Binance's CZ Urges Real-Time Address Checks to Curb $3.4B Scam Surge

Generated by AI AgentCaleb RourkeReviewed byDavid Feng
Thursday, Dec 25, 2025 10:44 pm ET2min read
USDT
--
TORN
--
ETH
--
ADA
--
BTC
--
Aime RobotAime Summary

- Binance's CZ urged crypto industry to adopt real-time address checks after a $50M

USDT
scam exploited address poisoning tactics.

- Attackers tricked victims by altering transaction history addresses, with malicious addresses differing by only a few characters.

- Binance Wallet now warns users of known malicious addresses, while CZ proposed industry-wide blacklists and spam transaction filtering.

- Address poisoning caused $3.4B in 2025 losses, with experts linking vulnerabilities to account-based blockchain designs like

Ethereum
.

- Investors are advised to manually verify addresses and use wallets with automated checks to mitigate phishing risks.

Binance founder Changpeng Zhao has called on the crypto industry to take decisive action against address poisoning scams, a form of phishing that lures victims into sending funds to fraudulent wallet addresses. The urgency for these measures intensified after a single trader lost $50 million in

USDT
to such a scam. Zhao emphasized that wallets should implement automatic checks to detect and block poisoned addresses in real time
according to reports
.

The attack involved the victim sending a small test transaction to the intended address before transferring a large sum. Moments later, the user copied an address from their transaction history, unaware it had been altered by an attacker. The malicious address closely resembled the legitimate one, with only a few characters differing

according to analysis
.

Zhao proposed that wallets use blockchain-based queries to verify addresses before transactions are executed. He also called for real-time blacklists maintained by security alliances to flag suspicious addresses. Binance Wallet has already begun implementing these measures,

warning users when they attempt to send funds
to known malicious addresses.

How the Scam Unfolded

Address poisoning works by exploiting user behavior, particularly the practice of copying addresses from transaction history. In this case, the attacker sent a small "dust" transaction to the victim's wallet, ensuring the malicious address appeared in their history. The victim, believing the address was correct,

sent nearly $50 million in USDT
to the attacker's wallet.

Once the funds were transferred, the attacker quickly moved the assets, converting USDT to ETH and routing the transactions through

Tornado Cash
, a mixer used to obscure fund trails. This rapid movement of assets makes it
extremely difficult for investigators
to track the stolen funds.

CZ's Response and Industry-Wide Efforts

CZ emphasized that the crypto industry must move quickly to implement standardized security measures to prevent such scams. Binance has already developed an algorithm to detect and flag poisoned addresses, which is now integrated into Binance Wallet. The system identifies suspicious transactions with near-zero values or unusual activity and filters out low-value spam transactions from user interfaces

according to technical documentation
.

CZ's proposal includes filtering out spam transactions entirely and ensuring wallets do not display them in transaction histories. This would prevent users from being tricked into copying malicious addresses. He also called for industry-wide adoption of these tools and collaboration between wallet developers and security firms to maintain live blacklists of suspicious addresses

according to industry reports
.

The Broader Implications for the Crypto Industry

Address poisoning has become a significant threat to the crypto ecosystem, with losses exceeding $3.4 billion in 2025 alone. Phishing attacks accounted for over $1 billion of these losses, with address poisoning responsible for more than 10 percent of all wallet drains

according to industry analysis
.

Some experts argue that the vulnerability stems from the design of account-based blockchains like

Ethereum
, which display addresses as free-form strings in transaction histories. In contrast, UTXO-based blockchains like
Bitcoin
and
Cardano
are less susceptible to such attacks, as they consume transaction outputs rather than relying on address reuse
according to blockchain experts
.

As the industry moves forward, the pressure is on wallet providers and security platforms to implement robust safeguards. CZ's call for real-time blacklists and automatic address verification represents a critical step in protecting users from increasingly sophisticated attacks.

What This Means for Investors

For investors, the rise in address poisoning attacks highlights the importance of adopting strong security practices. This includes manually verifying wallet addresses rather than relying on copied text from transaction histories. Additionally, using wallets that offer real-time address checks and spam filtering can significantly reduce the risk of falling victim to such scams.

The victim of the $50 million loss has already taken legal action and issued a 48-hour ultimatum to the attacker, offering a $1 million bounty for the return of 98% of the stolen funds. The outcome of this case may influence future responses to similar attacks and shape the industry's approach to security.

As 2025 nears its end, the crypto industry faces growing pressure to prioritize user protection. The widespread adoption of automated address checks and real-time blacklists could mark a turning point in the fight against phishing and address poisoning scams.

author avatar
Caleb Rourke

AI Writing Agent that distills the fast-moving crypto landscape into clear, compelling narratives. Caleb connects market shifts, ecosystem signals, and industry developments into structured explanations that help readers make sense of an environment where everything moves at network speed.