Crypto User Duped Out of Nearly $50 Million in Address Poisoning Scam

Crypto Address Poisoning Leads to Massive Heist

In the ever-evolving world of cryptocurrency, where fortunes can be made—and lost—in the blink of an eye, a recent $50 million scam is a stark reminder of the heightened risks investors face. This case centers around a classic con known as address poisoning, a deceptively simple tactic that continues to ensnare even the most cautious of crypto enthusiasts.

The Incident

On December 20, a significant investor in cryptocurrency suffered a staggering loss of 49,999,950 USDT due to a well-executed address poisoning attack. According to data from Lookonchain, this unfortunate incident occurred when the victim aimed to transfer their funds from Binance to their wallet. Prior to sending the full amount, the individual followed standard safety protocols and performed a small test transfer of 50 USDT to verify the recipient address. Unfortunately, this is where the hacker strategically intervened.

The Attack Unfolds

To execute the scam, an automated bot created an almost identical wallet address, closely resembling the victim’s actual wallet. The imposter’s address featured the same first five and last four characters while cleverly obscuring the middle section with dots—making it harder to detect the forgery during the copy-paste process. Once the hacker sent small amounts to the victim’s wallet, they effectively "poisoned" it, leading the victim to believe they were still using their legitimate address.

Blockchain records reveal that the initial test transfer occurred at 03:06 UTC, only to be followed by a substantial transfer of nearly $50 million at 03:32 UTC—just 26 minutes later. This rapid execution exemplifies how quickly these scams can unfold.

Swift Action by the Hacker

According to analyses by security companies, the hacker was remarkably swift. Within half an hour of the successful transfer, they exchanged the stolen USDT for DAI using MetaMask Swap, cleverly sidestepping quick recovery efforts as USDT can be frozen, while DAI cannot. The attacker then proceeded to convert the DAI into approximately 16,690 ETH and funneled around 16,680 ETH into the Tornado Cash mixer, obscuring the transaction trail further and complicating potential recovery efforts.

A Million Dollar Offer

In a dramatic twist, the victim attempted to negotiate with the perpetrator by posting a message via the blockchain, offering a $1 million reward for the safe return of 98% of the stolen funds. This message also included a warning that law enforcement agencies were collaborating to track the criminal’s activities, armed with clear intelligence.

While this isn’t the first instance of an address poisoning scheme, the circumstances surrounding it raise important questions. Earlier in May 2024, another victim lost $71 million worth of wrapped Bitcoin, which was eventually recovered. However, given that the stolen assets from this incident are now held anonymously in Tornado Cash, whether a similar outcome awaits this victim remains uncertain.

The Rise of Address Poisoning Attacks

Experts highlight that address poisoning attacks are on the rise, with increased occurrences reported across various blockchain networks. Jameson Lopp, co-founder of Casa and a noted security expert, has pointed to tens of thousands of suspected Bitcoin cases since 2023. He emphasizes the necessity for wallet applications to incorporate alerts when a suspicious address closely resembles a previously used address, serving as a crucial safeguard for users.

Crypto Heists Surge in 2025

The theft in this case is part of a broader surge in crypto crimes, which have already totaled over $3.4 billion in 2025 alone. This impressive figure overtakes the total for 2024, with a staggering $1.4 billion linked to the Bybit hack, attributed to North Korean hackers. Dubbed “the largest crypto heist on record” by Elliptic, this incident highlights the escalating scale and sophistication of cybercrime in the realm of cryptocurrencies.

Final Thoughts

As cryptocurrency becomes increasingly popular and sophisticated, users must remain vigilant against potential scams. This particular incident serves as a potent reminder that even the most routine actions, like copying and pasting wallet addresses, can expose significant vulnerabilities. Moreover, as technology evolves, so too do the tactics employed by fraudsters, meaning that a proactive approach to security is more critical than ever in navigating the crypto landscape.