CZ Urges to Protect Users from Scam Wallets after $50M USDT Theft

Key Notes

• CZ proposes wallet-level blocks and UI filters to stop “poison” addresses and copy-paste traps.
• Case in point: an investor mis-sent ~$50M USDT to a look-alike address; funds were quickly split and obfuscated.
• Binance security tracks millions of poisoned addresses; phishing-style losses remain elevated across the sector.

Binance co-founder Changpeng “CZ” Zhao urged crypto wallets to detect and block address-poisoning scams automatically. He proposed industry-wide blacklists and UI filtering after an investor mistakenly sent $50 million in USDT to a spoofed address last week.

In a post titled “Let’s Eradicate the Poison Scams,” Zhao said wallets should query known “poison addresses,” warn or block users, and hide zero-value spam that clutters histories. He added that Binance Wallet already performs such checks. 

What’s Behind the Address Poisoning Scams

A “poison wallet,” or address poisoning scam, is a crypto trick where attackers send tiny amounts of crypto (dust) from a fake address that looks like a frequent contact’s address to your wallet, hoping you’ll copy the fake one later and send funds to them instead of the real person. It works by exploiting user habits, making you accidentally send crypto to the scammer’s address, which is just one character different from the real one, making it hard to spot. 

The renewed push follows a high-profile loss on Dec. 19, when a whale copied a look-alike address from their transaction history and transferred 49,999,950 USDT to the attacker. On-chain records show funds leaving the victim’s wallet and arriving at a phishing-tagged address.  Security write-ups indicate the thief quickly converted the USDT and split the proceeds across multiple wallets, with part of the haul routed through Tornado Cash to obfuscate the trail. 

How to lose $50M in under an hour. This is one of the largest on-chain scam losses we’ve seen recently.

A single victim lost $50M in $USDT to an address poisoning scam. The funds had arrived less than 1h earlier.

The user first sent a small test tx to the correct address. Mins… pic.twitter.com/Umsr8oTcXC

— Web3 Antivirus (@web3_antivirus) December 19, 2025

Cointelegraph’s recap notes similar cases this year and says Binance’s security team has cataloged ~15 million poisoned addresses across networks via an in-house detection algorithm. 

The $50 million incident also lands amid a broader uptick in phishing-style losses. ScamSniffer tallied $7.77M in losses across 6,344 victims in November alone, while CertiK estimates $3.3 billion in crypto losses in 2025, with phishing and wallet compromises accounting for a significant share. 

The 2025 Skynet Hack3d Report is here.

$3.35B lost. 700+ incidents. New attack vectors. Key trends.

Get the most detailed breakdown of Web3 security in 2025, from exploits to insights.

Read the full report👇https://t.co/EfWupS604N

— CertiK (@CertiK) December 23, 2025

What CZ Wants Wallets to Do

• Blacklist queries: Check recipients against shared, real-time lists of poisoned addresses and block or warn before users hit “send.” 

• Spam/dust filtering: Hide tiny “dust” transfers that poison address histories. 

• Prominent warnings: Default safety prompts when copying from history or when first/last characters match a known spoof pattern.

Why It Matters

Wallet-side controls are a software fix for a human-factor exploit. If widely adopted, blacklist checks and UI changes could neutralize one of crypto’s most common, high-impact scams without altering base-layer protocols.

next

Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.

Cybersecurity News, News