On-chain scams cause nearly $50 million in damages, Hoskinson points out the vulnerabilities

One of the largest recent on-chain scam damages has been recorded, when a user lost nearly 50 million USDT due to an “address poisoning” attack. This scam method exploits how blockchains use an account-based model to manage transaction history and address reuse, making users easily confused when copying addresses from previous transactions.

According to the development of the incident, after withdrawing funds from Binance, the victim’s wallet – which has been active for about two years and mainly used to transfer USDT – received a small transaction from a fake address that closely resembled a previously used address. The victim then sent a test transaction to the intended address, and a few minutes later transferred all the funds. However, on the second transfer, the user accidentally selected the “poisoned” address from the transaction history, causing nearly 50 million USDT to be transferred to the wrong address with just one operation.

Commenting on the incident, Charles Hoskinson stated that such an event is unlikely to happen on blockchain architectures with better fault tolerance, especially the UTXO model. According to him, account-based blockchains like Ethereum inadvertently facilitate this type of scam because users often copy addresses from transaction history. Conversely, UTXO-based networks like Bitcoin or Cardano do not rely on a fixed account state; each transaction creates new outputs, thereby limiting the ability to “poison” addresses and reducing the risk of human error.