How a single copy-paste mistake cost a user $50M in USDt

cointelegraph2025-12-20 tarihinde yayınlandı2025-12-20 tarihinde güncellendi

Özet

A user lost nearly $50 million in USDt in an address poisoning scam after mistakenly copying a malicious look-alike address from their transaction history. The scam works by attackers sending small transactions to a victim's wallet using addresses that closely resemble those of the victim's trusted contacts. In this case, the victim first sent a small test transaction to the correct address but then copied a fraudulent, similar-looking address for the full $50 million transfer. Onchain investigators noted the addresses shared the same first three and last four characters, a subtle similarity that can deceive even experienced users. The stolen funds were subsequently swapped for Ether and partially laundered through Tornado Cash. This incident highlights how such attacks exploit human error rather than technical vulnerabilities. The loss occurred amid a broader surge in crypto hacks, which reached $3.4 billion in losses in 2025.

A single transaction error led to one of the largest onchain losses seen this year, after a user mistakenly sent nearly $50 million in USDt to a scam address in a classic address poisoning attack.

According to onchain investigator Web3 Antivirus, the victim lost 49,999,950 USDt (USDT) after copying a malicious wallet address from their transaction history.

Address poisoning scams rely on look-alike wallet addresses being inserted into a victim’s transaction history via small transfers. When victims later copy an address from their transaction history, they may unknowingly select the scammer’s lookalike address instead of the intended recipient.

Onchain data shows the victim initially sent a small test transaction to the correct address. Minutes later, however, the full $50 million transfer was sent to the poisoned address.

*User falls victim to address poisoning scam. Source:* *Web3 Antivirus*

Related: Attacker takes over multisig minutes after creation, drains up to $40M slowly

Subtle address similarity enough to fool experienced users

Security researcher Cos, founder of SlowMist, noted the similarity between the addresses was subtle but enough to deceive even experienced users. “You can see the first 3 characters and last 4 characters are the same,” he wrote.

The victim’s wallet had been active for roughly two years and was primarily used for USDt transfers, according to onchain analysis. Shortly before the loss, the funds were withdrawn from Binance, suggesting the wallet was being actively managed at the time of the incident.

“This is the brutal reality of address poisoning, an attack that doesn’t rely on breaking systems, but on exploiting human habits,” another onchain analyst wrote.

The attacker has since swapped the stolen USDt for Ether (ETH), splitting it into multiple wallets, and partially moved it into Tornado Cash.

Related: Binance denies reports of delayed action over funds linked to Upbit hack

Crypto hacks hit $3.4 billion in 2025

As Cointelegraph reported, crypto-related hacks resulted in $3.4 billion in losses in 2025, marking the highest annual total since 2022. The surge was largely driven by a handful of massive breaches targeting major crypto entities rather than a broad rise in average attack size.

Just three incidents accounted for 69% of total losses this year, led by the $1.4 billion hack of crypto exchange Bybit, which alone made up nearly half of all stolen funds.

Magazine: 2026 is the year of pragmatic privacy in crypto — Canton, Zcash and more

İlgili Sorular

QWhat is an address poisoning scam and how did it lead to a $50 million loss?

AAn address poisoning scam is a type of attack where a scammer sends a small transaction to a victim's wallet using a look-alike address. The victim, when later copying an address from their transaction history, may accidentally select the scammer's fraudulent address instead of the legitimate one. In this case, the user mistakenly sent $50 million in USDt to the poisoned address.

QWhat detail did the security researcher from SlowMist point out about the fraudulent address?

AThe security researcher, Cos from SlowMist, noted that the similarity between the legitimate and the fraudulent address was very subtle. He pointed out that the first 3 characters and the last 4 characters of the two addresses were identical, which was enough to deceive even experienced users.

QWhat did the attacker do with the stolen USDt funds after the scam was successful?

AAfter successfully stealing the USDt, the attacker swapped the funds for Ether (ETH). They then split the ETH into multiple wallets and partially moved it into the privacy-focused mixing service, Tornado Cash.

QHow much was lost to crypto hacks in 2025 according to the article, and what was a major contributing factor?

AAccording to the article, crypto-related hacks resulted in $3.4 billion in losses in 2025. The surge was largely driven by a handful of massive breaches targeting major crypto entities, with just three incidents accounting for 69% of the total losses.

QWhat preliminary step did the victim take before sending the full $50 million, and why was it ineffective in preventing the loss?

AThe victim initially sent a small test transaction to the correct address. However, this was ineffective because the scammer's look-alike address was already in their transaction history from a previous, small 'poisoning' transfer. When the victim went to copy the address for the large transfer, they mistakenly selected the fraudulent one.

İlgili Okumalar

RIVER tanks 32% in 24 hours, but are more losses ahead?

RIVER (RIVER) experienced a significant 32% price drop in 24 hours, breaking a key support level at $11.20 and trading at $8.51. Despite the decline, trading volume surged over 110% to $90.95 million, indicating strong market interest. On-chain data shows exchange reserves increased by 7.08%, suggesting potential sell-off preparations, while derivatives activity reveals growing bullish sentiment among intraday traders. Key support is now at $8.25; a break below could lead to a further 48% decline, while holding above may trigger a recovery. Analysts warn of a possible drop to $7.50 if bearish momentum continues. The ADX reading of 18.89 indicates weak directional momentum.

ambcrypto3 dk önce

RIVER tanks 32% in 24 hours, but are more losses ahead?

ambcrypto3 dk önce

Peter Thiel Dumps Ethereum Treasury Play ETHZilla, Exits Entire Stake

Peter Thiel and entities linked to Founders Fund have completely exited their position in ETHZilla, a publicly traded company that initially positioned itself as an Ethereum treasury play. A recent SEC filing shows the group held zero common shares as of Dec. 31, 2025, eliminating a stake that previously amounted to 5.6% of the class. This exit coincides with ETHZilla's strategic pivot away from holding ETH and toward tokenized real-world assets, such as aircraft engine leases. The timing raises questions about whether Thiel’s departure preceded the company’s shift in strategy. Commentators on social media have noted Thiel’s history of exiting positions ahead of market downturns. At the time of reporting, Ethereum was trading at $1,984.

bitcoinist3 dk önce

Peter Thiel Dumps Ethereum Treasury Play ETHZilla, Exits Entire Stake

bitcoinist3 dk önce

Masters of Trivia Launches March 1 “Year of the Horse” On-Chain Trivia Tournament on Solana With 1,000 MOT Token Prize Pool

Masters of Trivia announces the "Year of the Horse" on-chain trivia tournament on March 1, 2026, from 12:00 p.m. to 1:00 p.m. ET. The Solana-native event features 30 timed questions themed around Lunar New Year traditions. A prize pool of 1,000 MOT tokens and handcrafted art sculptures will be awarded to top performers. The platform utilizes the MOT token on the Solana blockchain, with liquidity in the MOT/SOL trading pair. MOT is listed on CoinMarketCap, and the company was selected for the HundrED Global Collection 2026. Registration and details are available through the provided links.

TheNewsCrypto14 dk önce

Masters of Trivia Launches March 1 “Year of the Horse” On-Chain Trivia Tournament on Solana With 1,000 MOT Token Prize Pool

TheNewsCrypto14 dk önce

Dragonfly: Crypto Was Not Made for Humans

Crypto Was Not Made for Humans: A Summary Dragonfly Capital partner Haseeb Qureshi argues that cryptocurrency was not designed for human use, but rather for AI agents. Despite being a crypto-native firm, Dragonfly still relies on legal contracts over smart contracts for investments, highlighting that traditional systems are built for human fallibility—featuring safeguards, reversibility, and intuitive interfaces that crypto lacks. Crypto, with its rigid, deterministic, and code-based nature, is error-prone for humans, leading to fears around transactions, phishing, and irreversible mistakes. However, these very traits make it ideal for AI. AI agents can perfectly verify transactions, audit contracts, and operate within crypto’s 24/7, borderless, and self-sovereign environment. They prefer code over ambiguous legal systems, which are slow and unpredictable. Qureshi envisions a future of "self-driving" wallets where AI agents handle all financial interactions, navigating DeFi protocols on behalf of users. These agents will also transact with each other autonomously, forming an economy of non-human participants—a reality already emerging with projects like Moltbook and Conway Research. In conclusion, crypto’s perceived flaws are not shortcomings but indications that humans are not the intended users. Within a decade, direct human interaction with crypto may seem archaic, as AI agents become the primary interface, unlocking the technology’s full potential.

marsbit51 dk önce

Dragonfly: Crypto Was Not Made for Humans

marsbit51 dk önce

After Raising $650 Million, Dragonfly Believes Crypto Was Not Made for Humans

Dragonfly Capital partner Haseeb Qureshi argues that cryptocurrency was not designed for humans but is instead the ideal financial system for AI agents. Despite being a crypto-native firm, Dragonfly still relies on legal contracts over smart contracts for investments, highlighting that traditional systems are built for human fallibility—featuring safeguards, reversibility, and intuitive interfaces. Crypto, by contrast, is rigid, error-prone, and unforgiving, with complex addresses, gas fees, and irreversible transactions posing significant risks to human users. Qureshi posits that AI agents are the natural users of crypto: they operate with precision, trust code over ambiguous legal systems, and can verify transactions instantly. Unlike humans, AI can navigate crypto ecosystem autonomously, negotiating and executing binding agreements via smart contracts within minutes. Crypto’s global, permissionless, and deterministic nature makes it perfect for AI-to-AI economic activity, which is already emerging with projects like Moltbook and Conway Research’s autonomous agents. He predicts the future interface for crypto will be “self-driving” wallets managed by AI, which will handle financial tasks on behalf of users. This shift will transform how protocols compete and market themselves. In a decade, humans may look back in astonishment that they ever interacted directly with crypto—its true potential unlocked only when its complementary technology, AI, arrived.

Odaily星球日报54 dk önce

After Raising $650 Million, Dragonfly Believes Crypto Was Not Made for Humans

Odaily星球日报54 dk önce

İşlemler

Spot

Futures

Popüler Makaleler

CLANKER Nasıl Satın Alınır

HTX.com’a hoş geldiniz! tokenbot (CLANKER) satın alma işlemlerini basit ve kullanışlı bir hâle getirdik. Adım adım açıkladığımız rehberimizi takip ederek kripto yolculuğunuza başlayın. 1. Adım: HTX Hesabınızı OluşturunHTX'te ücretsiz bir hesap açmak için e-posta adresinizi veya telefon numaranızı kullanın. Sorunsuzca kaydolun ve tüm özelliklerin kilidini açın. Hesabımı Aç2. Adım: Kripto Satın Al Bölümüne Gidin ve Ödeme Yönteminizi SeçinKredi/Banka Kartı: Visa veya Mastercard'ınızı kullanarak anında tokenbot (CLANKER) satın alın.Bakiye: Sorunsuz bir şekilde işlem yapmak için HTX hesap bakiyenizdeki fonları kullanın.Üçüncü Taraflar: Kullanımı kolaylaştırmak için Google Pay ve Apple Pay gibi popüler ödeme yöntemlerini ekledik.P2P: HTX'teki diğer kullanıcılarla doğrudan işlem yapın.Borsa Dışı (OTC): Yatırımcılar için kişiye özel hizmetler ve rekabetçi döviz kurları sunuyoruz.3. Adım: tokenbot (CLANKER) Varlıklarınızı Saklayıntokenbot (CLANKER) satın aldıktan sonra HTX hesabınızda saklayın. Alternatif olarak, blok zinciri transferi yoluyla başka bir yere gönderebilir veya diğer kripto para birimlerini takas etmek için kullanabilirsiniz.4. Adım: tokenbot (CLANKER) Varlıklarınızla İşlem YapınHTX'in spot piyasasında tokenbot (CLANKER) ile kolayca işlemler yapın.Hesabınıza erişin, işlem çiftinizi seçin, işlemlerinizi gerçekleştirin ve gerçek zamanlı olarak izleyin. Hem yeni başlayanlar hem de deneyimli yatırımcılar için kullanıcı dostu bir deneyim sunuyoruz.

172 Toplam GörüntülenmeYayınlanma 2026.02.04Güncellenme 2026.02.04

KGST Nedir

I. Proje TanıtımıKGST, Kırgız Somu'na (KGS) 1:1 oranında sabitlenmiş, tamamen desteklenen bir stabilcoin'dir ve Kırgızistan ile daha geniş Orta Asya bölgesi için güvenli, şeffaf ve verimli bir dijital para çözümü sağlamak amacıyla tasarlanmıştır. KGST, hızlı, düşük maliyetli ödemeleri, sınır ötesi havaleleri ve finansal kapsayıcılığı sağlamak için BSC blok zinciri teknolojisinden yararlanırken, sıkı düzenleyici uyum ve sağlam rezerv yönetimini de korumaktadır.II. Token Bilgisi1) Temel BilgilerToken adı: KGST (KGST)III. İlgili BağlantılarWeb sitesi：https://www.kgstoken.kg/Keşif Araçları：https://bscscan.com/address/0x94be0bbA8E1E303fE998c9360B57b826F1A4f828Sosyal Medya：https://twitter.com/kgstokenNot: Proje tanıtımı, resmi proje ekibi tarafından yayımlanan veya sağlanan materyallerden alınmıştır, yalnızca referans amaçlıdır ve yatırım tavsiyesi niteliği taşımaz. HTX, ortaya çıkan doğrudan veya dolaylı kayıplardan sorumluluk kabul etmez.

110 Toplam GörüntülenmeYayınlanma 2026.02.09Güncellenme 2026.02.09

KGST Nasıl Satın Alınır

HTX.com’a hoş geldiniz! KGST (KGST) satın alma işlemlerini basit ve kullanışlı bir hâle getirdik. Adım adım açıkladığımız rehberimizi takip ederek kripto yolculuğunuza başlayın. 1. Adım: HTX Hesabınızı OluşturunHTX'te ücretsiz bir hesap açmak için e-posta adresinizi veya telefon numaranızı kullanın. Sorunsuzca kaydolun ve tüm özelliklerin kilidini açın. Hesabımı Aç2. Adım: Kripto Satın Al Bölümüne Gidin ve Ödeme Yönteminizi SeçinKredi/Banka Kartı: Visa veya Mastercard'ınızı kullanarak anında KGST (KGST) satın alın.Bakiye: Sorunsuz bir şekilde işlem yapmak için HTX hesap bakiyenizdeki fonları kullanın.Üçüncü Taraflar: Kullanımı kolaylaştırmak için Google Pay ve Apple Pay gibi popüler ödeme yöntemlerini ekledik.P2P: HTX'teki diğer kullanıcılarla doğrudan işlem yapın.Borsa Dışı (OTC): Yatırımcılar için kişiye özel hizmetler ve rekabetçi döviz kurları sunuyoruz.3. Adım: KGST (KGST) Varlıklarınızı SaklayınKGST (KGST) satın aldıktan sonra HTX hesabınızda saklayın. Alternatif olarak, blok zinciri transferi yoluyla başka bir yere gönderebilir veya diğer kripto para birimlerini takas etmek için kullanabilirsiniz.4. Adım: KGST (KGST) Varlıklarınızla İşlem YapınHTX'in spot piyasasında KGST (KGST) ile kolayca işlemler yapın.Hesabınıza erişin, işlem çiftinizi seçin, işlemlerinizi gerçekleştirin ve gerçek zamanlı olarak izleyin. Hem yeni başlayanlar hem de deneyimli yatırımcılar için kullanıcı dostu bir deneyim sunuyoruz.

103 Toplam GörüntülenmeYayınlanma 2026.02.09Güncellenme 2026.02.09

Tartışmalar

HTX Topluluğuna hoş geldiniz. Burada, en son platform gelişmeleri hakkında bilgi sahibi olabilir ve profesyonel piyasa görüşlerine erişebilirsiniz. Kullanıcıların A (A) fiyatı hakkındaki görüşleri aşağıda sunulmaktadır.