Synopsis: A single copy-paste mistake triggered a $50 million Ethereum address-poisoning scam, showing how human habits, not broken code, drive some of crypto’s largest losses.
On December 20, 2025, a user mistakenly sent 49,999,950 USDt to the wrong wallet with a single click. The funds disappeared instantly in a classic Ethereum address-poisoning attack.
The user believed they were transferring money to a trusted address, likely following a large withdrawal from Binance. Instead, they copied a fraudulent address that looked almost identical to the real one.
Investigators at Web3 Antivirus flagged the transaction as one of the largest on-chain losses of the year. The compromised wallet had been active for nearly two years and primarily handled large USDt transfers.
How the Trap Was Set
Address poisoning exploits human behavior rather than weaknesses in blockchain code. Scammers quietly monitor high-value wallets and wait for the perfect moment to strike. They create a new wallet whose first and last characters closely resemble a legitimate address. Since most wallet interfaces shorten addresses like “0x123…abcd,” the difference remains hidden in the middle.
Next, the attacker sends a tiny “dust” transaction from the fake address to the victim. This places the scam address into the victim’s transaction history, where it appears harmless and familiar.
Later, when the victim needs to send funds, they often copy an address from their history for convenience. One careless click can select the poisoned address instead of the genuine one.
The Fatal Copy-Paste
On-chain data shows the victim initially acted with caution. They sent a small test transfer of about $50 USDt to the correct address to confirm everything worked.
Minutes later, they prepared the main transaction worth nearly $50 million. They likely returned to their history, copied what they believed was the same address, and unknowingly pasted the scammer’s lookalike.
SlowMist founder Cos noted that both addresses shared the same first three and last four characters. That small similarity was enough to deceive even an experienced user glancing quickly. Although the full 42-character addresses differed in the middle, wallet UI abbreviations hid the mismatch. Trusting the shortened display ultimately turned into a $50 million mistake.
Laundering the Stolen Funds
Once the funds landed, the attacker acted with machine-like speed. Within roughly 30 minutes, they began converting the stolen USDt. They swapped most of it into Ether, and possibly DAI, using tools such as MetaMask Swap. This move reduced the chance of Tether freezing the funds at the contract level.
The attacker then split the assets across multiple wallets and routed most of the Ether through Tornado Cash. The mixer severed the transaction trail, making recovery extremely difficult.
The victim made one final attempt by embedding a public message in a zero-value transaction. They announced a criminal complaint, shared an email address, and offered a $1 million white-hat bounty for the return of 98% of the funds within 48 hours.
However, once assets pass through Tornado Cash and similar mixers, tracing becomes nearly impossible. As of late December, there are no public signs of refunds or arrests linked to the theft.
A Warning in a Record-Loss Year
This single error unfolded against a grim backdrop for crypto security. In 2025, total crypto thefts reached about $3.4 billion, the highest level since 2022. Most losses came from a handful of massive breaches, including a roughly $1.4 billion hack at Bybit. Just three major incidents accounted for nearly 69% of all stolen funds this year.
At the same time, personal-wallet scams like address poisoning are increasing. Analysts say these habit-based attacks now represent a growing share of wallet drains in 2025. Security researchers describe address poisoning as especially brutal. It bypasses cryptography entirely and instead exploits speed, routine, and trust in transaction history.
How Users Can Protect Themselves
This case shows that even careful users can fall into simple behavioral traps. Still, a few strict habits can significantly reduce the risk.
- First, never rely solely on transaction history. Always verify the full 42-character address, not just the beginning and end shown on the screen.
- Second, treat dust transactions with suspicion. Unsolicited tiny deposits often signal an attempt to poison your history.
- Third, use wallet-security tools whenever possible. Extensions like Web3 Antivirus and services such as GoPlus can flag risky addresses in real time.
- Finally, keep using test transfers, but re-check the address before every large send. One extra glance at the full string is worth more than any time saved.
In the end, this $50 million loss delivers a stark reminder. Blockchain systems may be secure by design, but a single rushed copy-paste can still wipe out a lifetime of wealth.
Written By Fazal Ul Vahab C H
