Logo
HomeDaily News

CZ Proposes Fix to Address Poisoning After Investor Loses $50M

Meta Maven
Meta MavenJanuary 3, 2026
Releases
CZ Proposes Fix to Address Poisoning After Investor Loses $50M
  • CZ calls for industry-wide action to stop address poisoning scams
  • Proposes wallet-level warnings, blacklist checks and spam filtering
  • $50M USDT loss highlights growing scale of phishing attacks
  • Address poisoning exploits users copying wallet history
  • Binance says it has already identified millions of poisoned addresses

Binance co-founder Changpeng Zhao has proposed a series of new security measures aimed at eliminating address poisoning scams, following a high-profile case in which a single investor lost $50 million in USDT.

In a blog post published Wednesday, Zhao urged wallet providers and blockchain platforms to take a more proactive role in protecting users from this increasingly common form of phishing. Address poisoning works by sending small transactions from scam addresses that closely resemble legitimate ones, tricking users into copying and pasting the attacker’s address from their transaction history.

According to Zhao, the fix is not complicated — but it requires coordinated adoption across the ecosystem.

“All wallets should simply check if a receiving address is a ‘poison address,’ and block the user,” Zhao wrote, arguing that this type of verification can be done through a straightforward blockchain query.

Wallet Warnings and Address Blacklists

Beyond basic detection, Zhao proposed several layers of defense that could significantly reduce user exposure to address poisoning scams. These include explicit wallet warnings, blacklist systems for suspicious addresses, and filtering out spam transactions altogether.

Zhao suggested that wallets should avoid displaying low-value spam transfers entirely, as these are often the entry point for poisoning attacks. By hiding or filtering such transactions, wallets could prevent users from accidentally copying malicious addresses in the first place.

The proposal comes amid a sharp rise in phishing-related losses. According to Scam Sniffer, phishing scams affected more than 6,300 victims in November alone, resulting in losses exceeding $7.7 million. That figure is expected to spike in December due largely to the single $50 million USDT theft that triggered Zhao’s response.

$50M address poisoning transaction, wallet 0xcB8. Source: Etherscan.io
$50M address poisoning transaction, wallet 0xcB8. Source: Etherscan.io

Phishing Remains Crypto’s Most Costly Threat

Security firm CertiK has identified phishing as the most damaging category of crypto scams in 2024, with total losses surpassing $1 billion. While earlier phishing campaigns relied heavily on scam-as-a-service drainers and malicious approval exploits, address poisoning has emerged as a quieter but increasingly effective attack vector.

Unlike complex smart contract exploits, address poisoning targets everyday user behavior — specifically the habit of copying wallet addresses from transaction histories without carefully checking every character.

Security companies have previously responded to phishing waves by introducing browser extensions, wallet warnings and approval monitors. However, address poisoning remains harder to catch because the transactions themselves are technically valid and often involve negligible amounts.

Rare Reversals and Industry Response

Most victims of address poisoning scams never recover their funds. However, there have been rare exceptions. In May 2024, one investor lost $71 million to an address poisoning attack, only to have the funds returned two weeks later after investigators reportedly tracked the attacker’s potential IP address and applied pressure.

Such cases are the exception, not the rule, underscoring the importance of prevention rather than recovery.

Binance says it has already taken steps in this direction. Zhao revealed that the exchange’s security team has developed what it calls an “antidote” to address poisoning, using algorithms that have identified approximately 15 million poisoned addresses to date.

A Call for Industry-Wide Standards

Zhao emphasized that isolated solutions are not enough. For address poisoning to be effectively neutralized, wallet providers, exchanges and infrastructure platforms must adopt common security standards.

As phishing tactics continue to evolve, Zhao’s proposal signals a shift toward more aggressive, default protections — even if it means limiting what users see in their transaction histories. The $50 million loss serves as a stark reminder that usability without safeguards can come at a steep cost in crypto.

Disclaimer: The content published on Cryptothreads does not constitute financial, investment, legal, or tax advice. We are not financial advisors, and any opinions, analysis, or recommendations provided are purely informational. Cryptocurrency markets are highly volatile, and investing in digital assets carries substantial risk. Always conduct your own research and consult with a professional financial advisor before making any investment decisions. Cryptothreads is not liable for any financial losses or damages resulting from actions taken based on our content.
usdt
bnb
ethereum
Meta Maven
WRITTEN BYMeta MavenMeta Maven is a seasoned Crypto News Curator and Decent Researcher with 5+ years of experience navigating the fast-paced blockchain landscape. Having covered significant crypto events—from innovative DeFi protocols to high-profile NFT launches—Maven delivers insightful analyses backed by rigorous research and deep market knowledge. Previously a lead analyst at leading blockchain-focused publications, Maven is known for clear, concise reporting across blockchain technology, decentralized finance, NFT marketplaces, and global crypto regulations. MM ensures readers stay informed and ahead in the evolving crypto world.
FOLLOWMeta Maven
Telegram

More articles by

Meta Maven

Hot Topic