A while ago, we discussed the dilemma of a whale losing 50 million yuan. Today, I want to review an even more shocking case—the $73 million theft incident in 2024. 1,155 assets disappeared without a trace within an hour. Even more ironic is that the method used was not some advanced technology, but a common dust attack often talked about in the community. Yet, this routine caused seasoned big fund players to stumble. Interestingly, the victim later successfully recovered 90% of the assets through negotiation, becoming a self-rescue model in the crypto circle.

Many new friends have heard of the concept of dust, but few understand how devastating it can be. It’s not a complicated crime; it’s a classic routine we often warn about. But don’t underestimate this trick—those who lose 73 million are usually veterans who have been in the scene for years, yet they still fall for it. This shows how vicious this routine can be and also reflects how seemingly trivial details in daily operations can lead to deadly consequences.

Let’s look at the whole event’s background. The criminal’s method essentially involves two steps: basic routine + a fatal operational mistake by the target.

**Step 1: Batch Forging Addresses**

The attacker pre-generates a bunch of wallet addresses using a program, with the key point being that these addresses are carefully designed so that the first and last few characters are very similar to the target whale’s wallet address. Then, they monitor the target’s every move across the network almost in real-time.

**Step 2: Precise Dust Injection**

Once they detect the whale’s transfer intention or action, the attacker immediately transfers a small, worthless amount of assets—this is the so-called "dust"—to the whale’s wallet. This transfer appears in the wallet’s transaction history.

**Step 3: Deadly Operation**

Here’s the critical part. The whale makes a big mistake in subsequent transfers—copying the "latest received" address directly from the transaction history. To save time, they only verify the first and last few digits of the address, and if it looks okay, they proceed with the transfer. As a result, millions of dollars are sent to an address controlled by the attacker.

Why is this trick so effective? First, from a psychological perspective, users tend to trust addresses they’ve recently used more; second, addresses are usually long, and most people don’t verify each digit.

**The Key Step to Self-Rescue**

After the theft, the whale didn’t just sit and wait. They quickly identified the attacker behind the receiving address and took proactive steps to negotiate. Ultimately, through some form of negotiation and compensation, they recovered 90% of the assets. The process itself also teaches the community—a reminder that beyond technical security, social skills and calm judgment are crucial.

**The True Lesson**

The core lesson of this case is simple: no matter how advanced the attack, it can’t beat the combination of human nature and negligence. Address verification should be comprehensive, not just a partial check. Multi-signature wallets, hardware wallets, delayed transfer confirmation mechanisms—these seemingly cumbersome steps can save your assets at critical moments. Moreover, the larger the amount of funds you manage, the more these "small habits" become invaluable.