How a single copy-paste mistake cost a user $50M in USDt

cointelegraphОпубліковано о 2025-12-20Востаннє оновлено о 2025-12-20

Анотація

A user lost nearly $50 million in USDt in an address poisoning scam after mistakenly copying a malicious look-alike address from their transaction history. The scam works by attackers sending small transactions to a victim's wallet using addresses that closely resemble those of the victim's trusted contacts. In this case, the victim first sent a small test transaction to the correct address but then copied a fraudulent, similar-looking address for the full $50 million transfer. Onchain investigators noted the addresses shared the same first three and last four characters, a subtle similarity that can deceive even experienced users. The stolen funds were subsequently swapped for Ether and partially laundered through Tornado Cash. This incident highlights how such attacks exploit human error rather than technical vulnerabilities. The loss occurred amid a broader surge in crypto hacks, which reached $3.4 billion in losses in 2025.

A single transaction error led to one of the largest onchain losses seen this year, after a user mistakenly sent nearly $50 million in USDt to a scam address in a classic address poisoning attack.

According to onchain investigator Web3 Antivirus, the victim lost 49,999,950 USDt (USDT) after copying a malicious wallet address from their transaction history.

Address poisoning scams rely on look-alike wallet addresses being inserted into a victim’s transaction history via small transfers. When victims later copy an address from their transaction history, they may unknowingly select the scammer’s lookalike address instead of the intended recipient.

Onchain data shows the victim initially sent a small test transaction to the correct address. Minutes later, however, the full $50 million transfer was sent to the poisoned address.

*User falls victim to address poisoning scam. Source:* *Web3 Antivirus*

Related: Attacker takes over multisig minutes after creation, drains up to $40M slowly

Subtle address similarity enough to fool experienced users

Security researcher Cos, founder of SlowMist, noted the similarity between the addresses was subtle but enough to deceive even experienced users. “You can see the first 3 characters and last 4 characters are the same,” he wrote.

The victim’s wallet had been active for roughly two years and was primarily used for USDt transfers, according to onchain analysis. Shortly before the loss, the funds were withdrawn from Binance, suggesting the wallet was being actively managed at the time of the incident.

“This is the brutal reality of address poisoning, an attack that doesn’t rely on breaking systems, but on exploiting human habits,” another onchain analyst wrote.

The attacker has since swapped the stolen USDt for Ether (ETH), splitting it into multiple wallets, and partially moved it into Tornado Cash.

Related: Binance denies reports of delayed action over funds linked to Upbit hack

Crypto hacks hit $3.4 billion in 2025

As Cointelegraph reported, crypto-related hacks resulted in $3.4 billion in losses in 2025, marking the highest annual total since 2022. The surge was largely driven by a handful of massive breaches targeting major crypto entities rather than a broad rise in average attack size.

Just three incidents accounted for 69% of total losses this year, led by the $1.4 billion hack of crypto exchange Bybit, which alone made up nearly half of all stolen funds.

Magazine: 2026 is the year of pragmatic privacy in crypto — Canton, Zcash and more

Трендові криптовалюти

CitreaCTR

wrapped stUSDTWSTUSDT

Velodrome FinanceVELODROME

BrevisBREV

ZRX（0X）ZRX

PancakeSwapCAKE

Пов'язані питання

QWhat is an address poisoning scam and how did it lead to a $50 million loss?

AAn address poisoning scam is a type of attack where a scammer sends a small transaction to a victim's wallet using a look-alike address. The victim, when later copying an address from their transaction history, may accidentally select the scammer's fraudulent address instead of the legitimate one. In this case, the user mistakenly sent $50 million in USDt to the poisoned address.

QWhat detail did the security researcher from SlowMist point out about the fraudulent address?

AThe security researcher, Cos from SlowMist, noted that the similarity between the legitimate and the fraudulent address was very subtle. He pointed out that the first 3 characters and the last 4 characters of the two addresses were identical, which was enough to deceive even experienced users.

QWhat did the attacker do with the stolen USDt funds after the scam was successful?

AAfter successfully stealing the USDt, the attacker swapped the funds for Ether (ETH). They then split the ETH into multiple wallets and partially moved it into the privacy-focused mixing service, Tornado Cash.

QHow much was lost to crypto hacks in 2025 according to the article, and what was a major contributing factor?

AAccording to the article, crypto-related hacks resulted in $3.4 billion in losses in 2025. The surge was largely driven by a handful of massive breaches targeting major crypto entities, with just three incidents accounting for 69% of the total losses.

QWhat preliminary step did the victim take before sending the full $50 million, and why was it ineffective in preventing the loss?

AThe victim initially sent a small test transaction to the correct address. However, this was ineffective because the scammer's look-alike address was already in their transaction history from a previous, small 'poisoning' transfer. When the victim went to copy the address for the large transfer, they mistakenly selected the fraudulent one.

Пов'язані матеріали

The Impossible Trilemma Is Basically a Pseudo-Problem

The article argues that the core limitation of blockchain technology is not the scalability trilemma, but its fundamental lack of privacy, which acts as a barrier to institutional capital. It defines blockchain as a slow, expensive, shared computer whose primary value is "permissionlessness" (no administrator) and verifiable trust. While this is ideal for native financial assets like stable币, which now process trillions, two critical flaws remain for mainstream adoption: regulatory legitimacy and a default transparency that leaks all financial activity. The author contends that transparency is not a feature but a tax, quantified through MEV extraction, making the public ledger unusable for serious institutions. However, modern cryptography, specifically zero-knowledge proofs, now offers a solution: "provable privacy." This allows users to prove compliance (e.g., solvency, KYC) without revealing underlying data. This fusion of privacy and auditability resolves the transparency-compliant privacy-compliance dichotomy, enabling a purely upgraded system where transactions are verified but not broadcasted. Closing these flaws is presented as the essential bridge to onboard the next wave of trillions in capital.

marsbit6 год тому

The Impossible Trilemma Is Basically a Pseudo-Problem

marsbit6 год тому

The "Impossible Triad" Is Fundamentally a Pseudo-Problem

The article argues that blockchain's fundamental limitation is not the scalability trilemma (decentralization, scalability, security), which has been largely solved, but the lack of **privacy** and, until recently, clear **legitimacy**. Blockchain is described as a slow, expensive, globally shared computer whose core value is censorship resistance and verifiability. While ideal for native digital assets like money (e.g., stablecoins), its default transparency acts as a **tax**, exposing all transactions and enabling MEV extraction, which deters serious institutional capital. Simultaneously, its permissionless nature created regulatory ambiguity. The piece contends that **privacy** is the missing critical feature. It rejects the false choice between total transparency and complete anonymity. Modern cryptography (like zero-knowledge proofs) enables **compliant privacy**: users can prove facts (solvency, KYC status, compliance) without revealing the underlying sensitive data (specific holdings, identities). This preserves auditability for regulators and eliminates the leak of financial information. With recent regulatory progress (e.g., the GENIUS Act) addressing legitimacy, adding default, provably compliant privacy becomes a pure upgrade. It transforms blockchain from a costly, public ledger into a confidential settlement layer, finally bridging the gap to mainstream institutional and individual adoption of on-chain finance.

链捕手6 год тому

The "Impossible Triad" Is Fundamentally a Pseudo-Problem

链捕手6 год тому

Optical Chips: Collective Capacity Expansion

The global optical chip industry is experiencing a massive wave of expansion driven by surging AI data center demand. Major players across the US, Japan, Europe, and China are aggressively investing to ramp up production capacity. In the US, Coherent is expanding its 6-inch Indium Phosphide (InP) semiconductor fab in Texas, supported by CHIPS Act funding and a $2 billion strategic investment from NVIDIA. Lumentum is building a new factory for InP optical devices, and Nokia is scaling its advanced photonic chip packaging and testing capabilities. NVIDIA's investments aim to secure future supply of critical lasers and optical interconnect products for AI infrastructure. Japan's JX Advanced Metals, a leading InP substrate supplier, plans a multi-billion yen investment to increase its capacity 7-10 times, strengthening its grip on the crucial upstream materials market. In Europe, IQE and Tower Semiconductor settled a patent dispute and signed a multi-year InP epitaxial wafer supply agreement, highlighting that next-generation silicon photonics platforms will integrate high-performance InP components. STMicroelectronics and Sivers Semiconductors are also expanding silicon photonics production and partnerships. China is rapidly building out its domestic supply chain. Dongshan Precision's subsidiary, Source Photonics, announced a $12 billion project to expand optical chip and module production. Companies like Sanan Optoelectronics and Yunnan Germanium are scaling up InP chip manufacturing and substrate production, moving towards vertical integration from materials to modules. While debate continues around the exact future architecture—whether CPO (Co-Packaged Optics), NPO, or pluggables will dominate—analysts like Morgan Stanley argue the underlying driver is unchangeable: the explosive growth in bandwidth demand. This will inevitably increase the volume of optical engines, lasers, and related content per GPU, regardless of the final technical path. The competition for "more light" in the AI era has intensified into a global, full-chain capacity race.

marsbit8 год тому

Optical Chips: Collective Capacity Expansion

marsbit8 год тому

Stablecoins Finally Find Real Yield: An In-Depth Look at On-Chain Reinsurance Re | A Conversation with Re Founder Karan Saroya

Stablecoin Real Yield Found: A Deep Dive into On-Chain Reinsurance with Re's Karan Saroya As stablecoin supply exceeds $170 billion, the search for sustainable, non-speculative yield intensifies. Re, an on-chain reinsurance platform, provides an answer: connecting stablecoin capital to the trillion-dollar traditional reinsurance market. Re operates as a regulated reinsurer, accepting stablecoin deposits as collateral to back US insurance companies. These insurers pay premiums, generating yield that flows back to on-chain depositors. Currently supporting 35 insurers and underwriting $500 million, Re projects scaling to over $1 billion soon. Key insights from a Bankless podcast with founder Karan Saroya and investor Avichal of Electric Capital: 1. **Uncorrelated, Real-World Yield:** Re offers stablecoin holders access to reinsurance returns (targeting 12-14%+), an asset class entirely separate from crypto or equity markets. 2. **Operational Efficiency via Smart Contracts:** Re replaces traditional, labor-intensive capital fundraising with smart contracts, allowing a ~12-person team to compete with industry giants. 3. **Regulatory Leverage:** For every $1 of collateral, regulations allow backing $5-7 in written premiums. This leverage amplifies returns from the underlying risk-free rate. 4. **DeFi Integration:** Depositors receive receipt tokens, which can be used in protocols like Morpho for "looping," potentially pushing yields to 18-20%+. 5. **The "DeFi Mullet" Model:** A compliant front-end (regulated reinsurer) paired with a decentralized back-end (smart contracts, DeFi capital markets). 6. **RE Governance Token:** Modeled on Lloyd's of London, the token governs the central capital pool's allocation, counterparty acceptance, and parameters. 7. **Real Economic Impact:** Capital funds real-world productivity (factories, clinics, businesses) via insurance, moving beyond crypto's internal loops. The discussion highlights a pivotal moment: DeFi's supply-side infrastructure is now met by real demand for productive yield, potentially kickstarting a flywheel where vast on-chain stablecoin capital seeks these real-world returns.

链捕手9 год тому

Stablecoins Finally Find Real Yield: An In-Depth Look at On-Chain Reinsurance Re | A Conversation with Re Founder Karan Saroya

链捕手9 год тому

1996 or 1999? Walsh's First Test is 'How to View AI'

"1996 or 1999? Wall's First Big Test Is 'How to View AI'" Federal Reserve Chairman Wall's initial challenge is not whether to raise or cut rates, but a more fundamental judgment: what kind of boom is the current AI boom? This will determine the Fed's policy path and define his legacy. Economics is split between two opposing views, according to reporter Nick Timiraos. One sees imminent productivity gains that will increase supply and cool inflation, allowing the Fed to hold steady. The other argues that while productivity benefits are distant, demand shocks are here now, and waiting for data confirmation risks missing the intervention window, forcing sharper rate hikes later. Wall has signaled a leaning toward the first view, echoing 1996-era Alan Greenspan, who embraced strong, productivity-driven growth without fear of inflation. However, Wall faces a different macro environment than Greenspan did, with tariff pressures, expanding fiscal deficits, and diminishing globalization benefits, which could force more significant inflation pressures even if AI benefits materialize. Wall's logic, expressed before taking office, is that AI-driven productivity gains won't show in official data for years. If the Fed waits for confirmation, it might mistakenly tighten policy and choke off the very growth that could suppress inflation. This argues for using forward-looking narratives over lagging data. Chicago Fed President Austan Goolsbee presents a key counter-argument. He distinguishes between expected and unexpected productivity booms. A widely anticipated boom, like the current AI wave, can cause people to spend future wealth gains in advance, overheating the economy before productivity actually rises, thus requiring preemptive rate hikes. He cites rising costs for AI data centers as evidence of such overheating. Fed Governor Christopher Waller offers a rebuttal to Goolsbee, noting the "expected spending" mechanism only works if people can borrow against future income, which many households cannot do due to borrowing constraints. Wall also faces a paradox related to his desire to reduce the Fed's use of "forward guidance" (pre-announcing policy moves). This practice was established in 1999 when Greenspan began signaling hikes to avoid market shocks. If the economy follows a less optimistic path, Wall may be forced to choose between using the guidance he wants to abolish or risking market volatility by staying silent. The ultimate question defining Wall's first major test remains: Is this 1996 or 1999?

marsbit10 год тому

1996 or 1999? Walsh's First Test is 'How to View AI'

marsbit10 год тому

Торгівля

Спот

Ф'ючерси

Популярні статті

Що таке XAG

XAGUSDT Перпетуальний контракт - це торговий символ для срібла, ціна якого вказана в доларах США, що представляє 1 тройську унцію срібла.

6 переглядів усьогоОпубліковано 2026.06.18Оновлено 2026.06.18

Як купити XAG

Ласкаво просимо до HTX.com! Ми зробили покупку Silver (XAG) простою та зручною. Дотримуйтесь нашої покрокової інструкції, щоб розпочати свою криптовалютну подорож.Крок 1: Створіть обліковий запис на HTXВикористовуйте свою електронну пошту або номер телефону, щоб зареєструвати обліковий запис на HTX безплатно. Пройдіть безпроблемну реєстрацію й отримайте доступ до всіх функцій.ЗареєструватисьКрок 2: Перейдіть до розділу Купити крипту і виберіть спосіб оплатиКредитна/дебетова картка: використовуйте вашу картку Visa або Mastercard, щоб миттєво купити Silver (XAG).Баланс: використовуйте кошти з балансу вашого рахунку HTX для безперешкодної торгівлі.Треті особи: ми додали популярні способи оплати, такі як Google Pay та Apple Pay, щоб підвищити зручність.P2P: Торгуйте безпосередньо з іншими користувачами на HTX.Позабіржова торгівля (OTC): ми пропонуємо індивідуальні послуги та конкурентні обмінні курси для трейдерів.Крок 3: Зберігайте свої Silver (XAG)Після придбання Silver (XAG) збережіть його у своєму обліковому записі на HTX. Крім того, ви можете відправити його в інше місце за допомогою блокчейн-переказу або використовувати його для торгівлі іншими криптовалютами.Крок 4: Торгівля Silver (XAG)Легко торгуйте Silver (XAG) на спотовому ринку HTX. Просто увійдіть до свого облікового запису, виберіть торгову пару, укладайте угоди та спостерігайте за ними в режимі реального часу. Ми пропонуємо зручний досвід як для початківців, так і для досвідчених трейдерів.

7 переглядів усьогоОпубліковано 2026.06.18Оновлено 2026.06.18

Як купити XAU

Ласкаво просимо до HTX.com! Ми зробили покупку Gold (XAU) простою та зручною. Дотримуйтесь нашої покрокової інструкції, щоб розпочати свою криптовалютну подорож.Крок 1: Створіть обліковий запис на HTXВикористовуйте свою електронну пошту або номер телефону, щоб зареєструвати обліковий запис на HTX безплатно. Пройдіть безпроблемну реєстрацію й отримайте доступ до всіх функцій.ЗареєструватисьКрок 2: Перейдіть до розділу Купити крипту і виберіть спосіб оплатиКредитна/дебетова картка: використовуйте вашу картку Visa або Mastercard, щоб миттєво купити Gold (XAU).Баланс: використовуйте кошти з балансу вашого рахунку HTX для безперешкодної торгівлі.Треті особи: ми додали популярні способи оплати, такі як Google Pay та Apple Pay, щоб підвищити зручність.P2P: Торгуйте безпосередньо з іншими користувачами на HTX.Позабіржова торгівля (OTC): ми пропонуємо індивідуальні послуги та конкурентні обмінні курси для трейдерів.Крок 3: Зберігайте свої Gold (XAU)Після придбання Gold (XAU) збережіть його у своєму обліковому записі на HTX. Крім того, ви можете відправити його в інше місце за допомогою блокчейн-переказу або використовувати його для торгівлі іншими криптовалютами.Крок 4: Торгівля Gold (XAU)Легко торгуйте Gold (XAU) на спотовому ринку HTX. Просто увійдіть до свого облікового запису, виберіть торгову пару, укладайте угоди та спостерігайте за ними в режимі реального часу. Ми пропонуємо зручний досвід як для початківців, так і для досвідчених трейдерів.

5 переглядів усьогоОпубліковано 2026.06.18Оновлено 2026.06.18

Обговорення

Ласкаво просимо до спільноти HTX. Тут ви можете бути в курсі останніх подій розвитку платформи та отримати доступ до професійної ринкової інформації. Нижче представлені думки користувачів щодо ціни A (A).