Crypto User Loses Nearly $50 Million in Devastating Address Poisoning Scam

Another day, another eight-figure reminder that your crypto wallet isn't a bank vault—it's a digital bullseye.

The Bait in the Transaction History

Forget complex smart contract exploits. This scam weaponizes human nature and a wallet feature everyone uses: the transaction history. Attackers generate a wallet address that's visually identical to a target's frequent contacts—same first and last characters, with a mess of gibberish in the middle most eyes gloss over. They then send a tiny, worthless transaction to the target's wallet. The goal? To plant a fraudulent address in the target's history, camouflaged among legitimate ones.

The Cost of a Split-Second Mistake

The trap springs during the user's next transaction. Rushing to send a large sum—nearly $50 million in this case—they select what looks like a trusted address from their own history. They don't scrutinize the full string; they recognize the pattern and hit send. The funds rocket directly to the scammer's wallet, irreversible in seconds. It's a brutal tax on haste, proving that in crypto, trust is the most expensive line of code.

Security firms have flagged this 'address poisoning' tactic for years, yet the losses keep mounting. It preys on the industry's relentless push for speed and its awkward dance with user experience—where safety checks often feel like friction. While traditional finance gets mocked for moving at a snail's pace, at least their fraud departments sometimes answer the phone. In the decentralized world, your only insurance is your own paranoia. Stay vigilant, double-check every character, and remember: in the race for financial sovereignty, the scammers are already at the finish line.

Crypto Address Poisoning Leads to Massive Heist

Before sending the full amount, the victim followed a standard safety protocol and sent a test transfer of 50 USDT to ensure that the target address was correct. That was exactly where the hacker intervened.

According to security companies, an automated bot quickly generated a look-alike wallet address that almost copies the real address of the victim. The imposter wallet address has a similar first five characters and the last four, with the middle part sometimes covered by dots in many wallet apps.

The attacker made small payments from this address to the victim’s wallet, thus “poisoning” them. The attacker expected that when the user copied an address from their past activity to send full payment, they WOULD send it to a similar address instead.

According to the blockchain data, the first transfer, the test, happened at 03:06 UTC, followed by a huge transfer at 03:32 UTC, 26 minutes afterwards.

“The hacker acted swiftly,” SlowMist explained. Within half an hour, the stolen USDT was exchanged for DAI using MetaMask Swap, making it difficult for recovery as USDT can be frozen, but DAI can’t.

30 mins after receiving 50M $USDT, the scammer took action:
• Swapped 50M $USDT to $DAI via MetaMask Swap
• Swapped all $DAI to 16,690 $ETH
• Deposited 16,680 $ETH into Tornado Cash

The scammer addresses:
0xbaff2f13638c04b10f8119760b2d2ae86b08f8b5… https://t.co/ySGWtg3VIB pic.twitter.com/3BsWndrrJC

Then, the attacker exchanged the DAI for approximately 16,690 ETH and deposited around 16,680 ETH into the Tornado Cash mixer to conceal the transaction trail.

$1 Million Reward Offered for Hacker

In the final twist, the victim posted a message through the blockchain to the attacker, promising a $1 million reward in exchange for the return of 98% of the money. The message threatened that the attacker could be prosecuted because law enforcement agencies, cybersecurity bodies, and blockchain projects are working in cooperation with clear and actionable intelligence on the activities.

This is not the first of its kind. Earlier in May 2024, a user on the ethereum network lost $71 million worth of wrapped bitcoin. However, all the money was recovered. Whether a similar outcome can be expected now is uncertain since the money is now held in Tornado Cash.

According to security experts, such fraud is on the increase. Casa co-founder and security lead Jameson Lopp warned of the expansion of address poisoning attacks on various blockchain networks, with tens of thousands of suspected Bitcoin cases since 2023.

Lopp recommended wallet apps provide warnings when an address may match an existing address to double-check before sending funds.

Crypto Heists Surge in 2025

This case highlights a disturbing reality: crypto heists have already reached over $3.4 billion in 2025, surpassing the total for 2024. A substantial portion of this was attributed to the Bybit hack of $1.4 billion back in February, which was traced back to North Korean actors. This was termed the “largest crypto heist on record” by Elliptic.

🚨 Update: Deposits & withdrawals on Bybit have fully recovered to normal levels, as confirmed by on-chain data. ✅ pic.twitter.com/Cc0MwPFmWS

As crypto scams become more sophisticated and automated, this serves as a reminder that even seemingly simple tasks, such as copying an address, can pose substantial risks despite the importance of verifying every detail.