USDT Holder Loses $50 Million in One-Hour Address Poisoning Scam


A crypto holder lost $50 million in $USDT after copying a fraudulent wallet address from their transaction history. The theft occurred less than one hour after funds arrived in the victim's wallet, making it one of the largest address poisoning scams recorded on-chain.


Web3 #security firm Web3 Antivirus identified the exploit after monitoring blockchain activity. The victim initially sent a $50 test transaction to verify the correct destination address. Within minutes, a #scammer deployed a wallet matching the first and last characters of the intended recipient, exploiting how most wallets display abbreviated addresses showing only prefixes and suffixes.


The #attacker sent a tiny dust amount to the victim's address, poisoning the transaction history with the fraudulent wallet. The victim then copied what appeared to be the legitimate address and transferred $49,999,950 in $USDT to the scammer's wallet. Bots conducting these dust transactions target addresses with large holdings, casting a wide net in hopes of catching copy-paste errors.


Blockchain records show the stolen funds were swapped for $ETH and distributed across multiple wallets. Several addresses involved subsequently interacted with Tornado Cash, a sanctioned crypto mixer used to obscure transaction trails. The #AddressPoisoning technique exploits user behavior rather than code vulnerabilities, relying on partial address matching and #copy-pasting from transaction records.


The victim published an on-chain message demanding the return of 98% of stolen funds within 48 hours. The message offers the attacker a $1 million white-hat bounty for full repayment and threatens legal action through international law enforcement channels. The deadline warning states failure to comply will trigger criminal charges.

image
December 22, 2025 at 2:11 AM
17
3