500 Bitcoins, the Hacker stole 490, leaving 10 for "me" as living expenses.

In the “dark forest” of Crypto Assets, which is full of legends and risks, astonishing dramas unfold every day. Some people ascend to the altar due to overnight wealth, while others fall into the abyss due to a momentary lapse in judgment. However, a recent confession from an OG in the crypto world reveals the most real and absurd side of this world with an extraordinary calmness that surpasses ordinary understanding.

“Last year, I suspected that my private key had been compromised. To confirm whether the security of that address was indeed compromised, I transferred 500 coins of Bitcoin into it. To my surprise, the hacker was very 'generous', taking only 490 coins and leaving me 10 coins for living expenses.”

The speaker of this passage is Chun Wang, the co-founder of F2Pool, one of the largest Bitcoin mining pools in the world. This tweet published on the social platform X instantly sparked a frenzy in the entire crypto community. What shocked people was not the amount of loss—although calculated at the market price at the time, this sum was nearly $25 million—but rather Chun Wang's “casual” attitude and his astonishing act of using 500 Bitcoins to “test” the security of an address. The community was filled with exclamations of “What the Fuck,” and many lamented, “The world of the wealthy is truly something that we ordinary people cannot relate to.”

Digital Heist

The reason Wang Chun made this statement was due to his comments on another more brutal hacking incident. Just a few days ago, a trader fell victim to a meticulously planned “Address Poisoning Attack,” and in just half an hour, nearly 50 million USDT in assets disappeared without a trace.

The process of this attack is like a high-IQ crime movie, precisely exploiting the weaknesses of human nature and the blind spots of operational habits: Test transactions and bait setup: The victim is a cautious trader who, before making a large transfer, first sent 50 USDT from the Binance exchange to his wallet address as a test to ensure everything was correct. Generation of the poisoned address and poisoning: However, this small test transaction was monitored in real-time by the hacker's automated script. The hacker immediately generated a “disguised address,” which had the same beginning and ending characters as the victim's real receiving address. Then, the hacker sent a very small dust transaction to the victim using this “poisoned address.” Visual deception and fatal oversight: When the victim confirmed the test transaction was successful and prepared to make the formal large transfer, he chose not to copy the address again from a secure source for convenience, but instead directly selected it from the recent transaction history of his wallet. Due to most wallet interfaces simplifying the layout, the middle part of the lengthy address is often abbreviated with “…”, making it visually almost indistinguishable between the victim's real address and the hacker's “poisoned address.” The victim inadvertently clicked on that deadly similar address. Quick laundering of assets: At 3:32 AM UTC, nearly $50 million worth of USDT was transferred to the hacker's wallet. This attacker, referred to by cybersecurity firm SlowMist as a “money laundering veteran,” completed a series of professional money laundering operations in less than 30 minutes: first exchanging USDT for DAI through a decentralized exchange (to evade Tether's centralized freeze mechanism), then converting DAI into approximately 16,690 Ether, and quickly transferring the vast majority into the mixer Tornado Cash, completely cutting off the trace of the funds.

After the incident, the desperate victim reached out to the hacker through on-chain messages, stating that they had officially reported the case and were willing to offer $1 million as a “white hat bounty,” hoping that the hacker could return 98% of the assets. However, facing the funds that had been mixed by a mixer, the hope of recovery is extremely slim.

Wang Chun's confession was made while commenting on this tragedy. He seems to be using his own experience to advise the world, while also revealing a sense of detachment after having “weathered great storms.” After all, for someone who started mining in 2011 when Bitcoin was only worth $1, mined over 7,700 Bitcoins, and even experienced having an iPhone bought with over 600 Bitcoins stolen in the Moscow subway, the loss of 500 Bitcoins may really just be an expensive “security experiment.”

Crime Extension

If Wang Chun and that trader's encounter remained in the digital world's asset offensive and defensive battle, then the incident that occurred almost simultaneously in South Korea marks that crypto assets crime is spreading from online to offline, evolving into a direct threat to real society.

On December 19, 2025, two major office buildings of Hyundai Group in Seoul were plunged into panic. An anonymous bomb threat email was sent to the company, stating bluntly: “If you do not pay 13 bitcoins, we will blow up the Hyundai Group building at 11:30 AM, and then carry a bomb to Yangjae-dong (the location of the Hyundai Motor Group office) to detonate it.”

At the time of the Bitcoin price, 13 BTC was worth approximately $1.1 million (about 1.64 billion Korean won). This blatant extortion incident forced the Modern Group to urgently evacuate all employees from two office buildings. The police quickly dispatched special forces and bomb disposal teams to conduct a thorough search of the buildings for several hours and sealed off the surrounding area.

Fortunately, after a tense investigation, no explosive devices were found. Authorities ultimately determined that this was a false threat, a hoax designed to create panic. However, this incident is not an isolated case. In the past few days, several leading companies in South Korea, including Samsung Electronics, Kakao, Naver, and KT Telecom, have all received similar bomb threats, also accompanied by high demands for crypto assets or cash ransoms. Although all threats were eventually confirmed to be pranks, this series of events has undoubtedly cast a huge psychological shadow over South Korean society and the business community, highlighting that criminals are using the anonymity and cross-border payment convenience of cryptocurrencies like Bitcoin as an ideal tool for a new type of extortion crime.

Reflect on self-protection

From Wang Chun's “generous” hacker to the painful lesson of a trader losing 50 million dollars, and the real threats faced by modern groups, these seemingly isolated events are linked together to depict a panoramic view of the current security landscape in the crypto assets field. It tells us that the risks in this world far exceed imagination, and human negligence, greed, and fear will always be the sharpest weapons of hackers.

First is the success of “address poisoning”, which relies on people's excessive trust in “copy-paste” and “transaction history”. Jameson Lopp, co-founder of Casa, warns that such attacks have spread across major blockchains, with over 48,000 cases detected on the Bitcoin network alone. This serves as a warning bell for all Crypto Assets users: Always copy addresses from original, trusted sources, and never select them directly from transaction history. Perform multiple verifications. Before sending large amounts of assets, be sure to check the complete address word by word, not just the beginning and the end. Use address books or domain name services like ENS/CNS to mark frequently used addresses, reducing the risk of manual copying.

Furthermore, in the case of Wang Chun, whether it is a real test or a subsequent joke, it points to the fundamental security principle of the crypto world — the absolute safety of private keys. Once the private key is leaked, your assets are like being placed in a transparent safe, and can be taken at any time. Using hardware wallets, physically backing up mnemonic phrases, and storing them in different locations is a well-worn saying, yet it is an everlasting iron rule.

In the face of an endless stream of attack methods, the entire industry must also take responsibility. Wallet developers should actively develop a “similar address warning” feature that provides a strong alert when users paste addresses that may be “poisoned.” Exchanges and security agencies also need to enhance user education, widely informing them about these new types of scams.

In summary, in this decentralized world, no one can take ultimate responsibility for the security of your assets except for yourself. Maintaining a sense of awe, continuing to learn, and developing paranoid security habits may be the only passport through this dark forest. After all, not everyone has Wang Chun's wealth and mindset to still smile at the 10 “living expenses” left by hackers after losing 490 bitcoins. For the vast majority of ordinary participants, any mistake could mean everything.