Blockchain records show the stolen funds were swapped for Ethereum and distributed across multiple wallets.
Crypto Hack News
A crypto holder lost $50 million in USDT after copying a fraudulent wallet address from their transaction history. The theft occurred less than one hour after funds arrived in the victim's wallet, making it one of the largest address poisoning scams recorded on-chain.
Web3 security firm Web3 Antivirus identified the exploit after monitoring blockchain activity. The victim initially sent a $50 test transaction to verify the correct destination address. Within minutes, a scammer deployed a wallet matching the first and last characters of the intended recipient, exploiting how most wallets display abbreviated addresses showing only prefixes and suffixes.
The attacker sent a tiny dust amount to the victim's address, poisoning the transaction history with the fraudulent wallet. The victim then copied what appeared to be the legitimate address and transferred $49,999,950 in USDT to the scammer's wallet. Bots conducting these dust transactions target addresses with large holdings, casting a wide net in hopes of catching copy-paste errors.
Blockchain records show the stolen funds were swapped for Ethereum and distributed across multiple wallets. Several addresses involved subsequently interacted with Tornado Cash, a sanctioned crypto mixer used to obscure transaction trails. The AddressPoisoning technique exploits user behavior rather than code vulnerabilities, relying on partial address matching and copy-pasting from transaction records.
The victim published an on-chain message demanding the return of 98% of stolen funds within 48 hours. The message offers the attacker a $1 million white-hat bounty for full repayment and threatens legal action through international law enforcement channels. The deadline warning states failure to comply will trigger criminal charges.
The exploit demonstrates risks facing crypto users who rely on transaction history for address verification. Address poisoning requires no technical breaches in cryptography or smart contracts. The scam depends entirely on users failing to verify complete wallet addresses before executing large transfers.
Security experts note these dust transactions frequently target high-value wallets. Scammers send nominal amounts hoping recipients will use poisoned addresses when making future payments. The attack succeeded in this case despite the victim taking the precaution of sending a test transaction first.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
