DeFi Disaster: Trader Bleeds $2.5M in USDT to Repeat Address Poisoning Scam

Another day, another ’trustless’ system proving you shouldn’t trust anyone—especially yourself. A crypto trader just got rinsed for $2.5 million in USDT, falling for the same address poisoning scam twice. Guess due diligence doesn’t scale with greed.

How it works: Scammers send tiny transactions to ‘poison’ your history with fake addresses. One misclick later, and your life savings vanish into a hacker’s wallet. The kicker? This wasn’t even a sophisticated attack—just a copy-paste blunder worthy of Wall Street interns.

Welcome to decentralized finance, where the only thing more volatile than the market is your ability to keep funds secure. Maybe stick to a hardware wallet—or better yet, a savings account.

Scams and social engineering risks

Hackers have been evolving their methods to target users more directly. Blockchain security firm SlowMist highlighted a growing wave of SMS phishing campaigns.

In these scams, malicious actors typically send messages impersonating crypto exchanges like Coinbase, falsely claiming an issue with a withdrawal or security breach.

The victims are then instructed to call a support number in the message. When they do, they’re connected to a fake agent who directs them to a phishing website. On the website, users WOULD be asked to input their recovery or mnemonic phrase, giving hackers full access to their crypto wallets.

According to blockchain analyst ZachXBT, these social engineering tactics have already cost Coinbase users over $300 million.

Considering this, SlowMist strongly advises crypto users to avoid sharing recovery phrases, ignore unsolicited texts or calls, and verify all communications through official websites or apps.