Binance co-founder Changpeng “CZ” Zhao is pushing for stronger blockchain security measures after a trader lost $50 million to a sophisticated address poisoning scam. The incident highlights vulnerabilities that continue to plague crypto users despite years of warnings from security experts.
CZ laid out his proposal in a blog post on Wednesday, calling for wallet providers to implement blacklist systems that automatically flag and block known scam addresses. His comments come as phishing attacks remain the most damaging threat in crypto, costing victims over $1 billion in 2024 alone.
How the $50 million theft happened
Last Friday, an investor sent 50 million USDT to what they thought was a trusted wallet address. Instead, the funds landed in a scammer’s account through an address poisoning attack.
Here’s how these scams work. Attackers send tiny transactions to their targets, creating addresses that look nearly identical to legitimate ones the victim uses regularly. When users copy and paste from their transaction history without double-checking every character, they end up sending funds to the wrong place.
The Friday incident pushed December’s phishing losses significantly higher. November alone saw 6,344 victims lose $7.7 million, according to Scam Sniffer data. This $50 million theft will likely make December one of the worst months on record.
CZ’s proposed blockchain security measures
Zhao wants the industry to take immediate action. His three-point plan focuses on prevention rather than recovery.
First, all wallet providers should run automatic checks against databases of known poison addresses. “This is a blockchain query,” CZ wrote, suggesting the technical lift isn’t complicated.
Second, wallets should hide spam transactions completely. If a transaction value is small enough, just filter it out of the user interface. This would prevent scammers from planting poisoned addresses in transaction histories.
Third, the industry needs coordinated blacklists that update in real-time. Binance’s security team has already identified roughly 15 million poisoned addresses using their proprietary algorithm.
Industry response to growing threats
Security firm CertiK named phishing as 2024’s top crypto threat. The numbers back that up. Attackers netted more than $1 billion through various phishing schemes this year.
The crypto security sector has been adapting. Browser extensions now warn users about suspicious websites. Wallet interfaces flag risky transaction approvals. Some projects have built tools that scan for drainer contracts before users connect their wallets.
Binance developed what they call an “antidote” to address poisoning earlier this year. Their algorithm continuously scans for new poison addresses and adds them to a growing database.
Still, address poisoning keeps working because it exploits human behavior rather than technical vulnerabilities. Users get comfortable with their routines. They trust their transaction history. They don’t verify every single character of a long wallet address.
Rare success stories offer hope
Most victims never recover funds sent to scammers. The blockchain’s transparency doesn’t help much when attackers use mixers and multiple hops to obscure the trail.
But one case from May 2024 stood out. A victim lost $71 million in wrapped Bitcoin to an address poisoning scam. Two weeks later, the attacker returned every penny.
What changed their mind? Security investigators claimed they’d tracked the scammer’s IP address and were closing in. The threat of real-world consequences apparently convinced the attacker that keeping the funds wasn’t worth the risk.
That case remains an outlier. The $50 million victim from last Friday hasn’t been so lucky yet.
What this means for crypto adoption
These high-profile thefts damage crypto’s reputation with mainstream users. A single mistake can wipe out life savings. Traditional banking offers fraud protection and chargebacks. Crypto transactions are final.
CZ’s push for better blockchain security measures matters because Binance processes massive transaction volumes. If major platforms adopt his proposals, smaller wallets and exchanges will likely follow.
The technology exists to prevent most address poisoning attacks. The question is whether the industry will coordinate quickly enough to implement it broadly.
Education remains crucial too. Users need to understand that copying from the transaction history carries risks. Verifying the full address or using address books with saved contacts would prevent most of these thefts.
The $50 million loss serves as an expensive reminder that blockchain security measures need to evolve as fast as the scams targeting crypto users.
What is address poisoning in crypto?
Address poisoning is a phishing tactic where scammers send small transactions to create fake addresses similar to ones you use. When you copy from your transaction history, you might accidentally use their address instead.
Can I recover funds sent to a scam address?
Recovery is extremely rare. Blockchain transactions are permanent and irreversible. Some scammers have returned funds under pressure from investigators, but this almost never happens.
How can I protect myself from address poisoning?
Always verify the complete wallet address character by character before sending large amounts. Use address books to save trusted contacts. Consider sending a small test transaction first.
What blockchain security measures is CZ proposing?
CZ wants wallet providers to check addresses against blacklists of known scams, hide spam transactions entirely, and share security databases across the industry to stop poisoning attacks before they happen.
Get the news in a Jist. Follow Cryptojist on X and Telegram for real-time updates!
Disclaimer:
Look, we’re just journalists reporting the news here, not your financial advisors. Everything you read above is for information purposes only. Crypto is wild, unpredictable, and can absolutely wreck your savings if you’re not careful. Never invest money you can’t afford to lose. Seriously, we mean it. Do your own research, talk to actual licensed financial professionals, and remember that past performance means absolutely nothing when it comes to future results. The crypto market can turn on a dime, and what’s hot today might be toast tomorrow. We’re not responsible for your investment decisions, good or bad. Trade smart, stay safe, and don’t bet the farm on anything you read on the internet, including this article.
Bitcoin 
Ethereum 
Tether 
BNB 
XRP 
USDC 
Solana 
TRON 
Lido Staked Ether 
Dogecoin 