CZ Proposes Industry-wide Measures to Combat Address Poisoning Following $50M USDT Loss
Changpeng Zhao (CZ), CEO of Binance, has called for industry-wide action to eradicate address poisoning in the cryptocurrency sector. Address poisoning, also known as dusting, is a tactic involving tiny transfers to create spoofed addresses that closely resemble legitimate ones. This leads users to mistakenly paste attacker-controlled addresses when copying from transaction histories.
This call comes after a $50 million loss in USDT was reported, described as one of the largest on-chain phishing losses in recent months. The attack followed a typical pattern: after withdrawing funds from Binance, the victim sent a 50 USDT test transaction to the correct address, then copied an address from history and sent 49,999,950 USDT to a fraudulent address that looked like the intended recipient. Subsequent investigations revealed that portions of the stolen funds were converted to ETH and routed through multiple addresses, with some flows passing through the Tornado Cash mixer.
CZ proposed several measures to counter address poisoning, including wallet-level flagging of poison addresses, blocking suspicious recipients, implementing real-time blacklists, and filtering dust and spam transactions. Binance Wallet already reportedly has some protections that align with these proposals.
Security researchers observe that dusting attacks are becoming more prevalent, particularly on low-fee networks. TRM Labs has noted dusting activity on TRON, while Chainalysis highlights the use of vanity addresses and automated targeting of active, high-balance wallets holding stablecoins such as USDT.
Amid this growing threat, U.S. Senators Elissa Slotkin and Jerry Moran introduced the SAFE Crypto Act, aiming to create a federal fraud-fighting task force. This legislative initiative responds to a broader surge in crypto-related fraud, which has resulted in losses amounting to hundreds of billions of dollars.
