News 
Coin Information 
About us 
Customer Service 
A crypto user has reportedly lost nearly $50 million in USDT after falling victim to an address poisoning scam, one of the largest onchain thefts seen in recent months. The incident was flagged by Web3 security firm Web3 Antivirus and has since drawn widespread attention across the crypto community due to how quickly and deceptively the funds were stolen.
According to blockchain data and security analysts, the victim had received the $50 million in USDT less than an hour before the exploit occurred. Acting cautiously, the user first sent a small test transaction of $50 to verify the destination address. Shortly after this test transfer, a scammer created a wallet address designed to closely resemble the legitimate destination by matching the first and last characters. Since most crypto wallets abbreviate addresses and only display the prefix and suffix, the fake address appeared nearly identical at a glance.
The attacker then sent a tiny “dust” transaction to the victim’s wallet. This tactic poisoned the transaction history, making the fraudulent address appear alongside legitimate ones. Believing the address was correct, the victim copied it directly from their transaction history and unknowingly sent $49,999,950 USDT to the scammer’s wallet.
Address poisoning scams exploit human behavior rather than technical flaws, relying on copy-paste habits and partial address verification. Bots frequently send dust transactions to high-value wallets, hoping users will mistakenly reuse the wrong address. In this case, the tactic succeeded with devastating consequences.
After the theft, onchain data shows the stolen USDT was swapped for ether and routed through multiple wallets. Several of these wallets later interacted with Tornado Cash, a sanctioned crypto mixer, in an apparent attempt to obscure the trail and hinder recovery efforts.
In response, the victim posted an onchain message demanding the return of 98% of the stolen funds within 48 hours. The message offered the attacker $1 million as a white-hat bounty if the assets were returned and warned of legal escalation and international law enforcement involvement if ignored.
This $50 million USDT address poisoning scam serves as a stark reminder of the risks facing crypto users and underscores the importance of verifying full wallet addresses before every transaction, especially when dealing with large sums.
Comment 0