$50M USDT stolen after victim falls for address-poisoning attack

A cryptocurrency trader lost nearly $50 million in USDT to an address poisoning scam on December 20, 2025.

The victim transferred 49,999,950 USDT to a fraudulent address copied from transaction history.

The entire theft happened in under one hour. SlowMist monitoring reported that the stolen funds were rapidly converted to Ethereum, dispersed across multiple wallets, and partially laundered through Tornado Cash.

The victim posted an on-chain message demanding return of 98% of the stolen funds within 48 hours.

The victim also offered the attacker $1 million as a white-hat bounty while threatening legal and international law enforcement action.

Crypto attack exploited transaction history

The victim withdrew $50 million from Binance shortly before the attack occurred. Following standard security practices, the user first sent a small test transaction of 50 USDT to the intended recipient address.

Minutes later, the attacker had already injected a fraudulent address into the victim’s transaction history through a dust transaction of 0.005 USDT.

When the victim returned to send the full amount, they copied what appeared to be their destination address from recent transactions.

The spoofed address matched the legitimate one in the first three and last four characters.

The wallet had been active on-chain for approximately two years and was mainly used for USDT transfers.

On-chain analysis suggests attackers were monitoring whale wallet movements, waiting for large transfers to execute the scam.

Address poisoning reaches $3.4 billion in 2025 losses

The $50 million theft is a fraction of 2025’s total address poisoning damage. The year has seen $3.4 billion in confirmed losses from address poisoning attacks across the cryptocurrency ecosystem.

Over 158,000 personal wallets have been compromised, affecting 80,000 unique victims. September 2025 alone documented 32,290 suspicious poisoning events across multiple blockchain networks, impacting 6,516 unique victims.

Researchers have tracked over 270 million poisoning attempts across Ethereum and Binance Smart Chain.

Confirmed losses specifically attributed to address poisoning techniques exceed $83.8 million beyond the headline incidents.

Scammers monitor blockchain activity for high-value transfers, then immediately inject poisoned addresses that appear in victims’ transaction histories at opportune moments.