$50M USDT Lost in a Flash: How Address Poisoning Exploited a Simple Wallet Error

With one wrong move proving extremely costly, a single slip in the crypto space led to one of the largest on-chain losses of 2025. A user accidentally sent nearly $50 million in USDT to a fraudulent address, highlighting how a simple error can carry enormous consequences. The loss stemmed from an address poisoning attack, a tactic where scammers trick users into sending funds to malicious wallets. In this case, the incident shows how reliance on convenience in handling wallet addresses can prove extremely expensive.

Small Test Transfer Leads to $50M USDT Loss

On-chain investigator Web3 Antivirus shared on X that the victim lost 49,999,950 USDT after inadvertently copying a fraudulent wallet address from their transaction history. The user had first carried out a small test transfer to what they believed was the correct address before sending the full $50 million minutes later. While the initial transfer seemed harmless, it set the stage for a significant loss.

EyeOnChain, an on-chain analyst, explained that the scam leveraged the initial $50 USDT test transaction. The attacker then created a wallet nearly identical to the original, keeping the first and last characters the same while taking advantage of wallet interfaces that hide the middle section with “…”. When the victim later attempted to send the remaining 49,999,950 USDT, they copied the address from transaction history instead of manually verifying it. Trusting the familiar start and end characters, the user unknowingly sent the full amount to the scammer’s wallet. This sequence of events made it one of the largest on-chain scam losses recorded this year.

Shortly after receiving the stolen funds, the attacker moved quickly to obscure them: within 30 minutes, they swapped 50 million USDT to DAI using MetaMask Swap, converted all DAI into 16,690 ETH, and deposited 16,680 ETH into Tornado Cash, effectively hiding the assets.

The Victim’s Response and the Mechanics of Address Poisoning

Following the loss, the victim posted an on-chain alert calling for 98% of the stolen funds to be returned within 48 hours, including legal warnings and offering a $1 million white-hat reward if the attacker returned the full amount. Analysis of the wallet showed it had been active for roughly two years and primarily handled USDT transfers, with the funds having been withdrawn from Binance shortly before the incident.

Typically, address poisoning does not exploit flaws in smart contracts or cryptography. Instead, it preys on common user behaviors. How then does it occur?

• The scammer initiates a small or dust transfer using a wallet that closely resembles the intended recipient, making it appear legitimate at first glance.
• This fraudulent address then shows up in the victim’s transaction history, blending in with other past transactions and creating a false sense of security.
• When the user copies this address from their history to send funds, they inadvertently transfer the assets to the attacker instead of the correct recipient.

The risks illustrated by cases like this reflect a wider surge in attacks across the crypto space. The year 2025 has been particularly active for malicious actors targeting crypto platforms. Cointribune reported that hacks across the sector led to $3.4 billion in losses, marking the highest annual total since 2022. Most of the damage came from a small number of major attacks, with just three breaches making up 69% of the total value stolen.