- Trader loses $50 million in USDT through an address poisoning attack.
- Charles Hoskinson states that UTXO blockchains like Cardano resist poisoning attacks.
- Crypto thefts surpassed $3.4 billion in 2025, according to Chainalysis data.
Digital asset security remains the primary challenge facing the cryptocurrency sector as it enters 2026. An unnamed trader lost nearly $50 million in USDT to an address poisoning scam, raising questions about infrastructure resilience.
The victim had operated their wallet for approximately two years, primarily conducting USDT transfers. The trader followed standard security practices by sending a test transaction of 50 USDT before executing the larger transfer. Despite this precaution, the attack succeeded through social engineering tactics.
Address Poisoning Exploits Fundamental Design Flaws
Charles Hoskinson, founder of Cardano, stated that the vulnerability stems from architectural choices in account-based blockchain systems. Ethereum and other EVM-compatible chains display addresses as free-form strings in transaction histories. Wallets encourage users to copy addresses from previous transactions. This creates opportunities for attackers to inject malicious addresses.
Hoskinson argued that UTXO-based blockchains like Bitcoin and Cardano are not affected by this attack vector. These systems consume existing transaction outputs and create new ones with each transfer. This prevents the address reuse patterns that enable poisoning attacks. UTXO wallets select transaction outputs explicitly rather than copying destination addresses from account histories.
“A persistent account state to visually poison does not exist” in UTXO models, Hoskinson noted on X. One user disagreed, stating that address poisoning results from user error when copying incorrect addresses from blockchain explorers. Hoskinson responded that account abstraction and smart wallet standards make the problem worse rather than better.
Annual Theft Reaches Highest Levels Since 2022
Data from Chainalysis shows cryptocurrency hacks exceeded $3.4 billion in 2025, surpassing 2024 levels. The Bybit breach in February accounted for approximately $1.4 billion, making it the largest single cryptocurrency theft on record. North Korea-linked actors were attributed with responsibility for that attack.
The $50 million address poisoning incident is a growing trend of attacks targeting traders with large holdings. These schemes rely on exploiting human behavior rather than breaking cryptographic security or finding smart contract vulnerabilities.
Projects building on account-based models face pressure to implement additional safeguards against social engineering. Smart wallet standards and account abstraction introduce complexity that may create new vulnerability vectors. Meanwhile, UTXO-based chains position their architectural choices as inherent security advantages.
Related: What Prices to Expect for XRP, BTC, ETH, and ADA on Christmas?
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
Source: https://coinedition.com/hoskinson-blames-account-based-blockchains-for-50m-address-poisoning-scam/
