GAS: 0.0429 Gwei
Cryptocurrency, Security by Mark Zimmerman // Technical Writer

$50M USDT Vanishes in Address Poisoning Scam; Attacker Pivots to DAI

A whale lost nearly $50 million USDT after copying a 'poisoned' address, with the attacker instantly swapping to DAI to evade freezing.

A single copy-paste error just cost one user $49.9 million.

In one of the largest individual losses of 2025, a whale wallet inadvertently transferred nearly $50 million in Tether (USDT) to a known address poisoning scammer. The incident, first flagged by security firm Scam Sniffer, highlights the devastating effectiveness of vanity address attacks on high-net-worth holders.

The Mechanism: Vanity over Verification

The attack vector was not a smart contract exploit or a private key compromise. It was a UI manipulation. The victim intended to send funds to their own address: 0xbaf...f8b5. Minutes before the fatal transfer, the attacker generated a lookalike address, 0xBaF...f8b5, and spammed a zero-value transaction to the victim’s wallet.

The result was a poisoned transaction history. When the victim went to send the $49,999,950 balance, they likely copied the most recent address from their history, matching the first and last characters but missing the middle. The funds were sent to the attacker.

The victim sent a test transaction to the correct address first. The scammer struck in the window between the test and the bulk transfer.

The Institutional Angle: The Flight to ETH and Mixers

Speed was the attacker’s primary defense. Tether has the ability to freeze USDT on Ethereum addresses, a centralization feature often used to recover stolen funds. Recognizing this, the attacker immediately swapped the stolen USDT for Ether (ETH), split it across multiple wallets, and partially moved it into Tornado Cash, a decentralized mixer with no central freeze function.

This pivot renders the usual recovery playbook useless. While Tether could have blacklisted the address within minutes, decentralized protocols like Tornado Cash require no permission to hold or transfer. The funds are now washing through the DeFi ecosystem, likely headed for additional mixers or non-KYC exchanges.

Market Impact

This incident marks the second major poisoning event this quarter, forcing wallet providers to rethink how transaction histories are displayed. The loss represents 0.04% of total USDT circulation but serves as a grim signal to OTC desks and institutional custody solutions: visual verification is no longer sufficient.

> ABOUT_THE_AUTHOR _

Mark Zimmerman

// Technical Writer

Hi, I'm Mark. My journey into the blockchain industry began on the investment side, where I worked as a developer in charge of DeFi operations for a digital asset-focused firm, eventually becoming a partner. I transitioned from the financial side of crypto to the deep technical trenches as a Solidity developer, a central limit order book built on the Avalanche blockchain. That hands-on experience building decentralized applications gave me a rigorous understanding of the challenges developers face when working with distributed ledger technology. Currently, I work as a Technical Writer at CoinWatchDaily, where I focus on bridging the gap between complex low-level code and accessible developer education.

VIEW_PROFILE >>

RELATED INTELLIGENCE

Coinbase Taps Aaronson, Boneh, and Drake for Quantum Defense Board

Bank of Korea Governor Blocks Won-Stablecoin Path, Cites ‘Uncontrollable’ FX Risk

Vitalik Buterin Declares 2026 ‘Year of Sovereign Compute’; Targets Big Tech