How a single copy-paste mistake cost a user $50M in USDt

cointelegraphPublished on 2025-12-20Last updated on 2025-12-20

Abstract

A user lost nearly $50 million in USDt in an address poisoning scam after mistakenly copying a malicious look-alike address from their transaction history. The scam works by attackers sending small transactions to a victim's wallet using addresses that closely resemble those of the victim's trusted contacts. In this case, the victim first sent a small test transaction to the correct address but then copied a fraudulent, similar-looking address for the full $50 million transfer. Onchain investigators noted the addresses shared the same first three and last four characters, a subtle similarity that can deceive even experienced users. The stolen funds were subsequently swapped for Ether and partially laundered through Tornado Cash. This incident highlights how such attacks exploit human error rather than technical vulnerabilities. The loss occurred amid a broader surge in crypto hacks, which reached $3.4 billion in losses in 2025.

A single transaction error led to one of the largest onchain losses seen this year, after a user mistakenly sent nearly $50 million in USDt to a scam address in a classic address poisoning attack.

According to onchain investigator Web3 Antivirus, the victim lost 49,999,950 USDt (USDT) after copying a malicious wallet address from their transaction history.

Address poisoning scams rely on look-alike wallet addresses being inserted into a victim’s transaction history via small transfers. When victims later copy an address from their transaction history, they may unknowingly select the scammer’s lookalike address instead of the intended recipient.

Onchain data shows the victim initially sent a small test transaction to the correct address. Minutes later, however, the full $50 million transfer was sent to the poisoned address.

User falls victim to address poisoning scam. Source: Web3 Antivirus

Related: Attacker takes over multisig minutes after creation, drains up to $40M slowly

Subtle address similarity enough to fool experienced users

Security researcher Cos, founder of SlowMist, noted the similarity between the addresses was subtle but enough to deceive even experienced users. “You can see the first 3 characters and last 4 characters are the same,” he wrote.

The victim’s wallet had been active for roughly two years and was primarily used for USDt transfers, according to onchain analysis. Shortly before the loss, the funds were withdrawn from Binance, suggesting the wallet was being actively managed at the time of the incident.

“This is the brutal reality of address poisoning, an attack that doesn’t rely on breaking systems, but on exploiting human habits,” another onchain analyst wrote.

The attacker has since swapped the stolen USDt for Ether (ETH), splitting it into multiple wallets, and partially moved it into Tornado Cash.

Related: Binance denies reports of delayed action over funds linked to Upbit hack

Crypto hacks hit $3.4 billion in 2025

As Cointelegraph reported, crypto-related hacks resulted in $3.4 billion in losses in 2025, marking the highest annual total since 2022. The surge was largely driven by a handful of massive breaches targeting major crypto entities rather than a broad rise in average attack size.

Just three incidents accounted for 69% of total losses this year, led by the $1.4 billion hack of crypto exchange Bybit, which alone made up nearly half of all stolen funds.

Magazine: 2026 is the year of pragmatic privacy in crypto — Canton, Zcash and more

Related Questions

QWhat is an address poisoning scam and how did it lead to a $50 million loss?

AAn address poisoning scam is a type of attack where a scammer sends a small transaction to a victim's wallet using a look-alike address. The victim, when later copying an address from their transaction history, may accidentally select the scammer's fraudulent address instead of the legitimate one. In this case, the user mistakenly sent $50 million in USDt to the poisoned address.

QWhat detail did the security researcher from SlowMist point out about the fraudulent address?

AThe security researcher, Cos from SlowMist, noted that the similarity between the legitimate and the fraudulent address was very subtle. He pointed out that the first 3 characters and the last 4 characters of the two addresses were identical, which was enough to deceive even experienced users.

QWhat did the attacker do with the stolen USDt funds after the scam was successful?

AAfter successfully stealing the USDt, the attacker swapped the funds for Ether (ETH). They then split the ETH into multiple wallets and partially moved it into the privacy-focused mixing service, Tornado Cash.

QHow much was lost to crypto hacks in 2025 according to the article, and what was a major contributing factor?

AAccording to the article, crypto-related hacks resulted in $3.4 billion in losses in 2025. The surge was largely driven by a handful of massive breaches targeting major crypto entities, with just three incidents accounting for 69% of the total losses.

QWhat preliminary step did the victim take before sending the full $50 million, and why was it ineffective in preventing the loss?

AThe victim initially sent a small test transaction to the correct address. However, this was ineffective because the scammer's look-alike address was already in their transaction history from a previous, small 'poisoning' transfer. When the victim went to copy the address for the large transfer, they mistakenly selected the fraudulent one.

Related Reads

Stablecoin payments below $200 can go tax-free: If Congress agrees

In a renewed bipartisan effort, U.S. lawmakers Max Miller and Steven Horsford have proposed a tax exemption for stablecoin transactions valued at $200 or below, aiming to provide clarity and consumer protection. This follows a previous failed attempt by Senator Cynthia Lummis in 2025 to introduce a similar exemption. Currently, the IRS treats cryptocurrency as property, subjecting it to capital gains tax. Meanwhile, banking lobbyists oppose the high yields offered by crypto exchanges on stablecoin deposits, arguing it threatens traditional banks. Industry leaders, including Gemini's co-founder, are defending the GENIUS Act against what they call anti-competitive overreach by banks. The outcome of both the tax proposal and the stablecoin yield debate remains uncertain.

ambcryptoHace 15 min(s)

Stablecoin payments below $200 can go tax-free: If Congress agrees

ambcryptoHace 15 min(s)

Crypto activity in Brazil rises 43% with average investment surpassing $1,000: Report

Cryptocurrency activity in Brazil surged by 43% in 2025, with the average investment per user exceeding $1,000 (around 5,700 BRL), according to a Mercado Bitcoin report. The market is shifting from speculation to structured investing, with 18% of users diversifying across multiple assets. Bitcoin remained the most-traded asset, followed by USDT, ETH, and SOL. Stablecoins saw triple the previous year’s transactions as investors sought lower volatility. Lower-risk digital fixed-income products grew 108%, with $325 million distributed to investors. Younger investors (under 24) increased by 56%, and participation expanded beyond major cities. Itaú Asset Management recommended a 1–3% Bitcoin allocation due to geopolitical and monetary risks.

cointelegraphHace 59 min(s)

Crypto activity in Brazil rises 43% with average investment surpassing $1,000: Report

cointelegraphHace 59 min(s)

Dialogue with Real Vision CEO: How to Succeed in Crypto by 2026 Without Relying on Luck

In this interview, Real Vision CEO Raoul Pal outlines his framework for succeeding in crypto by 2026 without relying on luck: hold the right assets and do nothing. He emphasizes a long-term perspective, arguing that while short-term market movements are noisy and driven by factors like liquidity fluctuations, the long-term trend is clear—crypto's market cap, currently at $3 trillion, is projected to reach $100 trillion. Pal advises against short-term trading, noting that the market's maturation reduces alpha opportunities outside of long-term holds. His "Don’t Fuck This Up" (DTFU) strategy focuses on minimizing regret by investing in established, high-adoption assets like Bitcoin and Ethereum, which are less likely to fail. He suggests using tools like ChatGPT to analyze on-chain metrics and assess valuation. He explains that the crypto cycle has extended to 2026 due to debt refinancing schedules, which will require significant liquidity. Pal also discusses NFTs as a emerging asset class with long-term potential, despite short-term volatility. His current investment strategy remains largely unchanged, with a focus on assets like SUI, which he views as undervalued based on adoption metrics. Ultimately, Pal's advice is to adopt a multi-year horizon, avoid leveraging others' convictions, and maintain a diversified portfolio aligned with personal risk tolerance. The key is to ignore noise and focus on the broader adoption and macroeconomic trends driving crypto's growth.

marsbitHace 1 hora(s)

Dialogue with Real Vision CEO: How to Succeed in Crypto by 2026 Without Relying on Luck

marsbitHace 1 hora(s)

Bitcoin: Here’s why $85K has become a critical level for BTC!

Despite a strong year for institutional crypto adoption in 2025, Bitcoin is facing a critical test at the $85,000 level. This price represents the average cost basis for U.S. spot Bitcoin ETFs, putting ETF holders at a breakeven point and making it a key technical support. However, institutional demand has weakened, with ETFs seeing net outflows. On-chain data shows long-term holders are taking profits and short-term holders are capitulating. The bearish sentiment is further confirmed by a negative Coinbase Premium Index, indicating muted buying interest from U.S. investors. Consequently, the $85k support is fragile, and a deeper correction remains a significant risk if ETF holders begin to sell.

ambcryptoHace 1 hora(s)

Bitcoin: Here’s why $85K has become a critical level for BTC!

ambcryptoHace 1 hora(s)

Expert Breakdown: How Ozak AI Outshines Top Tokens in Growth Speed, ROI Forecasts, and Utility for 2025–2030

Expert analysis positions Ozak AI ($OZ) as a standout project for the 2025–2030 period, outpacing major tokens in growth speed, ROI potential, and real-world utility. Currently in Phase 7 of its presale at $0.014, it has raised over $4.9 million, demonstrating rapid adoption driven by its low entry cost and integration of AI with decentralized physical infrastructure (DePIN). ROI forecasts suggest potential gains of 50x–120x post-listing and up to 300x–500x long-term, significantly exceeding projections for established tokens like Bitcoin and Ethereum. Its utility includes AI-driven automation, cross-chain interoperability, staking, and governance, supported by audited smart contracts and strategic partnerships. Ozak AI’s combination of technological innovation, scalability, and practical applications positions it as a leading AI infrastructure contender in the coming decade.

TheNewsCryptoHace 1 hora(s)

Expert Breakdown: How Ozak AI Outshines Top Tokens in Growth Speed, ROI Forecasts, and Utility for 2025–2030

TheNewsCryptoHace 1 hora(s)

Trading

Spot
Futures

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of A (A) are presented below.

活动图片