Nearly $50 Million Lost in Address Poisoning Scam
A single transaction error led to one of the largest on-chain losses seen this year, after a user mistakenly sent nearly $50 million in USDt to a scam address in a classic address poisoning attack.
According to on-chain investigator Web3 Antivirus, the victim lost 49,999,950 USDt after copying a malicious wallet address from their transaction history. Address poisoning scams rely on look-alike wallet addresses being inserted into a victim’s transaction history via small transfers. When victims later copy an address from their transaction history, they may unknowingly select the scammer’s lookalike address instead of the intended recipient.
On-chain data shows the victim initially sent a small test transaction to the correct address. Minutes later, however, the full $50 million transfer was sent to the poisoned address.
How Address Poisoning Scams Work
Address poisoning scams are a type of attack that exploits human habits rather than breaking systems. Security researcher Cos, founder of SlowMist, noted the similarity between the addresses was subtle but enough to deceive even experienced users. “You can see the first 3 characters and last 4 characters are the same,” he wrote.
The Victim's Wallet Activity
The victim’s wallet had been active for roughly two years and was primarily used for USDt transfers, according to on-chain analysis. Shortly before the loss, the funds were withdrawn from Binance, suggesting the wallet was being actively managed at the time of the incident.
The Attacker's Actions
The attacker has since swapped the stolen USDt for Ether (ETH), splitting it into multiple wallets, and partially moved it into Tornado Cash.
The Broader Context of Crypto Hacks
As Cointelegraph reported, crypto-related hacks resulted in $3.4 billion in losses in 2025, marking the highest annual total since 2022. The surge was largely driven by a handful of massive breaches targeting major crypto entities rather than a broad rise in average attack size. Just three incidents accounted for 69% of total losses this year, led by the $1.4 billion hack of crypto exchange Bybit, which alone made up nearly half of all stolen funds.
Conclusion and Implications
The incident highlights the importance of vigilance and caution when managing cryptocurrency transactions. Users must be aware of the risks of address poisoning scams and take steps to protect themselves, such as double-checking wallet addresses and using secure transaction protocols. The incident also underscores the need for continued innovation and improvement in crypto security measures to prevent such attacks in the future.
Stay Updated – Subscribe to Our Newsletter
Get the latest crypto news, analysis, and insights delivered straight to your inbox.
No spam, ever. Unsubscribe anytime.Master Crypto Security with Crypto Security 101
Protect your digital assets from hacks, scams, and theft. The Economic Ninja's essential course teaches you proven security practices every crypto holder needs.
Affiliate Disclosure: This is an affiliate link. We may earn a commission at no extra cost to you.
Enroll in Crypto Security 101 →DISCLAIMER: Content is for informational purposes only. Not financial, investment, or legal advice. Cryptocurrencies are highly volatile with substantial risks including complete loss of principal. Conduct your own research and consult qualified professionals before making financial decisions. We make no warranties regarding accuracy or completeness. Not liable for losses from use of this content. Affiliate Disclosure: Some links are affiliate links. We may earn commissions at no extra cost to you.