A massive $50 million crypto scam has reignited urgent calls from Binance founder Changpeng Zhao (CZ) for better wallet protections across the industry.
Key Takeaways
- A trader lost nearly $50 million in USDT after falling for an address poisoning scam on December 20.
- CZ proposed automated wallet checks, real-time blacklist sharing, and filtering of spam transactions to combat such scams.
- Address poisoning scams are on the rise, contributing to over $3.4 billion in crypto thefts in 2025.
- Binance Wallet already warns users about suspicious addresses and is pushing for industry-wide adoption of similar tools.
What Happened?
On December 20, a crypto trader unknowingly transferred 49,999,950 USDT to a fraudulent wallet address. The scam exploited a tactic known as address poisoning, which manipulates wallet interfaces to trick users into sending funds to malicious addresses that appear nearly identical to legitimate ones.
The incident prompted CZ to propose a three-pronged strategy to combat such scams, highlighting how wallets can use on-chain queries to detect and block dangerous addresses before funds are lost.
We can completely eradicate this type of poison address attacks. https://t.co/PJLd8WQV4y https://t.co/5R8JMp1EBe
— CZ 🔶 BNB (@cz_binance) December 24, 2025
CZ’s Proposal: Eradicating Address Poisoning
CZ called on wallet developers and crypto platforms to take immediate action, stating, “We can completely eradicate this type of poison address attacks.” In a blog post and recent statements, he outlined several key measures:
- Automatic detection and blocking of known poison addresses using blockchain lookups.
- Industry-wide real-time blacklists shared across wallet providers to flag suspicious addresses.
- Filtering out small, spam transactions used by scammers to poison transaction histories.
He explained that attackers use scripts to send tiny amounts of crypto from spoofed addresses, polluting the victim’s transaction history. These addresses closely mimic the real ones by matching the first few and last several characters, taking advantage of how wallets often shorten address displays with ellipses.
How the Scam Unfolded?
According to on-chain analysis from Lookonchain and SlowMist, the scam began when the victim conducted a 50 USDT test transfer to what they believed was their wallet. Within minutes, the attacker sent small transactions from a spoofed address to appear in the transaction history.
Just 26 minutes later, the victim accidentally copied the lookalike address and sent the remaining $49,999,950 USDT, believing it was the same as the earlier test.
The attacker quickly laundered the funds, swapping USDT into DAI, then into approximately 16,690 ETH, which was largely funneled into Tornado Cash, a mixing service often used to obscure fund trails.
The victim has since posted a $1 million on-chain bounty for the return of the stolen crypto.
The Bigger Picture: Growing Threat of Address Poisoning
Address poisoning has emerged as one of the most dangerous types of phishing attacks in the crypto world. Data from blockchain security firm CertiK reported that phishing attacks cost victims over $1 billion in 2024, with address poisoning responsible for more than 10 percent of all wallet drains in 2025.
Crypto security firm Scam Sniffer noted that phishing scams affected over 6,300 victims and led to $7.7 million in losses in November alone, with numbers expected to spike further due to the recent $50 million heist.
There have been other major incidents too. In May 2024, one investor lost $68 million in wrapped bitcoin (WBTC) through an address poisoning scam. That victim was among the lucky few who recovered funds, thanks to public pressure and investigative work that reportedly traced the attacker’s IP address.
Binance’s Response and Industry Push
Binance’s security team claims to have developed an algorithm capable of identifying around 15 million poisoned addresses, which is now being used to safeguard Binance Wallet users.
CZ is now urging the broader crypto ecosystem to follow suit, emphasizing that wallets should filter out spam transactions altogether and never display suspicious activity in transaction logs.
CoinLaw’s Takeaway
In my experience, this type of scam is one of the most frustrating because it’s deceptively simple and exploits user habits. Most of us copy addresses from past transactions without thinking twice. That’s exactly what attackers are counting on. I found CZ’s approach not just practical, but long overdue. Wallet-level protections like spam filters and blacklists should be the norm, not the exception. If the industry moves fast on this, we really could wipe out this threat before it gets worse.
