Copy-paste error in address poisoning scam leads to $50M USDt loss.
A transaction error led to one of the biggest onchain losses this year, after a user mistakenly sent nearly $50 million in USDt to a fraudulent address in what is known as an address poisoning attack.
According to onchain investigator Web3 Antivirus, the victim lost 49,999,950 USDt (USDT) after copying the malicious wallet address from their transaction history.
Address poisoning scams rely on the same wallet addresses entering the victim's transaction history in small transactions. When victims later copy an address from their transaction history, they may unwittingly choose an address that looks like the scammer's instead of the intended recipient.
Onchain data shows that the victim initially sent a small test transaction to the correct address. Minutes later, however, the entire $50 million transfer was sent to the poisoned address.
RELATED: Striker Takes Several Sig Minutes After Creation, Flows Up To $40M Slowly
Hidden address similarity to deceive experienced users
Security researcher Koss, co-founder of SlowMist, points out that the similarities between the addresses are subtle but enough to fool even experienced users. “You can see that the first 3 characters and the last 4 characters are the same,” he wrote.
According to Onchain's analysis, the victim's wallet was active for two years and was mainly used for USDt transfers. Shortly before the disappearance, the funds were withdrawn from Binance, which was actively operating the wallet at the time of the incident.
Another Onchain analyst said: “This is the harsh reality of address poisoning, an attack based on exploiting human habits rather than breaking a system.
The attacker has since converted the stolen USDt into Ether (ETH), distributed it to multiple wallets, and partially transferred it to Tornado Cash.
Related: Binance denies reports of delayed action on funds linked to Upbit hack
Crypto hacks will reach $3.4 billion by 2025
According to Cointelegraph, crypto-related hacks in 2018 They projected losses of $3.4 billion in 2025, the highest annual total since 2022. This increase was largely driven by a few targeting major crypto entities rather than a broader increase in average attack volume.
Three incidents account for 69 percent of all losses this year, with the $1.4 billion hack of crypto exchange Bybit accounting for just over half of the stolen funds.
Magazine: 2026 is the year of practical privacy in crypto – Canton, Zcash and more.
