Copy-Paste Error Causes $50M USDt Loss in Address Poisoning Scam

Major On-Chain Losses Highlight Ongoing Crypto Security Risks

In a stark reminder of the persistent dangers within the cryptocurrency space, a significant scam incident recently led to a $50 million USDt loss due to address poisoning. The victim mistakenly transferred the full amount to a malicious wallet after copying the wrong address from their transaction history, a classic behavioral deception tactic.

Address poisoning scams trick users by embedding scam addresses that look deceptively similar to legitimate ones into transaction histories. This technical fraud exploits familiar human habits rather than direct software vulnerabilities, increasing risk even for experienced crypto users. Security researcher Cos, founder of SlowMist, explained: "You can see the first three characters and last four characters are the same," underscoring how slight address overlaps confuse users.

How the Scam Took Place: Timeline and Methods

The victim's wallet, active for roughly two years and primarily used for USDt transactions, had recent withdrawals from Binance before the loss, indicating active fund management. Initially, a small legitimate transfer preceded the theft, after which the scammer's lookalike address was mistakenly copied and the $50 million USDt was sent.

Once in possession of the funds, the attacker swiftly converted USDt to Ether (ETH), dispersing it across multiple wallets. A portion was then funnelled into Tornado Cash, a privacy-focused mixer, complicating forensic tracking efforts. These laundering methods underscore evolving strategies criminals employ to obscure stolen assets.

Technical Breakdown of Address Poisoning Scams

Address poisoning relies on the presence of malicious addresses appearing alongside genuine addresses in transaction histories or wallets’ autofill lists. Because wallet addresses in Ethereum and related blockchains are long alpha-numeric strings, users often rely on copy-pasting rather than manually typing them.

This scam inserts carefully crafted addresses that share key segments with legitimate ones, increasing the likelihood of mistaken transfers. Automated tools or transaction logs displaying these malicious addresses can mislead victims into selecting the wrong recipient.

Key technical points:

• Wallet addresses commonly share prefixes or suffixes, exploited here by scammers.
• Small legitimate test transfers are often made first to build a trusted-looking history.
• Subsequent large transfers to poisoned addresses complete the fraud.

Broader Context: Rising Crypto Scams and Losses in 2025

The $50 million USDt theft is part of a troubling trend of increasing crypto-related fraud and hacks in 2025. Year-to-date, losses from hacks and scams reached approximately $3.4 billion, with a handful of major breaches, such as the $1.4 billion Bybit derivatives platform hack, driving much of the impact.

These incidents erode user confidence and present ongoing challenges for crypto security practitioners. As scammers become more sophisticated, behavioral vulnerabilities like address poisoning require heightened awareness and preventive measures.

Metric	Value	Notes
Total USDt Lost	$50,000,000	Loss in this specific scam
Activity of Victim Wallet	2 years	Focused mainly on USDt transfers
Major 2025 Crypto Losses	$3.4 billion	Total year-to-date industry losses
Bybit Platform Hack	$1.4 billion	One of 3 largest breaches
Laundering via Tornado Cash	Partial funds	Privacy mixer complicates trace

Expert Perspectives on the Scam

Cos, SlowMist founder, stated: "The scam's success lies in exploiting natural copying habits with maliciously similar addresses. These subtle differences are not obvious at a glance, making it a potent trap even for seasoned professionals."

Blockchain security analyst Laura Kim added: "This incident highlights how human factors are a critical weak point in crypto security. Wallet providers and exchanges must implement stronger safeguards to prevent address poisoning exploits."

What Can Crypto Users Learn? Best Practices to Avoid Address Poisoning

• Always verify wallet addresses by cross-referencing multiple sources before sending large transactions.
• Use wallet address whitelisting or saved contacts features rather than copying from transaction histories.
• Employ hardware wallets and multi-factor authentication to add layers of security.
• Be cautious of small unsolicited test transactions; confirm legitimacy before proceeding.

Frequently Asked Questions About Address Poisoning Scams

Final Takeaway

This $50 million USDt loss due to an address poisoning scam vividly illustrates the complex security risks arising at the intersection of human behavior and technical vulnerabilities in cryptocurrency transactions. As attackers refine methods to exploit copy-paste errors and device autofills, the industry must bolster both technological safeguards and user education.

While these scams currently deepen mistrust in crypto’s security ecosystem, increased awareness and protective measures can mitigate such high-value frauds going forward, even as laundering tactics like Tornado Cash add layers of complexity to forensic efforts.