Half a billion złoty scam: how one click sent millions to the scammer

GasFeeLover · 2026-01-12T06:00:24+00:00

The essay discusses a significant incident in the cryptocurrency world where a user lost nearly $50 million due to an "address poisoning" attack. A scammer created a similar wallet address, tricking the victim into sending funds to them. It highlights the vulnerabilities in blockchain architectures, especially those using account models like Ethereum, and suggests that user behavior and interface design play crucial roles in security. The industry is responding with updates to wallet security and user warnings.

GasFeeLover

2026-01-12 06:00:24

Abstract generation in progress

The world of cryptocurrencies has recently witnessed one of the most alarming cases of funds loss on the blockchain network. An active wallet user for nearly two years faced a problem. After withdrawing approximately $50 million in USDT from a certain exchange platform, he first performed a test transfer to verify the correctness of the procedure. A few minutes later, he proceeded with the main transfer of funds – and that’s when everything went wrong.

Anatomy of the “address poisoning” attack

Before this happened, the scammer was already watching. He created a wallet with an address extremely similar to the one the victim regularly sent transactions from. He sent a minimal amount of USDT to this fake address – enough to appear in the victim’s transaction history.

When the user searched for the previously used address in his wallet, he came across this history. Blockchain addresses are displayed as long, unreadable strings of characters – easy to confuse one with another, especially under time pressure. The scammer knew about this weakness. The victim copied the fake address, confirmed the transaction – and within seconds, nearly $50 million flowed into the attacker’s wallet. One moment of inattention, one click, total loss.

Different blockchain architectures, different risks

Charles Hoskinson, the founder of the Cardano network, examined this incident from a technical perspective and concluded: certain blockchain architectures are more resistant to such manipulations than others.

Account-based networks – including Ethereum and the EVM ecosystem – encourage users to reuse previous addresses. Transaction history is permanent there, meaning wallets display fixed addresses. This is what makes them vulnerable to this type of attack.

In contrast, networks using the UTXO model, such as Bitcoin or Cardano, generate new outputs for each transaction, and old ones are consumed. The concept of “account balance” does not exist in the traditional sense. Therefore, there is no permanent history of addresses to “poison.” The system is structurally more resistant.

However, Hoskinson emphasized an important nuance: this is not a protocol or smart contract bug. It’s a problem at the intersection of interface design and natural human behavior.

Industry response to the threat

The incident did not go unnoticed. In recent weeks, leading wallet providers issued security updates, specifically warning users against the habit of copying addresses from history. They also changed address validation interfaces to facilitate verification before sending funds.

These actions show that responsibility for security lies both with wallet developers and users. No protocol will be perfect if its interface makes it easier for scammers to succeed.

ADA0,07%

ETH-0,77%

BTC0,45%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.