonra HTX hesabınızda saklayın. Alternatif olarak, blok zinciri transferi yoluyla başka bir yere gönderebilir veya diğer kripto para birimlerini takas etmek için kullanabilirsiniz.4. Adım: Based (BASED) Varlıklarınızla İşlem YapınHTX'in spot piyasasında Based (BASED) ile kolayca işlemler yapın.Hesabınıza erişin, işlem çiftinizi seçin, işlemlerinizi gerçekleştirin ve gerçek zamanlı olarak izleyin. Hem yeni başlayanlar hem de deneyimli yatırımcılar için kullanıcı dostu bir deneyim sunuyoruz.

222 Toplam GörüntülenmeYayınlanma 2026.03.30Güncellenme 2026.03.30

Tartışmalar

HTX Topluluğuna hoş geldiniz. Burada, en son platform gelişmeleri hakkında bilgi sahibi olabilir ve profesyonel piyasa görüşlerine erişebilirsiniz. Kullanıcıların A (A) fiyatı hakkındaki görüşleri aşağıda sunulmaktadır.