Crypto User Loses $50M USDT In Address Poisoning Attack – Details

An unsuspecting crypto consumer has not too long ago misplaced $50 million USDT in an handle poisoning rip-off. The incident represents one of many largest on-chain losses in 2025, drawing reactions from crypto safety consultants as new developments on the matter roll in.

Copy-Paste Mistake Costs User 50M USDT

Address poisoning is a rip-off through which an attacker sends small transactions from a pockets handle that intently resembles a sufferer’s legit handle, hoping the sufferer will later copy the fallacious handle from their transaction historical past and unknowingly ship funds to the attacker.

Blockchain safety web page, Web3 Antivirus reports {that a} crypto consumer not too long ago fell sufferer to this rip-off, sending 49,999,950 USDT to a poisoned handle copied from transaction historical past. Considering the big transaction, the consumer had tried taking warning by sending a small take a look at transaction to the proper handle. However, the character of handle poisoning requires shut monitoring, the place attackers are capable of instantly ship mud transactions from wallets resembling the meant handle.

Cos, founding father of fellow safety platform Slowmist, provided beneficial insights on this operation, noting the similarity between each addresses, which shared the identical first 3 characters and final 4 characters. The sufferer unknowingly picked the poisoned handle from the transaction historical past to finish the $50 million, thus marking one of many largest on-chain particular person losses of 2025. 

More knowledge from Web3 Antivirus reveals that the sufferer pockets has been energetic on-chain for about two years and is primarily used for USDT transfers. The stolen $50 million was additionally initially withdrawn from Binance earlier than the rip-off occurred. Notably, the stolen USDT has since been transformed to ETH by the attackers and shared amongst a number of wallets, who’ve additionally funneled a number of the loot by means of Tornado Cash.

Address Poisoning Victim Offers Bounty With 48-Hour Ultimatum

In different information, blockchain investigator Specter Analyst experiences that the sufferer has tried to ascertain communication with the attackers through an on-chain message. 

According to an X post on December 20, the sufferer claims to have filed a prison grievance case whereas additionally enlisting the related regulation enforcement, cybersecurity, and blockchain protocols to supply wanted intelligence on the scammer’s actions. Furthermore, all six addresses related to the heist are actually underneath fixed surveillance. However, the aggrieved occasion is providing the perpetrators of the handle poisoning a peaceable decision, which entails the prepared return of 98% of the loot to a specified handle inside 48 hours.

Notably, the sufferer will permit the dangerous actors to maintain $1 million as a bug bounty for recognizing such a vulnerability of their operations. However, they warn that failure to just accept the amicable supply inside the stipulated time will end in authorized escalation of the matter to worldwide regulation enforcement authorities. They additional warn that the attackers’ identities shall be revealed and shared with the related businesses to assist their arrest and persecution. At press time, whole crypto losses in 2025 have surpassed $3.4 billion, underscoring the necessity for frequently strengthened safety measures inside the thriving ecosystem.