Binance co-founder Changpeng Zhao proposed additional security measures to “eradicate” address poisoning, including wallet warnings and blacklists of suspicious accounts.
“All wallets should simply check if a receiving address is a ‘poison address,’ and block the user. This is a blockchain query,” Zhao wrote in a Wednesday blog post.
Address poisoning is a form of phishing in which scammers trick victims into sending crypto to illicit wallets by first sending them small transactions. Unsuspecting users often copy and paste the attacker’s address from their wallet history.
Phishing scams cost 6,344 victims over $7.7 million in November, according to Scam Sniffer data. That number is expected to surge in December largely due to $50 million in USDT (USDT) lost by a single victim on Friday.
Related: CZ receives fake ‘Grok’ coins amid new wave of Elon Musk scam tokens
“Lastly, wallets should not even display these spam transactions anywhere. If the value of the [transaction] is small, just filter it out,” Zhao added.
Related: Coinbase data leak could put users in physical danger: TechCrunch founder
Crypto security responses to phishing threats
Security company CertiK identified phishing as the most damaging crypto scam of 2024, netting attackers more than $1 billion, with address poisoning emerging as a growing threat.
Earlier phishing activity was dominated by scam-as-a-service drainers, which allowed attackers to plug ready-made software into phishing campaigns and siphon user funds. Security firms later responded by rolling out browser and wallet-based tools that warned users about malicious websites and suspicious approvals.
Address poisoning continues to pose a risk, particularly for users who habitually copy wallet addresses from their transaction history. While most victims do not recover their funds, rare cases offer a second chance at vigilance.
In May 2024, one victim lost $71 million to an address poisoning scam in an unusual case that ended with the attacker returning the full amount two weeks later. The reversal followed mounting pressure from investigators who claimed to have tracked the scammer’s potential IP address.
To counter the growing threat, Binance’s security team developed what it described as an “antidote” to address poisoning. The system uses an algorithm that has identified about 15 million poisoned addresses.
Magazine: Bitcoin treasury crackdown, Asia embraces stablecoins: Asia Express 2025
