Cyber Attack Steals Millions with a Single Click

window.litespeed_ui_events=window.litespeed_ui_events||["mouseover","click","keydown","wheel","touchmove","touchstart"];var urlCreator=window.URL||window.webkitURL;function litespeed_load_delayed_js_force(){console.log("[LiteSpeed] Start Load JS Delayed"),litespeed_ui_events.forEach(e=>{window.removeEventListener(e,litespeed_load_delayed_js_force,{passive:!0})}),document.querySelectorAll("iframe[data-litespeed-src]").forEach(e=>{e.setAttribute("src",e.getAttribute("data-litespeed-src"))}),"loading"==document.readyState?window.addEventListener("DOMContentLoaded",litespeed_load_delayed_js):litespeed_load_delayed_js()}litespeed_ui_events.forEach(e=>{window.addEventListener(e,litespeed_load_delayed_js_force,{passive:!0})});async function litespeed_load_delayed_js(){let t=[];for(var d in document.querySelectorAll('script[type="litespeed/javascript"]').forEach(e=>{t.push(e)}),t)await new Promise(e=>litespeed_load_one(t[d],e));document.dispatchEvent(new Event("DOMContentLiteSpeedLoaded")),window.dispatchEvent(new Event("DOMContentLiteSpeedLoaded"))}function litespeed_load_one(t,e){console.log("[LiteSpeed] Load ",t);var d=document.createElement("script");d.addEventListener("load",e),d.addEventListener("error",e),t.getAttributeNames().forEach(e=>{"type"!=e&&d.setAttribute("data-src"==e?"src":e,t.getAttribute(e))});let a=!(d.type="text/javascript");!d.src&&t.textContent&&(d.src=litespeed_inline2src(t.textContent),a=!0),t.after(d),t.remove(),a&&e()}function litespeed_inline2src(t){try{var d=urlCreator.createObjectURL(new Blob([t.replace(/^(?: )?$/gm,"$1")],{type:"text/javascript"}))}catch(e){d="data:text/javascript;base64,"+btoa(t.replace(/^(?: )?$/gm,"$1"))}return d} var litespeed_vary=document.cookie.replace(/(?:(?:^|.*;\s*)_lscache_vary\s*\=\s*([^;]*).*$)|^.*$/,"");litespeed_vary||fetch("/wp-content/plugins/litespeed-cache/guest.vary.php",{method:"POST",cache:"no-cache",redirect:"follow"}).then(e=>e.json()).then(e=>{console.log(e),e.hasOwnProperty("reload")&&"yes"==e.reload&&(sessionStorage.setItem("litespeed_docref",document.referrer),window.location.reload(!0))});

How the Address Poisoning Attack Occurred

At the heart of the incident lies a wallet that has been active for almost two years and is primarily used for USDT transfers. After withdrawing funds from Binance, the user received approximately $50 million in USDT. Believing it to be a secure method, the user first performed a small test transfer. A few minutes later, the main transfer was made, but unknowingly, the user utilized the wrong address.

Before reaching this point, the fraudster had already set up the “address poisoning” attack. A wallet that closely resembled an address the victim frequently used was created, and a minuscule amount of USDT was sent to it, adding to the transaction history. Given that the addresses in the wallet interface appear as long and complex strings, the user inadvertently copied this fake address from the transaction history when intending to transfer funds, resulting in nearly $50 million being moved to the attacker’s wallet with a single click.

The UTXO Model Controversy and Charles Hoskinson’s Perspective

Charles Hoskinson, the founder of Cardano, weighed in on the incident, arguing that such a loss is far more challenging to experience in certain blockchain architectures. He pointed out that the account-based models used by Ethereum and EVM-based networks structurally enable frauds like address poisoning. In this model, addresses are kept as permanent accounts, and wallets often prompt users to copy addresses from previous transactions, a habit targeted by fraudsters.

According to Hoskinson, networks employing the UTXO model, like Bitcoin and Cardano, are more resilient in this aspect. In the UTXO model, each transaction generates new outputs while consuming old ones, eliminating the idea of a permanent “account balance.” Consequently, there is no persistent address history that can be visually poisoned. He emphasizes that this incident is not a protocol flaw or a smart contract error but a hazardous interaction between design and human behavior.

Similar risks have been brought to attention by other reports recently. In the past few weeks, a major wallet provider released a security update to warn users against address copying habits and revamped their address verification screens. These developments underscore the importance of wallet design alongside individual precautions.