On December 18th, around 6 a.m. UTC, someone lost nearly 50 million dollars in the time it takes to drink a cup of coffee. The victim wasn’t a rookie—they were an experienced trader who thought they were doing everything right. They’d just withdrawn funds from Binance and sent a small 50 USDT test payment to a trusted contact. When that went through without a hitch, they copied what looked like the exact same address from their transaction history and sent the remaining 49,999,950 USDT.
The money vanished. Only later did blockchain investigators spot the problem: two characters buried in the middle of that address were different. The attacker had spent days preparing for this moment, sending tiny “dust” transactions from a fake wallet address designed to look almost identical to the real one. When the victim scrolled through their history and copied an address, they grabbed the wrong one.
Within minutes, the stolen Tether was chopped up, converted to Ethereum, and scattered across dozens of new wallets. About 15 percent ended up in a sanctioned mixing service, making recovery nearly impossible. This single theft is now one of the biggest address-poisoning scams on record and pushes total phishing losses for 2025 past 1.2 billion dollars.
Binance co-founder Changpeng Zhao—better known as CZ—didn’t mince words when he heard about it. He called the loss “entirely preventable” and argued that wallet apps should flag suspicious addresses the same way web browsers warn you about sketchy websites.
Why This Scam Works So Well Right Now
Address poisoning isn’t new, but it’s exploding because it’s gotten dirt cheap to pull off. On networks like Tron and BNB Chain where transaction fees are measured in fractions of a cent, scammers can spin up thousands of copycat wallet addresses and spam them out to anyone who’s recently moved stablecoins. They’re not targeting specific people—they’re carpet-bombing everyone and waiting for someone to make a mistake.
Security firm SlowMist tracked a 340 percent jump in poisoned addresses on Tron in just three months, and the timing matches perfectly with the network’s rock-bottom fees. Automated bots now handle the whole operation, sending dust payments around the clock and updating their target lists in real time.
Stablecoins have become the favorite target because they make the scammer’s job easier. Unlike volatile cryptocurrencies, stablecoins hold their value while moving fast through the system. They settle quickly, convert easily into privacy coins, and can jump across blockchain bridges before most people even realize something’s wrong. Chainalysis reports that stablecoins now account for more than 60 percent of all phishing losses by dollar value.
Tether can freeze stolen funds on its blacklist, but that only works if they catch the thief before the money moves. In this case, investigators estimate the attacker shuffled at least one-third of the loot off the original blockchain within 20 minutes—faster than any issuer could reasonably respond.
What the Industry Wants to Do About It
CZ laid out a three-part plan that’s gaining traction across the crypto world. First, wallet apps should automatically hide or grey out those tiny dust transactions that scammers use to poison your history. Second, wallets need to check real-time blocklists before every transaction goes through. Third, when you’re about to send money to an address that looks suspiciously similar to one you recently interacted with, the app should throw up a big, impossible-to-miss warning.
Some wallets are already moving. Binance Wallet blocks more than 200,000 flagged addresses, and both MetaMask and Trust Wallet have confirmed they’re testing similar protections. The technology exists—it’s just a matter of making it standard across the board.
Regulators are starting to pay attention too. In the United States, the bipartisan SAFE Crypto Act would create a federal task force to set minimum standards for wallet safety alerts, similar to what traditional payment apps like Zelle already have to do. Meanwhile, Europe’s MiCA framework now requires stablecoin issuers to freeze suspicious funds within 24 hours of a law enforcement request, down from the old seven-day window.
For once, everyone from libertarian coders to Washington bureaucrats seems to agree: this problem is fixable. As CZ put it, “We spend billions chasing the latest zero-day exploit, yet one careless copy-and-paste still costs more than most protocol hacks. That’s something we can fix together—and we should.”
