|

Address Poisoning Scam: One Copy-Paste Mistake Cost a Crypto Trader $50 Million

😶‍🌫️

A crypto consumer misplaced almost $50 million in USDT to an deal with poisoning rip-off after copying a fraudulent pockets deal with from their transaction historical past, in keeping with blockchain safety agency SlowMist.

The sufferer transferred 49,999,950 USDT to an attacker-controlled deal with that intently mimicked their meant vacation spot, with matching first three and final 4 characters.

The stolen funds had been shortly transformed to ETH, distributed throughout a number of wallets, and partially funneled by means of Tornado Cash mixer.

According to the safety particulars, the sufferer’s pockets had been energetic for roughly 2 years and was primarily used for USDT transfers, with the compromised funds withdrawn from Binance shortly earlier than the poisoned switch.

Crypto Scams Hit $90 Billion

The incident got here up within the midst of a broader safety disaster gripping the cryptocurrency trade, which has now misplaced almost $90 billion to hacks and exploits since its inception.

November alone noticed over $276 million stolen, pushing 2025 losses past $9.1 billion, which means roughly 10% of all historic crypto losses have occurred throughout the previous 12 months.

Mitchell Amador, CEO of Immunefi, warned that the risk panorama is basically shifting.

The risk panorama is shifting from onchain code vulnerabilities to operational safety and treasury-level assaults,” he informed Cryptonews. “As code hardens, attackers goal the human component.”

Despite 2025 being the worst yr for hacks on file, Amador emphasised these losses stem from operational failures somewhat than sensible contract vulnerabilities.

While 2025 was the worst yr for hacks on file, these losses had been pushed primarily by conventional Web2 infrastructure failures and operational safety breakdowns, not onchain code,” he defined.

FBI Reports $9.3 Billion Lost to Investment Fraud

Americans misplaced roughly $9.3 billion to crypto funding schemes in 2024, marking a 66% enhance from the earlier yr, in keeping with FBI information.

Pig-butchering scams contributed over $9.9 billion globally, with Chainalysis information displaying exercise surged almost 40% in 2024.

U.S. Senators Elissa Slotkin and Jerry Moran introduced the SAFE Crypto Act, which proposes a federal activity pressure to coordinate authorities companies, regulation enforcement, and private-sector specialists to fight crypto-related fraud.

The laws requires approved stablecoin issuers to keep up technical capabilities to freeze or seize digital belongings tied to criminality.

Enforcement actions have intensified, with U.S. authorities asserting the largest crypto seizure ever in October, concentrating on Cambodia-based Prince Holding Group.

Tether also froze nearly $50 million in USDT linked to Southeast Asia pig-butchering rings, whereas Binance prevented 7.5 million customers from dropping nearly $10 billion to fraud between December 2022 and May 2025.

Human Factor Becomes Primary Attack Vector

Beyond refined scams, malware assaults proceed draining wallets, with a Singapore entrepreneur losing over $100,000 after downloading malicious software program disguised as a game-testing program.

A separate multisignature pockets breach earlier this month resulted in roughly $27.3 million being stolen by means of personal key compromise, with attackers laundering roughly $12.6 million by means of Tornado Cash.

Amador argued the trade should basically restructure its safety strategy.

Securing code isn’t sufficient if customers and operators stay susceptible,” he mentioned.

Web3 firms want to take a position much more in human-layer safety, and this implies coaching groups, tightening operational controls, and instantly educating customers on tips on how to spot rip-off messages, acknowledge social engineering makes an attempt, and shield their belongings onchain.

He famous that 99% of Web3 tasks function with out fundamental firewalls, whereas fewer than 10% deploy trendy AI-driven safety instruments.

Most hacks this yr haven’t occurred on account of poor audits,” Amador defined. “They’ve occurred after launch, throughout protocol upgrades, or by means of integration vulnerabilities—blind spots that audits alone can’t catch.

Despite the escalating losses, Amador maintained optimism about onchain code safety, predicting that 2026 would be the greatest yr but for sensible contract security because the trade continues to harden its technical infrastructure.

The publish Address Poisoning Scam: One Copy-Paste Mistake Cost a Crypto Trader $50 Million appeared first on Cryptonews.

Similar Posts