A copy-paste error caused 50k to evaporate! The poisoning scam of encryption Address reappears, how to prevent it.

A test transfer of 50 USD triggered an address poisoning attack, resulting in the victim mistakenly sending nearly 50 million USD $USDT to a fake address, with the funds being quickly laundered, making it one of the largest human error-based encryption fraud cases this year.

After testing the transfer, it was locked, and 50 million dollars were directed to a fake Address.

A cryptocurrency user accidentally transferred nearly $50 million worth of $USDT to a scammer's wallet due to what seemed like a normal copy-and-paste operation, becoming one of the largest Address Poisoning incidents of the year. According to on-chain analysis by Web3 Antivirus, the victim originally followed common practices, first testing the correct address with 50 $USDT to confirm it was accurate before proceeding with the large transfer.

Source: X/@web3_antivirus The victim originally followed common procedures, first testing the correct Address with 50 $USDT , and after confirming it was correct, proceeded with a large transfer.

However, just a few minutes after the test transaction is sent, the scammers immediately generate a set of highly similar wallet addresses through automated scripts, which have the same starting and ending characters as the victim's actual target address. The scammers then send a very small amount of “dust” transactions from this forged address, making that address appear in the victim's transaction records, creating the illusion of a “trusted source”.

Due to most wallet interfaces hiding the middle characters of the address, the victim inadvertently selected this fake similar address while copying the address from the transaction record later, ultimately allowing the scammer to obtain the entire amount of 49,999,950 $USDT in a transfer. On-chain data shows that this erroneous transfer occurred just 26 minutes after the victim withdrew funds from Binance, with the attacker completing all “poisoning” and inducement in a very short time.

Funds are quickly laundered, exchanged for $DAI and ETH within 30 minutes.

According to SlowMist's tracking, the scammers quickly dispersed the funds within 30 minutes after receiving them, first exchanging part of $USDT for $DAI to evade Tether's asset freeze mechanism. Subsequently, the scammers converted the entire $DAI into approximately 16,690 Ether ($ETH), of which about 16,680 Ether was funneled into Tornado Cash, attempting to obscure the flow of funds using a sanctioned mixer.

Source of the image: X/@SlowMist_Team The scammers quickly dispersed the funds within 30 minutes after receiving them, first exchanging part of $USDT into $DAI .

In addition to Tornado Cash, some funds have also flowed to multiple newly established Addresses, adopting a typical “cutting-style washing” strategy to reduce the likelihood of being frozen or recaptured. Experts point out that address poisoning attacks do not involve exploiting vulnerabilities or cryptographic cracking, but purely leverage “human operational habits” and the “wallet interface abbreviation” that cause visual misjudgments, making them difficult to prevent and with a success rate that rises year by year.

The victim issued an on-chain warning, demanding the return of 98% of the funds.

After the incident, the victim left information on the blockchain, issuing a 48-hour ultimatum to the fraudster demanding the return of 98% of the funds and offering $1 million as a white hat bounty. The blockchain information indicates that the victim has officially reported to international law enforcement and multiple security agencies, and has obtained some traceable information.

“This is your last chance to resolve the issue peacefully. If you refuse to cooperate, we will initiate transnational law enforcement procedures.” The victim wrote in the information.

As of now, the scammers have not made a public response. Outside speculation suggests that since most of the funds have entered Tornado Cash, the difficulty of recovery is much higher than in typical fraud cases.

Source: Etherscan The victim left information on the chain, issuing a 48-hour ultimatum to the fraudster, demanding the return of 98% of the funds.

Address poisoning attacks are on the rise, and the scale of encryption fraud continues to reach new highs.

Experts point out that in the past two years, address poisoning attacks have shown trends of “automation, scaling, and cross-chain.” Jameson Lopp, co-founder of the Bitcoin security storage company Casa, has stated that since 2023, there have been over 48,000 suspected address poisoning incidents on the Bitcoin chain alone. Attackers use bots to monitor large wallets, detect “test transactions,” and immediately generate similar addresses, inserting dust transactions into the victim's historical records.

This year, the overall cryptocurrency hacking has breached 6.5 billion USD, a new high in nearly three years, with the 1.5 billion USD incident at Bybit in February being particularly severe. However, human error losses, including this incident, are also on the rise, highlighting that user operating habits have become the main breakthrough for scammers.

Extended reading 2025 will be the darkest year for encryption crimes! Hackers have stolen 6.5 billion, with many cases led by North Korea.

On-chain analysts point out that the scale of this incident is similar to past cases of misdirected amounts such as 71 million USD and 50 million USD, indicating that “copy and paste” has become one of the biggest risks for high-net-worth wallets. Security researchers urge wallet developers to enhance the “high similarity address alert” feature and recommend that users adopt a method of “cross-referencing addresses from multiple sources” to reduce risks.

This incident of a mistransfer amounting to 50 million dollars once again shows that while cryptocurrency assets can be stored in a decentralized manner, a single careless operation can still result in their instantaneous disappearance.