Crypto User Bleeds $2.5M in Brutal Copy-Paste Address Scam—Twice
Another day, another ’oops’ in the wild west of digital assets. This time? A painfully avoidable $2.5 million blunder.
How it happened: Some poor soul copied the same scammer’s deposit address not once, but twice—proving that even in decentralized finance, old-school human error still reigns supreme. The kicker? The transaction was irreversible before the victim even realized they’d been played.
Lesson learned: Triple-check those wallet addresses, folks. Or better yet—stick to platforms with built-in address whitelisting. Because while crypto cuts out the middleman, it also bypasses fraud protection. Funny how that works.
*Bonus jab: At least traditional banks wait until *after* you sign the paperwork to empty your account.
Copy-Paste Blunder Leads To Million-Dollar Loss
According to on-chain records, the victim first moved $838,611 in USDT to the right address (0x4668D1Fe87444a4d750…). A moment later, they clicked the wrong entry in their transaction history.
That misstep cost them 843,166 USDT at current prices. They tried once more. And again the funds went to the scammer’s account—and another $1.7 million vanished.
History Poisoning Trick Catches Many Off Guard
Based on reports from Scam Sniffer, scammers are using “transaction history poisoning” to pull off these cons. They send tiny “dust” transfers from look-alike addresses—just enough to clutter a wallet’s history.
Transaction History Poisoning:
1. Scammer sends fake/dust transfer with similar address 2. Their fake address appears in your history 3. You copy address from history thinking it’s legitimate 4. Funds get sent to scammer insteadhttps://t.co/S2lM8J8XWm
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 26, 2025
When users scroll back through past transactions, they can’t tell the real address from the bogus one. Copy. Paste. Gone. In this case, the attack address (0x4668EE748c88DA4FEc…) looked almost identical to the real one. And it showed zero balance, adding to the confusion.
Phishing Scams Remain HighApril’s phishing losses hit $5.29 million. That’s down 17% from March. But the number of victims climbed 26%, from 5,992 to 7,565 addresses. A single “whale” lost $1.43 million to a phishing signature. Back in March, the biggest haul was $1.82 million.
ScamSniffer April 2025 Phishing Report
April losses: $5.29M | 7,565 victims VS March: -17% in losses | +26% in victims
Key insight: Notable spike in victim count despite lower total losses. Largest attack netted $1.43M via phishing, followed by $700K from address poisoning… pic.twitter.com/mJbGgGyGrN
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 3, 2025
April’s second-largest attack saw one user lose $700,000 after copying the wrong address. Another person sent $150,000 by mistake. And wallet 0xEFc4f1d5 alone lost over $467,000 in a similar copy-paste trap.
New Threats From EIP-7702 UpgradeOn May 24, the phishing gang Inferno Drainer used Ethereum’s new EIP-7702 rules to steal almost $150,000 in one hit. EIP-7702 lets regular accounts act like smart contracts for a moment.
The scammers guided victims to approve a batch of hidden token transfers through a delegated MetaMask setup. One click opened the door for a silent “execute” command that drained the wallets in seconds.
Greed Breeds RiskCrypto markets are near $3.5 trillion in total value. Bitcoin hit a fresh all-time high of $111,900 on May 22. Traders are chasing big gains. That rush makes urgent moves, and urgent moves invite mistakes.
Featured image from Unsplash, chart from TradingView
