In a shocking reminder of the perils lurking in the crypto world, a trader accidentally transferred nearly $50 million in USDT to a scammer’s wallet due to a simple copy-paste error in an address poisoning attack. This incident, uncovered by on-chain investigators, highlights how even seasoned users can fall victim to sophisticated yet low-tech scams that exploit human habits rather than hacking systems.
The Anatomy of the Address Poisoning Scam
Address poisoning scams work by injecting fake, look-alike wallet addresses into a victim’s transaction history through tiny, unsolicited transfers. In this case, the victim—whose wallet had been active for about two years and mainly handled USDT—copied what they thought was the correct address from their history. But it was a poisoned one, sharing the first three and last four characters with the legitimate target. After sending a small test transaction successfully, the trader hit send on the full 49,999,950 USDT amount just minutes later, sealing the devastating loss.
From Binance Withdrawal to Ether Swap
The funds had been freshly withdrawn from Binance, indicating the wallet was under active management. Security expert Cos from SlowMist pointed out the subtle similarities that make these deceptions so effective: “You can see the first 3 characters and last 4 characters are the same.” Once in the scammer’s hands, the stolen USDT was quickly swapped for Ether, dispersed across multiple wallets, and partially funneled through Tornado Cash to obscure the trail.
A Broader Wave of Crypto Carnage
This $50 million mishap adds to the grim tally of 2025’s crypto hacks, which totaled a staggering $3.4 billion—the highest since 2022. Unlike widespread small-scale attacks, this year’s losses were dominated by a few mega-breaches, with three incidents alone accounting for 69% of the damage, including the $1.4 billion Bybit heist. As one on-chain analyst lamented, “This is the brutal reality of address poisoning, an attack that doesn’t rely on breaking systems, but on exploiting human habits.”
Lessons for Safeguarding Your Crypto Assets
To avoid such pitfalls, experts urge users to double-check addresses manually rather than relying on copy-paste, use hardware wallets for added security, and enable transaction confirmations. In an ecosystem where a single slip can erase fortunes, vigilance remains the ultimate defense against these insidious threats.