Crypto trader loses $50 million in address poisoning attack, offers $1 million bounty for return
A crypto trader lost nearly $50 million in USDT stablecoins after falling victim to an address poisoning attack, a seemingly simple scheme that nonetheless sometimes snags unwary traders, according to security firms. Onchain analytics platform Lookonchain reported that the victim sent 49,999,950 USDT to a scammer-controlled address on December 20. The attack unfolded after the victim had withdrawn the funds from Binance and attempted to transfer them to their own wallet.Following standard practice, the victim first sent a small test transaction of 50 USDT to their intended destination address. However, an automated script controlled by the attacker immediately generated a "spoofed" wallet address designed to match the victim's legitimate address at the beginning and end of the alphanumeric string.The malicious address shared the same first five and last four characters as the victim's intended recipient. The key differences appeared only in the middle characters, which many wallet interfaces obscure with ellipses for readability. The scammer then sent small transactions from the spoofed address to the victim's wallet, effectively "poisoning" their transaction history. When the victim later copied an address from their history to execute the full $50 million transfer, they likely unknowingly selected the attacker's lookalike address instead.Etherscan data shows the test transaction occurred at 3:06 UTC, with the erroneous $50 million transfer following approximately 26 minutes later at 3:32 UTC. The attacker moved quickly to launder the stolen funds, per SlowMist. Within 30 minutes of receiving the USDT, the scammer swapped the entire sum to DAI via MetaMask Swap—a strategic move since Tether can freeze USDT in flagged wallets, while the decentralized DAI stablecoin lacks such centralized controls. The attacker then converted the DAI into approximately 16,690 ETH and deposited around 16,680 ETH into Tornado Cash, the once-sanctioned cryptocurrency mixer, to obscure the transaction trail.In an attempt to recover the funds, the victim sent an onchain message to the attacker offering a $1 million whitehat bounty in exchange for the return of 98% of the stolen assets."We have officially filed a criminal case. With the assistance of law enforcement, cybersecurity agencies, and multiple blockchain protocols, we have already gathered substantial and actionable intelligence regarding your activities," the onchain message states. The loss echoes a similar incident in May 2024, when an Ethereum user lost $71 million worth of wrapped bitcoin to an address poisoning attack. In that case, The Block reported that the victim eventually recovered nearly all available funds following onchain negotiations facilitated by blockchain cybersecurity firm Match Systems and the Cryptex exchange. Whether the latest victim will achieve a similar outcome remains uncertain given the rapid movement of funds into Tornado Cash.2025 sees over $3.4 billion in crypto theftsCasa co-founder and Chief Security Officer Jameson Lopp warned in April that address poisoning attacks were proliferating across blockchains. In an analysis covered by The Block, Lopp identified 48,000 suspected address poisoning attacks on Bitcoin alone since 2023. He suggested wallet developers could implement warnings for similar-looking addresses to mitigate the risk."I think it would be easy for wallets to say 'Oh, this came from a similar looking address,' and throw up a big red flag: do not interact," Lopp said at the time.The incident adds to what has been a record year for cryptocurrency theft. Chainalysis reported that crypto losses exceeded $3.4 billion in 2025, up from $3.38 billion in 2024. The February hack of Bybit exchange by North Korean threat actors, which saw $1.4 billion stolen, accounted for approximately 44% of the annual total and was described by Elliptic as "the largest crypto theft of all time."Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.