A striking incident has occurred in the cryptocurrency market demonstrating just how devastating address poisoning attacks can be. One user lost approximately $50 million worth of USDT due to a small mistake made during a copy-paste operation.
In this incident, the victim’s address (0xcB80) performed a test transfer of 50 USDT, a common security measure before the actual 50 million USDT transfer. This test transfer was made to the victim’s own wallet address. However, immediately after this transaction, the attackers intervened. The scammer created a fake wallet address with the same first and last four characters as the victim’s address and made it visible on the blockchain.
The fact that many wallet applications hide the middle part of addresses with “…” in their user interfaces played a critical role in the success of the attack. Since most users only look at the starting and ending characters when checking the address, the victim inadvertently copied the fake address from the transaction history during the remaining 49,999,950 USDT transfer. As a result, the massive amount was sent directly to the scammer’s wallet.
On-chain data shows that the stolen funds were quickly laundered through Tornado Cash, making the chances of recovery almost zero.
Experts point out that this incident is an extremely painful but instructive lesson for crypto users. Relying on transaction history when copying addresses carries serious risks, especially with large-value transfers. It is recommended to manually check the entire address before each transfer, use an address book (whitelist) if possible, and avoid sending large sums at once.
*This is not investment advice.