Poisoning Scam Attackers Strike Again: Victim Loses $500K in Latest Crypto Heist
Another day, another half-million vanishes into the digital ether.
The Setup: Baiting the Hook
Poisoning scams don't need to hack the blockchain—they just hack human attention. Attackers generate wallet addresses nearly identical to a target's, relying on a copied-and-pasted mistake. One wrong character, and funds flow irrevocably to the wrong destination. It's social engineering at its most brutally simple.
The Execution: A Costly Mistake
The latest victim learned this the hard way, parting with $500,000 in a single, erroneous transaction. The speed is staggering. No smart contract exploit, no complex bridge attack—just a moment of inattention exploited with surgical precision. The attackers, once funded, immediately scatter the assets through mixers and decentralized exchanges, leaving a cold trail.
The Aftermath: An Unregulated Wild West
Recovery? Nearly impossible. Law enforcement scrambles to track cross-jurisdictional, pseudonymous flows, while the victim is left with a transaction hash as a tombstone. It highlights the brutal self-custody reality of crypto: your keys, your responsibility, and your catastrophic errors. The traditional finance crowd gets another 'I told you so' moment, gleefully ignoring their own history of bailouts and boiler-room scams.
This $500K loss is a stark reminder. In the race for financial sovereignty, the wolves are waiting—and they're counting on you to be careless.
How the $500K address poisoning scam happened
According to the alert posted by CyversAlerts, the victim had initially sent a small test transaction of 5,000 USDT to what they thought was the intended recipient address, which ended in D3E6F.
However, this was a poisoned fake address being monitored by the scammer. The scammer’s address ended in f3e6F, only differing subtly in the middle characters, which is usually abbreviated with dots for aesthetic purposes, something that these scams exploit.
Two minutes after the victim sent the $5,000, he followed up with a bulk transfer of 509,000 USDT to the same incorrect address, bringing the total loss to a whopping $514,000.
According to the attack Flow timeline shared by CyversAlerts, the scammer put a lot of preparation into the effort, sending multiple small transactions from various similar addresses to poison the victim’s transaction history. In this way, they were able to fool the victim into thinking the fake address was legitimate when they copied it from their history.
Unfortunately, once confirmed onchain, funds lost to such scams are rarely recoverable. They prey on human error and “copy pasta” habits.
Victim lost $50M in December 2025
Last year, address poisoning scams contributed significantly to the millions of dollars lost to crypto scams. One of the biggest known losses was recorded in December.
That attack saw a seasoned trader fall victim, losing a shocking $50 million in a single transaction after they copied a fraudulent wallet address from their transaction history.
The victim transferred 49,999,950 USDT to the attacker-controlled address because it also closely mimicked their intended destination, with the first three and last four characters matching.
The scammer quickly converted the stolen funds to ETH and distributed them across multiple wallets. Then they partially funneled it through the Tornado Cash mixer.
According to reports, the victim’s wallet had been active for approximately two years and was primarily used for USDT transfers, with the stolen funds withdrawn from Binance shortly before the poisoned transfer occurred.
Like the person who lost $500K today, the victim from last year also sent a test transaction, but theirs actually went to the correct address. This made them not doublecheck when they pasted the address again from their transaction history to send the bulk of the funds.
It was one of the largest onchain scam losses in recent times. The victim followed up with an onchain message demanding a return of 98% of the stolen funds within 48 hours and backed it up with threats to involve law enforcement and legal entities, even offering the attacker a $1 million WHITE hat bounty if they returned the funds in full.
“This is your final opportunity to resolve this matter peacefully,” the message read. “If you fail to comply: we will escalate the matter through legal international law enforcement channels.”
However, as of the time of this writing, no response has come from the scammer, and there is no proof the funds were recovered.Since it was laundered via Tornado Cash, the trail quickly went cold and recovery is unlikely.
Sharpen your strategy with mentorship + daily ideas - 30 days free access to our trading program
