Featured News Headlines
USDT Theft Highlights Blockchain Risks
A recent on-chain scam resulted in one of the largest single-user losses in crypto history. An address poisoning attack exploited the way account-based blockchains manage transaction history and address reuse, causing nearly $50 million in USDT to be stolen from a single user.
How the Attack Happened
According to Charles Hoskinson, “It would not have occurred on some architectures that are inherently more resilient to errors of this nature.” The victim, whose wallet had been active for about two years primarily for USDT transfers, attempted a small test transaction to the intended recipient—a practice generally considered safe. However, when sending the full amount minutes later, the wrong address was used.
The scammer had previously executed an address poisoning attack by sending a tiny amount of USDT from a wallet designed to resemble an address the victim had used before. When the victim copied the address from their transaction history, they accidentally chose the poisoned address. One click later, $50 million was lost.
Why UTXO-Based Chains Reduce Risk
The stolen funds remain at the destination address, likely to be moved or exchanged. Hoskinson explained, “This is another reason UTXO is awesome.” Unlike Ethereum and many EVM-based chains, which use an account-based model, UTXO (Unspent Transaction Output) systems like Bitcoin and Cardano function differently.
In UTXO-based chains, every transaction consumes existing outputs and generates new ones. Wallets typically create transactions from explicit UTXO selections rather than reused account addresses, and users are less likely to rely on copying addresses from transaction histories. There is no persistent account state to visually poison, which significantly reduces this type of scam risk.
A Human and Design Vulnerability
Importantly, this incident was not a smart contract exploit or protocol flaw. It was a design vulnerability interacting with human behavior, demonstrating how a small oversight can lead to enormous losses. In less than an hour, a combination of human error and blockchain design cost one user $50 million.
