How a single copy-paste mistake cost a user $50M in USDt

cointelegraphPublicado a 2025-12-20Actualizado a 2025-12-20

Resumen

A user lost nearly $50 million in USDt in an address poisoning scam after mistakenly copying a malicious look-alike address from their transaction history. The scam works by attackers sending small transactions to a victim's wallet using addresses that closely resemble those of the victim's trusted contacts. In this case, the victim first sent a small test transaction to the correct address but then copied a fraudulent, similar-looking address for the full $50 million transfer. Onchain investigators noted the addresses shared the same first three and last four characters, a subtle similarity that can deceive even experienced users. The stolen funds were subsequently swapped for Ether and partially laundered through Tornado Cash. This incident highlights how such attacks exploit human error rather than technical vulnerabilities. The loss occurred amid a broader surge in crypto hacks, which reached $3.4 billion in losses in 2025.

A single transaction error led to one of the largest onchain losses seen this year, after a user mistakenly sent nearly $50 million in USDt to a scam address in a classic address poisoning attack.

According to onchain investigator Web3 Antivirus, the victim lost 49,999,950 USDt (USDT) after copying a malicious wallet address from their transaction history.

Address poisoning scams rely on look-alike wallet addresses being inserted into a victim’s transaction history via small transfers. When victims later copy an address from their transaction history, they may unknowingly select the scammer’s lookalike address instead of the intended recipient.

Onchain data shows the victim initially sent a small test transaction to the correct address. Minutes later, however, the full $50 million transfer was sent to the poisoned address.

*User falls victim to address poisoning scam. Source:* *Web3 Antivirus*

Related: Attacker takes over multisig minutes after creation, drains up to $40M slowly

Subtle address similarity enough to fool experienced users

Security researcher Cos, founder of SlowMist, noted the similarity between the addresses was subtle but enough to deceive even experienced users. “You can see the first 3 characters and last 4 characters are the same,” he wrote.

The victim’s wallet had been active for roughly two years and was primarily used for USDt transfers, according to onchain analysis. Shortly before the loss, the funds were withdrawn from Binance, suggesting the wallet was being actively managed at the time of the incident.

“This is the brutal reality of address poisoning, an attack that doesn’t rely on breaking systems, but on exploiting human habits,” another onchain analyst wrote.

The attacker has since swapped the stolen USDt for Ether (ETH), splitting it into multiple wallets, and partially moved it into Tornado Cash.

Related: Binance denies reports of delayed action over funds linked to Upbit hack

Crypto hacks hit $3.4 billion in 2025

As Cointelegraph reported, crypto-related hacks resulted in $3.4 billion in losses in 2025, marking the highest annual total since 2022. The surge was largely driven by a handful of massive breaches targeting major crypto entities rather than a broad rise in average attack size.

Just three incidents accounted for 69% of total losses this year, led by the $1.4 billion hack of crypto exchange Bybit, which alone made up nearly half of all stolen funds.

Magazine: 2026 is the year of pragmatic privacy in crypto — Canton, Zcash and more

Preguntas relacionadas

QWhat is an address poisoning scam and how did it lead to a $50 million loss?

AAn address poisoning scam is a type of attack where a scammer sends a small transaction to a victim's wallet using a look-alike address. The victim, when later copying an address from their transaction history, may accidentally select the scammer's fraudulent address instead of the legitimate one. In this case, the user mistakenly sent $50 million in USDt to the poisoned address.

QWhat detail did the security researcher from SlowMist point out about the fraudulent address?

AThe security researcher, Cos from SlowMist, noted that the similarity between the legitimate and the fraudulent address was very subtle. He pointed out that the first 3 characters and the last 4 characters of the two addresses were identical, which was enough to deceive even experienced users.

QWhat did the attacker do with the stolen USDt funds after the scam was successful?

AAfter successfully stealing the USDt, the attacker swapped the funds for Ether (ETH). They then split the ETH into multiple wallets and partially moved it into the privacy-focused mixing service, Tornado Cash.

QHow much was lost to crypto hacks in 2025 according to the article, and what was a major contributing factor?

AAccording to the article, crypto-related hacks resulted in $3.4 billion in losses in 2025. The surge was largely driven by a handful of massive breaches targeting major crypto entities, with just three incidents accounting for 69% of the total losses.

QWhat preliminary step did the victim take before sending the full $50 million, and why was it ineffective in preventing the loss?

AThe victim initially sent a small test transaction to the correct address. However, this was ineffective because the scammer's look-alike address was already in their transaction history from a previous, small 'poisoning' transfer. When the victim went to copy the address for the large transfer, they mistakenly selected the fraudulent one.

Lecturas Relacionadas

Is Strategy’s MSTR signaling Bitcoin’s next move? The data says…

Strategy (MSTR) remains a key Bitcoin proxy due to its large BTC holdings. Both assets are in a bearish trend, with a high correlation of 0.95. A bearish fractal pattern suggests MSTR could decline to $70–$80, potentially pulling Bitcoin toward $58,000. On-chain metrics show continued downside risk, as the Short-Term Holder Realized Price remains below the Long-Term Holder level. However, a recent $561.9 million inflow into U.S. Spot Bitcoin ETFs hints at a potential pause in institutional selling, though sustained support is needed for a meaningful recovery.

ambcryptoHace 17 min(s)

Is Strategy’s MSTR signaling Bitcoin’s next move? The data says…

ambcryptoHace 17 min(s)

Moscow Exchange Set to Launch $XRP Indices and Futures Contracts

The Moscow Exchange (MOEX), Russia's largest financial marketplace, is preparing to launch indices and futures contracts for XRP, marking a significant shift in the country's approach to digital assets. This move is seen as a pragmatic step toward using cryptocurrencies for cross-border liquidity outside the SWIFT system, particularly given XRP's institutional settlement utility. The introduction of futures will allow Russian institutional investors to hedge crypto exposure without direct token ownership. In contrast, the retail market is showing increased interest in high-risk, high-reward projects like Maxi Doge ($MAXI), an Ethereum-based token that promotes a high-leverage trading culture. It features gamified trading competitions and a staking system offering 68% APY to incentivize long-term holding. The project has raised $4.5M in its presale, targeting traders seeking aggressive returns in the current bull market.

bitcoinistHace 17 min(s)

Moscow Exchange Set to Launch $XRP Indices and Futures Contracts

bitcoinistHace 17 min(s)

Ethereum rethinks L2 role as activity rises but value secured declines

Ethereum is reassessing the role of layer-2 networks as rollup activity increases while the value secured on them declines. According to L2Beat, total value locked in rollups has fallen 13.2% year-on-year to $40.3 billion, despite transaction throughput rising sharply to around 3,470 user operations per second. Vitalik Buterin recently argued that the original "rollup-centric roadmap" is evolving due to Ethereum's own L1 scaling progress and slower-than-expected decentralization of many L2s. With base-layer gas fees remaining low and upcoming gas-limit increases, Ethereum no longer depends on L2s for block-space capacity as before. Buterin noted that some L2s may not achieve full decentralization, making it impractical to treat them as uniform extensions of Ethereum. The data suggests L2s are increasingly used for execution and low-cost transactions rather than storing large amounts of capital, indicating a shift toward a more diverse ecosystem of specialized networks.

ambcryptoHace 32 min(s)

Ethereum rethinks L2 role as activity rises but value secured declines

ambcryptoHace 32 min(s)

Lido holds demand after Hayes’ 2.3mln transfer – Yet ONE risk won’t go away

Arthur Hayes transferred 2.31 million LDO (worth ~$980K) to FalconX, increasing available supply near a key demand zone around $0.41–$0.42. Despite the transfer, buyers absorbed the added liquidity without panic, as shown by steady spot demand and CVD data. However, the broader structure remains bearish, with sellers controlling the momentum and rebounds fading quickly. Dense liquidity clusters above $0.43 and below $0.40 suggest a volatile breakout is likely once compression ends. LDO remains trapped between defensive demand and structural selling pressure, with a decisive move expected from a liquidity sweep rather than gradual drift.

ambcryptoHace 47 min(s)

Lido holds demand after Hayes’ 2.3mln transfer – Yet ONE risk won’t go away

ambcryptoHace 47 min(s)

Is altseason finally brewing? Only if THESE 2 indicators flip first

Hopes for an altcoin season in 2026 are building as investors look beyond Bitcoin, but conditions for a full altcoin rally are not yet firmly in place. Two key indicators need to flip first. The latest ISM Manufacturing PMI reached 52.6%, its highest in nearly 40 months, pushing U.S. manufacturing into expansion territory. Historically, altcoin rallies followed periods when ISM moved decisively higher, particularly above the 55 mark, as seen in 2017 and 2021. While current levels are below that threshold, a potential turning point may be emerging. However, Ethereum (ETH), a known harbinger of altseason, has closed in the red for 12 of the last 15 months, showing a prolonged stretch of weakness with uneven gains and frequent drawdowns. Sustained altseasons have almost always followed a clear and consistent uptrend in Ethereum. Furthermore, the Altcoin Season Index from CoinGlass was at 39, below the level that usually indicates a rotation away from Bitcoin. At the same time, Bitcoin dominance (BTC.D) remained high near 60% on the daily chart. Altseasons typically begin with a clear decline in BTC dominance as investors move down the risk curve, a shift that has not yet occurred. Overall, while altseason expectations are growing, they may be premature. Early macro signals are improving, but the market lacks a trigger for a true altseason, and capital remains firmly in Bitcoin.

ambcryptoHace 1 hora(s)

Is altseason finally brewing? Only if THESE 2 indicators flip first

ambcryptoHace 1 hora(s)

Trading

Spot

Futuros

Artículos destacados

Cómo comprar BIRB

¡Bienvenido a HTX.com! Hemos hecho que comprar Moonbirds (BIRB) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar Moonbirds (BIRB) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu Moonbirds (BIRB)Después de comprar tu Moonbirds (BIRB), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear Moonbirds (BIRB)Tradear fácilmente con Moonbirds (BIRB) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

472 Vistas totalesPublicado en 2026.01.28Actualizado en 2026.01.28

Cómo comprar USDE

¡Bienvenido a HTX.com! Hemos hecho que comprar USDE (USDE) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar USDE (USDE) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu USDE (USDE)Después de comprar tu USDE (USDE), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear USDE (USDE)Tradear fácilmente con USDE (USDE) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

157 Vistas totalesPublicado en 2026.01.29Actualizado en 2026.01.29

Qué es INX

I. Introducción del ProyectoInfinex es una nueva aplicación criptográfica lanzada por Synthetix, que ofrece acceso a múltiples protocolos, servicios y aplicaciones en la cadena, permitiendo a los usuarios cambiar sin problemas entre diferentes protocolos y cadenas DeFi en una interfaz unificada.II. Información Básica del TokenSímbolo del token: INX (Infinex)III. Enlaces RelacionadosSitio web: https://infinex.xyz/Enlace del bloque: https://etherscan.io/token/0xdef1b2d939edc0e4d35806c59b3166f790175afeRedes sociales: https://x.com/infinexNota: La descripción del proyecto proviene de la información publicada o proporcionada por el equipo oficial del proyecto, puede contener desactualizaciones, errores u omisiones, el contenido relacionado es solo para referencia y no constituye un consejo de inversión, HTX no asumirá ninguna pérdida directa o indirecta derivada de la dependencia de esta información.

260 Vistas totalesPublicado en 2026.01.30Actualizado en 2026.01.30

Discusiones

Bienvenido a la comunidad de HTX. Aquí puedes mantenerte informado sobre los últimos desarrollos de la plataforma y acceder a análisis profesionales del mercado. A continuación se presentan las opiniones de los usuarios sobre el precio de A (A).