Copy-Paste Mistake Leads to $50M USDt Loss in Address Poisoning Scam
A user lost nearly $50 million in USDt in one of the largest onchain losses of the year after falling victim to an address poisoning scam. The user mistakenly copied a scammer’s lookalike wallet address from their transaction history, sending $49,999,950 to the wrong address. Address poisoning works by inserting similar-looking addresses into transaction histories through small transfers, causing users to later confuse them for legitimate addresses. The victim, an experienced user whose wallet had been active for two years, first sent a test transaction to the correct address but then sent the full amount to the scam address. The attacker swapped the stolen USDt for Ether, distributed it across multiple wallets, and partially laundered it through Tornado Cash. Onchain analysts emphasize that address poisoning exploits human error rather than technical system flaws. In 2025, crypto hacks totaled $3.4 billion, with just three incidents accounting for 69% of losses, including a $1.4 billion Bybit hack.
