GAS: 0.0769 Gwei
Cryptocurrency, Security by Mark Zimmerman // Technical Writer

$50M Vanishes in ‘Address Poisoning’ Scam; Victim Offers $1M Bounty

A trader lost nearly $50 million in USDT after falling for an 'address poisoning' attack, with the hacker immediately swapping funds to ETH and moving them to Tornado Cash.

A single copy-paste error wiped out $50 million in seconds on December 20, marking one of the largest individual wallet losses of 2025. A trader inadvertently transferred 49,999,950 USDT to a fraudulent address designed to mimic their intended recipient, a vector known as "address poisoning." The funds were immediately liquidated into Ethereum and funneled through Tornado Cash.

The Mechanics of a $50M Mistake

The attack relied on visual deception rather than a smart contract exploit. The attacker generated a vanity address sharing the same first and last characters as the victim’s legitimate destination. Most wallet interfaces shorten addresses (e.g., 0xbaf...f8b5), masking the middle characters where the discrepancy lies.

According to on-chain data cited by Web3 Antivirus, the sequence unfolded rapidly:

  • Legitimate Test: The victim sent a valid 50 USDT test transaction to their intended wallet (0xbaf4...f8b5).
  • The Poison: The attacker detected this activity and instantly sent a "dust" transaction (often 0.005 USDT or $0) from the look-alike address (0xBaFF...f8b5) to the victim.
  • The Error: When the victim returned to send the full balance, they copied the most recent address from their transaction history, the attacker’s wallet, instead of the verified test address.

Liquidation and Laundering

Speed was critical. Tether (USDT) has a centralized freeze function, allowing the issuer to blacklist addresses holding stolen funds. To circumvent this, the attacker immediately swapped the 49.99 million USDT for DAI, a decentralized stablecoin that cannot be frozen as easily.

The DAI was then converted into approximately 16,680 ETH. With Ether trading around $2,965 (-0.3%), the attacker began depositing the haul into Tornado Cash, a privacy protocol that breaks the on-chain link between source and destination wallets. This "mixing" process complicates recovery efforts significantly.

The $1 Million Desperation Play

With the funds moving into privacy mixers, the victim attempted a final negotiation. An on-chain message sent to the attacker offered a white-hat bounty:

"We have officially filed a criminal case… If you return 98% of the funds, you may keep $1,000,000 USD as a bounty."

As of press time, the attacker has not responded, and the laundering process continues.

> ABOUT_THE_AUTHOR _

Mark Zimmerman

// Technical Writer

Hi, I'm Mark. My journey into the blockchain industry began on the investment side, where I worked as a developer in charge of DeFi operations for a digital asset-focused firm, eventually becoming a partner. I transitioned from the financial side of crypto to the deep technical trenches as a Solidity developer, a central limit order book built on the Avalanche blockchain. That hands-on experience building decentralized applications gave me a rigorous understanding of the challenges developers face when working with distributed ledger technology. Currently, I work as a Technical Writer at CoinWatchDaily, where I focus on bridging the gap between complex low-level code and accessible developer education.

VIEW_PROFILE >>

RELATED INTELLIGENCE

Coinbase Sues Regulators in 3 States to Shield Prediction Markets

Hut 8 Shares Surge 20% on $7B AI Data Center Pact with Fluidstack

Solana Calls to “Send Starknet to 0” in Official Account Attack; Founder Fires Back