Changpeng Zhao, the co-founder and former CEO of Binance, has called on the crypto industry to take stronger, coordinated action to eliminate address poisoning fraud.
The warning comes after a single victim lost nearly $50 million in USDT in what analysts described as one of the largest phishing losses in recent months.
How a Single Copy-Paste Mistake Caused a $50 Million Crypto Heist
The incident took place within an hour. According to to on-chain data and security companies following the case, the victim withdrew funds from Binance and sent a small test transaction of 50 USDT to the correct destination address.
Minutes later, the user copied an address from his transaction history and sent 49,999,950 USDT to another wallet that closely resembled the intended recipient.
The fraudulent address had been planted by attackers through a previous microtransaction, a common tactic used in address poisoning scams.
The victim’s wallet, which had been active for about two years and was largely used for USDT transfers, sent the funds shortly after the withdrawal from Binance.
Initial reports indicated that the stolen USDT temporarily remained at the destination address, although similar cases show that money is often quickly moved, exchanged or laundered through multiple wallets.
In this case, blockchain researchers later observed portions of the funds being converted into ETH and routed through different addresses, with some going through the Tornado Cash mixer.
Zhao turned to the incident in a public postand describes it as a problem that the industry should be able to eliminate completely.
He proposed that wallets automatically flag and block known poison addresses using simple blockchain queries, alerting users before sending transactions.
He also urged industry security groups to maintain real-time blacklists that wallets can consult before executing them, and suggested completely filtering out spam transactions so that users don’t see substance transfers in their history.
Binance Wallet, he said, already implements some of these protections.
As address poisoning increases, lawmakers and stablecoin issuers are intervening
Address poisoning, sometimes called dusting, is a form of phishing in which attackers send small amounts of crypto to wallets from addresses designed to be nearly identical to legitimate addresses.
When users later copy an address from their transaction history instead of a verified source, they may unknowingly paste the attacker’s address.
Matching the first few and last characters of a wallet address is often enough to deceive users, especially during high-value transfers.
Security companies say the tactic is growing as SlowMist and other analysts have identified address poisoning as a growing threat, especially on networks with low transaction costs where attackers can operate at scale.
TRM Labs has documented extensive dusting activity on the TRON blockchain, where free or near-free transfers allow bots to flood wallets with forged transactions.
Their research shows that attackers are generating thousands of vanity addresses and deploying automated systems that target recently active or high-balance wallets, especially wallets with stablecoins like USDT.
The $50 million loss comes amid a broader wave of crypto-related fraud. Industry estimates to suggest Since the introduction of crypto, nearly $90 billion has been lost to hacks and exploits, with more than $9 billion recorded in 2025 alone.
More than $276 million was stolen in November and phishing was identified by CertiK as the most damaging scam category of 2024, accounting for more than $1 billion in losses.
US authorities reported that Americans lost approximately $9.3 billion to crypto investment scams in 2024, a sharp increase year-over-year.
After $9.3 billion lost to crypto fraud such as pig slaughter, US lawmakers unveil the bipartisan SAFE Crypto Act, creating a federal task force to combat fraud.#CryptoScam #CryptoRegulationhttps://t.co/kG6oDWQVCC
— Cryptonews.com (@cryptonews) December 17, 2025
Lawmakers have also responded. US Senators Elissa Slotkin and Jerry Moran recently introduced the SAFE Crypto Act, proposi
The post CZ wants to ‘eradicate’ address poisoning after massive $50 million loss appeared first on Cryptonews.
