Zhangping Zhao, the founder of the Binance platform (known as CZ), made important statements regarding scams known as "Address Poisoning Scams", considering that this type of attack can be completely eradicated by adopting real-time blacklist queries and achieving comprehensive industry consensus across all networks.
CZ's statements came as a reaction to a major incident that recently occurred, where an investor lost about 50 million dollars of stablecoin (USDT) in just one hour due to this type of fraud.
How does address poisoning fraud work?
The fraud involves the scammer sending a very small transaction (often a "dust" or trivial amount) from an address that closely resembles the victim's usual address, to make this fake address appear within the victim's transaction record.
When the victim later copies the wallet address from the transaction history (without carefully checking all the long characters), they accidentally send money to the scammer's address instead of the intended destination.
Attackers exploit the length of address chains (42 characters) and users' impatience in complete manual verification, as most wallets and browsers only display the beginning and end of the address.
CZ's warnings and recommendations
- CZ confirmed that Binance is indeed alerting users when trying to make transactions to addresses listed on blacklists.
- He called for broad industry consensus among all networks to share blacklists in real-time, filter fraudulent transactions, and strengthen security alliances to maintain these lists.
- It is suggested to use ENS (Ethereum Name Service) names for large transactions, to avoid dealing with long and complex address chains.
- He emphasized the importance of double-checking wallet addresses before sending any money, even though fraud relies on exploiting human error.
- He warned that the evolution of artificial intelligence (like advanced future tools) may make these attacks more sophisticated and harder to detect.
A notable quote from CZ (from a post on platform X):
"We can completely eliminate this type of address poisoning attack."
CZ called on the entire industry to work together to develop better security solutions, noting that effectively implementing these measures can prevent significant losses resulting from inadequate verification of addresses.
