Crypto User Loses $50 Million in Address Poisoning Scam
A crypto user lost $50 million in USDT through an address poisoning scam. The scammer created a wallet address closely resembling the intended destination, matching the first and last characters to deceive the victim. A dust transaction was sent to the victim's history to seed a copy-paste error. The victim then copied the address from this history and mistakenly sent 49,999,950 USDT to the scammer. After the theft, stolen funds were swapped for ETH valued at approximately $2,963.98 and moved across multiple wallets. Some addresses involved interacted with Tornado Cash to obfuscate the activity. The theft was detected by Web3 Antivirus and occurred after the victim sent a $50 test transaction to verify the destination address. The victim posted an on-chain message demanding 98% of the funds be returned within 48 hours, offering a $1 million white-hat bounty, and warning of legal escalation. This attack exploits user habits such as partial address matching and copying from history rather than any weakness in code or cryptographic vulnerabilities.
