-
16:00
-
15:50
-
15:30
-
15:20
-
15:00
-
14:50
-
14:30
-
14:20
-
14:00
-
13:30
-
13:20
-
13:00
-
12:50
-
12:20
-
11:50
-
11:20
-
10:50
-
10:20
-
09:50
-
09:20
-
08:50
-
08:20
-
07:50
-
17:50
-
17:20
-
16:50
-
16:20
Blockchain design debate reignites after $50 million USDT theft
A recent address poisoning scam that drained nearly $50 million in USDT from a cryptocurrency trader has reignited the debate over blockchain design and security. The theft, which occurred on December 20, has spurred fresh criticism from Cardano founder Charles Hoskinson, who blamed the architecture of account-based blockchains such as Ethereum for enabling such attacks.
Design flaw under scrutiny
Hoskinson argued that account-based models expose users to structural risks that do not exist in UTXO (unspent transaction output) systems like Bitcoin and Cardano. In account-based blockchains, wallet addresses maintain persistent states that can be visually manipulated, making it easier for criminals to inject counterfeit addresses that resemble legitimate ones. By contrast, the UTXO model treats each transaction as a new, independent event, reducing the likelihood of address reuse and poisoning.
How the attack unfolded
The victim followed standard security practices by sending a small test transfer of 50 USDT before authorizing the full transaction. However, the attacker had already inserted a fraudulent address into the victim’s wallet history using a small “dust” transaction of just 0.005 USDT. Since most wallets abbreviate addresses by displaying only the first few and last few characters, the poisoned address appeared almost identical to the real one.
Once the victim approved the transaction, the funds were stolen and quickly converted from USDT to DAI and then to roughly 16,690 ETH. The attacker used Tornado Cash, a mixing service, to obscure the trail and make recovery nearly impossible.
Calls for stronger security measures
In the wake of the incident, industry figures urged systemic security reforms. Former Binance CEO Changpeng Zhao proposed that wallet providers implement automatic filters to block or flag “poison addresses” before transactions are completed. The Ethereum community also called for wallet updates that stop shortening addresses with ellipses, encouraging users to view full address strings to avoid deception.
A broader security crisis
According to Chainalysis, cryptocurrency thefts have topped $3.4 billion in 2025, with large-scale operations driving much of the total. North Korea-linked hacker groups alone reportedly stole more than $2 billion this year. The February Bybit hack, which cost $1.5 billion, remains the largest single incident on record.
While the total number of personal wallet breaches rose sharply to 158,000 this year, the average loss per victim has declined. Even so, analysts warn that the rise of sophisticated scams like address poisoning demonstrates an urgent need for better wallet design, user education, and stronger network-level safeguards.
