A simple copy of an address causes an investor to lose 50M

A single mishandling proved extremely costly, a simple mistake in the crypto space led to one of the biggest on-chain losses of 2025. A user accidentally sent nearly 50 million USDT to a fraudulent address, highlighting how a simple mistake can have huge consequences. The loss came from an address poisoning attack, a tactic where scammers trick users into sending funds to malicious wallets. In this case, the incident shows how reliance on convenience in wallet address management can prove extremely costly.

Small Test Transfer Leads to Loss of 50M USDT

An on-chain Web3 Antivirus investigator shared on X that the victim lost 49,999,950 USDT after unintentionally copying a fraudulent wallet address from their transaction history. The user first made a small test transfer to what he thought was the correct address before sending the entire $50 million a few minutes later. While the initial transfer seemed harmless, it set the stage for a significant loss.

EyeOnChain, an on-chain analyst, explained that the scam exploited the initial test transaction of 50 USDT. The attacker then created a wallet almost identical to the original, keeping the first and last characters the same while taking advantage of wallet interfaces which hide the middle section with “…”. When the victim later tried to send the remaining 49,999,950 USDT, they copied the address from the transaction history instead of verifying it manually. Trusting the familiar start and end characters, the user unknowingly sent the entire thing to the scammer's wallet. This sequence of events makes it one of the biggest on-chain scam losses recorded this year.

Shortly after receiving the stolen funds, the attacker acted quickly to hide them: in less than 30 minuteshe swapped 50 million USDT for DAI via MetaMask Swap, converted all the DAI into 16,690 ETH, and deposited 16,680 ETH into Tornado Cash, effectively masking the assets.

Victim Response and the Mechanics of Address Poisoning

After the loss, the victim posted an on-chain alert demanding that 98% of the stolen funds be returned within 48 hours, including legal warnings and offering a $1 million reward for full return. Analysis of the wallet showed that it had been active for approximately two years and primarily handled transfers of USDT, with the funds having been withdrawn from Binance shortly before the incident.

Typically, address poisoning does not exploit flaws in smart contracts or cryptography. Rather, it takes advantage of users' usual behaviors. How does this happen then?

• The scammer initiates a small transfer or dust transfer using a wallet that closely resembles the intended recipient, making it legitimate at first glance.
• This fraudulent address then appears in the victim's transaction history, blending in with other past transactions and creating a false sense of security.
• When the user copies this address from their history to send funds, they inadvertently transfer the assets to the attacker instead of the correct recipient.

The risks illustrated by cases like this reflect a broader increase in attacks in the crypto space. The year 2025 has been particularly active for malicious actors targeting crypto platforms. Tremplin.io reported that hacks in the sector led to $3.4 billion in losses, marking the highest annual total since 2022. Most of the damage came from a small number of large attacks, with just three breaches making up 69% of the total value stolen.