Address poisoning attack: how 50 million USDT disappeared due to account model design

SatoshiSherpa · 2026-01-12T07:22:28+00:00

The essay discusses a significant on-chain fraud where a user lost $50 million in USDT due to address poisoning. It highlights the architectural vulnerabilities of Ethereum and EVM chains, contrasting them with UTXO-based chains like Bitcoin and Cardano, which avoid such attacks. The issue stems from user behavior, emphasizing the risks inherent in blockchain designs that facilitate ease of use.

SatoshiSherpa

2026-01-12 07:22:28

Abstract generation in progress

What a Theft Looks Like in Reality

In early December, one of the largest on-chain fraud losses occurred. A user who withdrew 50 million USDT from Binance became a victim of a carefully planned attack. The wallet, active for two years, was used for regular transactions. However, one action changed the entire situation.

The scammer initially carried out an attack using address poisoning — a technique where fake addresses that appear authentic are inserted into the user’s transaction history. The victim, copying an address from previous transfers for reuse, selected the “poisoned” address instead of the real one. Within a few minutes, 50 million dollars ended up in the attacker’s account.

Why Did This Happen Specifically with Ethereum and EVM Chains

Analyzing the incident, Charles Hoskinson, founder of Cardano, pointed out an architectural vulnerability. On blockchains with an account model — such as Ethereum and other EVM chains — addresses exist as permanent contact points in the transaction history. Wallets by their nature encourage users to copy addresses from previous operations for convenience. This habit forms the basis of the attack.

“This is yet another reason why UTXO is excellent. Bitcoin and Cardano were not affected,” Hoskinson wrote in response to the event.

Why Buy a Radio and Understand Blockchain Architecture

UTXO-based chains (Unspent Transaction Output), like Bitcoin and Cardano, operate on a different principle. Each transaction generates new outputs, and wallets create operations through explicit UTXO selections without reusing addresses as endpoints. There is no persistent account state that could be “poisoned” for malicious use.

For users wanting to buy a radio regarding security, it’s important to understand: the UTXO design fundamentally prevents such attacks through the structure of the protocol itself. On Ethereum-class blockchains, addresses remain visible points throughout the entire history, creating an additional attack vector.

The Human Factor as the Root of the Problem

This was not a protocol bug or a smart contract exploit. The problem arose from the interaction between system design and human behavior. Users naturally try to simplify their operations by copying addresses from history. The account model architecture not only allows this but actively encourages it. The result — one mistake in timing less than an hour cost 50 million dollars.

Currently, the stolen funds are still on the attacker’s address. This blockchain architecture decision demonstrates that even the most advanced platforms can have vulnerabilities embedded in their core, not added through developer errors.

ETH-0,95%

ADA1,29%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.