Lucía Peña
A crypto trader has suffered a nearly $50 million loss in USDT after falling prey to an address poisoning scam, a deceptively simple but increasingly effective scam, according to blockchain security researchers.
Onchain intelligence firm Lookonchain reported that on December 20, the victim mistakenly transferred 49,999,950 USDT to a scammer-controlled wallet shortly after withdrawing the funds from Binance and attempting to move them to a personal address.
Before sending the full balance, the trader followed standard security practice by executing a small test transfer of 50 USDT to the intended destination.
However, the attacker was running an automated spoofing script that immediately generated a lookalike wallet address mimicking the beginning and ending characters of the legitimate address. The fake wallet matched the first five and last four characters, while differences appeared only in the middle — a section many wallet interfaces truncate with ellipses.
The attacker then sent small transactions from the spoofed address to the victim’s wallet, polluting the transaction history. When the trader later copied an address from their history to complete the full transfer, they unknowingly selected the malicious duplicate, resulting in the massive loss.
Blockchain Data Confirms the Fatal Transfer
According to Etherscan, the initial test transaction occurred at 3:06 UTC, followed by the erroneous $50 million transfer just 26 minutes later at 3:32 UTC.
The tight timing suggests the attacker was actively monitoring the victim’s wallet and prepared to act instantly once the test transaction appeared onchain.
Stolen Funds Rapidly Laundered Through DeFi Tools
Blockchain security firm SlowMist reported that the attacker moved quickly to reduce traceability. Within 30 minutes, the stolen USDT was swapped entirely into DAI using MetaMask Swap.
This step was likely strategic, as Tether can freeze USDT in sanctioned wallets, while DAI operates without centralized issuer controls. The attacker then converted the DAI into approximately 16,690 ETH, depositing around 16,680 ETH into Tornado Cash to further obscure the transaction trail.
Victim Offers $1 Million Whitehat Bounty
In an effort to recover the assets, the victim sent an onchain message to the attacker, offering a $1 million whitehat bounty in exchange for the return of 98% of the stolen funds.
The message stated that a criminal case has been formally filed and claimed that law enforcement agencies, cybersecurity firms, and multiple blockchain protocols are already collaborating to identify those responsible.
Address Poisoning Attacks Are on the Rise
The incident mirrors a May 2024 attack in which an Ethereum user lost $71 million in wrapped bitcoin through a similar scheme. In that case, most of the funds were eventually recovered following onchain negotiations, raising cautious hope — though recovery becomes far more difficult once assets enter privacy mixers like Tornado Cash.
2025 Marks a Record Year for Crypto Theft
Security experts warn that address poisoning attacks are accelerating across major blockchains. In April, Casa co-founder and CSO Jameson Lopp identified 48,000 suspected address poisoning attempts on Bitcoin alone since 2023, urging wallet providers to implement clearer warnings for lookalike addresses.
Chainalysis data underscores the severity of the problem. Crypto thefts surpassed $3.4 billion in 2025, exceeding losses from 2024. Notably, the $1.4 billion Bybit exchange hack, attributed to North Korean threat actors, accounted for roughly 44% of total annual losses, earning the label “the largest crypto theft in history.”
