A Devastating Case of Address Poisoning: $50 Million Lost in a Single Transaction Error
A single transaction error led to one of the largest on-chain losses this year after a user mistakenly sent nearly $50 million to a fraud address in a classic address poisoning attack. According to on-chain investigator Web3 Antivirus, the victim lost $49,999,950 USDt (USDT) after copying a malicious wallet address from his transaction history.
Address poisoning scams involve inserting similar wallet addresses into a victim’s transaction history via small transfers. When victims later copy an address from their transaction history, they may unknowingly select the fraudster’s duplicate address instead of the intended recipient. Onchain data shows that the victim initially sent a small test transaction to the correct address. However, minutes later, the full $50 million transfer was sent to the poisoned address.
User falls victim to a poisoning scam. Source: Web3 Antivirus
Related: The attacker takes over Multisig a few minutes after it is created and slowly consumes up to $40 million
Subtle Address Similarity Enough to Fool Experienced Users
Security researcher Cos, founder of SlowMist, noted that the similarity between the addresses was subtle but enough to fool even experienced users. “You can see that the first three characters and the last four characters are the same,” he wrote. According to on-chain analysis, the victim’s wallet had been active for about two years and was primarily used for USDt transfers. Shortly before the loss, the funds were withdrawn from Binance, indicating that the wallet was actively managed at the time of the incident.
“This is the brutal reality of address poisoning, an attack based not on destroying systems but on exploiting human habits,” another on-chain analyst wrote. Since then, the attacker has exchanged the stolen USDt for Ether (ETH), split it across multiple wallets and partially moved it to Tornado Cash.
Related: Binance denies reports of delayed action on funds related to the Upbit hack
Crypto Hacks Resulted in $3.4 Billion in Losses in 2025
As Cointelegraph reported, crypto-related hacks resulted in $3.4 billion in losses in 2025, the highest annual total since 2022. The increase was largely due to a handful of massive security breaches against major crypto companies, rather than a broad increase in average attack size. Just three incidents accounted for 69% of total losses this year, led by the $1.4 billion hack of crypto exchange Bybit, which alone accounted for nearly half of all funds stolen.
Magazine: 2026 is the year of pragmatic privacy in crypto – Canton, Zcash and more
For more information on this incident and the latest news on cryptocurrency and blockchain, visit Cointelegraph.
