-640x358.jpg&w=1200&q=75)
Binance co-founder Changpeng Zhao has called on the blockchain industry to adopt stronger security measures after an investor lost $50 million to an address poisoning scam.
Zhao proposed a series of technical fixes aimed at reducing phishing risks and protecting users from deceptive wallet activity.
All wallets should simply check if a receiving address is a ‘poison address,’ and block the user. This is a blockchain query.
Changpeng Zhao said.
Address poisoning is a phishing tactic where attackers send small transactions to victims so their malicious wallet addresses appear in transaction histories.
Unsuspecting users often copy and paste these fraudulent addresses, mistakenly sending large sums of cryptocurrency to scammers.
Zhao also suggested that wallets should issue clear warnings when users attempt to interact with suspicious or known scam addresses.
He added that wallet interfaces should filter out low-value spam transactions to reduce the risk of user confusion.
Lastly, wallets should not even display these spam transactions anywhere. If the value of the transaction is small, just filter it out.
Changpeng Zhao said.
The proposal follows data showing phishing scams affected 6,344 victims in November, resulting in losses exceeding $7.7 million.
Analysts expect December losses to rise sharply after a single investor lost $50 million in a recent address poisoning incident.
Security firm CertiK identified phishing as the most damaging crypto scam of 2024, with total losses surpassing $1 billion.
CertiK noted that address poisoning has become one of the fastest-growing threats within the phishing landscape.
Earlier in the year, phishing campaigns were largely driven by scam-as-a-service tools that automated wallet draining.
Security companies responded by deploying browser extensions and wallet tools that warn users about malicious approvals and websites.
Despite these efforts, address poisoning remains difficult to detect because the transactions appear legitimate at first glance.
Users who frequently copy wallet addresses from transaction histories are considered especially vulnerable.
In rare cases, victims have recovered stolen funds through pressure from investigators and blockchain tracking.
One notable incident in May 2024 involved a $71 million address poisoning loss that was later fully returned by the attacker.
Investigators said the reversal followed claims that the scammer’s potential IP address had been identified.
Binance’s security team has since developed what it describes as an “antidote” to address poisoning attacks.
The system reportedly uses an algorithm that has already identified around 15 million poisoned addresses.
Zhao said broader industry adoption of such tools could significantly reduce phishing-related losses.
Market observers say the incident highlights the need for proactive wallet-level protections rather than relying solely on user awareness.