Crypto Trader Loses $50 Million in Address Poisoning Scam
A crypto user recently lost nearly $50 million in USDT due to an address poisoning scam, according to blockchain security firm SlowMist. The victim transferred 49,999,950 USDT to an address controlled by the attacker, which was very similar to the intended destination, matching the first three and last four characters.
The stolen funds were quickly converted into ETH, distributed across multiple wallets, and partially routed through the Tornado Cash Mixer. The victim’s wallet had been active for about two years, primarily used for USDT transfers, with the compromised funds withdrawn from Binance shortly before the manipulated transfer.
This player was poisoned by an address with a similar first and last number and lost almost 50 million USDT…
Player address:
0xcB80784ef74C98A89b6Ab8D96ebE890859600819
Poisoning address:
0xBaFF2F13638C04B10F8119760B2D2aE86b08f8b5
The address expected by players:
0xbaf4b1aF7E3B560d937DA0458514552B6495F8b5
//You can see that the first 3 characters and the last 4 characters are the same
Crypto Scams Reach $90 Billion
The incident comes amid a broader security crisis in the cryptocurrency industry, which has lost nearly $90 billion to hacks and exploits since its inception. Over $276 million was stolen in November alone, bringing losses in 2025 to over $9.1 billion, meaning around 10% of all historical crypto losses occurred within the last 12 months.
Mitchell Amador, CEO of Immunefi, warned that the threat landscape is fundamentally changing. “The threat landscape is shifting from on-chain code vulnerabilities to operational security and financial level attacks,” he told Cryptonews. “As the code hardens, attackers target the human element.”
FBI Reports $9.3 Billion Lost to Investment Fraud
According to FBI data, Americans lost about $9.3 billion through crypto investment programs in 2024, a 66% increase from the previous year. Pig slaughter scams contributed over $9.9 billion worldwide, with Chainalysis data showing activity increasing by nearly 40% in 2024.
U.S. Senators Elissa Slotkin and Jerry Moran introduced the SAFE Crypto Act, which would create a federal task force to coordinate government agencies, law enforcement, and private sector experts to combat crypto fraud. The legislation requires authorized stablecoin issuers to have technical capabilities to freeze or confiscate digital assets related to illegal activities.
Human Factor Becomes Primary Attack Vector
Beyond sophisticated scams, malware attacks continue to put a strain on wallets. A Singapore entrepreneur lost over $100,000 after downloading malware disguised as a game testing program. A separate breach of a multi-signature wallet earlier this month resulted in approximately $27.3 million being stolen through private key compromise, with attackers laundering approximately $12.6 million using Tornado Cash.
Amador argued that the industry needs to fundamentally restructure its approach to security. “Securing the code is not enough if users and operators remain vulnerable” he said. “Web3 companies need to invest much more in human-level security, and that means training teams, tightening operational controls, and directly training users on how to spot scam messages, recognize social engineering attempts, and protect their on-chain assets.”
For more information, visit the original article at https://cryptonews.com/news/address-poisoning-scam-one-copy-paste-mistake-cost-a-crypto-trader-50-million/
