$50M Vanishes: Whale drained in ‘Address Poisoning’ Sophisticated Attack
A crypto whale lost nearly $50 million in USDT after falling victim to an address poisoning scam, mistakenly copying a spoofed address that mimicked their own wallet.
Another whale has been gutted. A high-net-worth trader lost 49,999,950 USDT (~$50 million) early Saturday in a textbook address poisoning attack, marking one of the largest individual on-chain losses of late 2025. The incident, flagged by on-chain security firm Lookonchain and Web3 Antivirus, highlights the fatal flaw in standard wallet UI: the dangerous reliance on visual pattern matching.
The $50 Million Copy-Paste Error
The attack vector was brutal in its simplicity. The victim (wallet 0xcB80...) intended to transfer $50 million to a known address. To ensure safety, they first executed a 50 USDT test transaction to their own wallet (0xbaf4...8b5). This standard safety procedure paradoxically triggered the exploit.
Scanning the blockchain for high-value test transfers, the attacker’s bot immediately generated a vanity address (0xBaFF...8b5) that mimicked the victim’s target wallet. The attacker then sent a zero-value or dust transaction to the victim’s history. When the whale went to send the remaining $50 million, they copied the spoofed address from their transaction history, likely verifying only the first four and last four characters, and sent the funds directly to the scammer.
The victim sent a 50 USDT test to their own address 0xbaf4b1aF…B6495F8b5. The scammer immediately spoofed a wallet with the same first and last 4 characters… The victim copied the spoofed address from their history. — Lookonchain
The Money Trail: DAI, ETH, and Tornado
Liquidity vanished instantly. The attacker wasted no time in washing the stolen funds:
- Asset Swap: The 50 million USDT was immediately swapped for DAI, likely to bypass Tether’s ability to freeze assets on-chain.
- Ether Dumping: The DAI was then converted into approximately 16,624 ETH (valued at ~$2,985 per ETH at press time).
- Obfuscation: On-chain data indicates the ETH is being split across multiple wallets, with portions already routed through Tornado Cash to break the link between the exploit and the destination.
Institutional Context
This incident mirrors the $71 million WBTC poisoning attack from May 2024, confirming that wallet interface vulnerabilities remain a primary exploit vector. Despite improved warnings in wallets like MetaMask and Rabby, the human element, trusting the “Recent Transactions” list, remains the ecosystem’s weak point. Security firms now advise users to never copy addresses from transaction history and to whitelist frequent addresses in an address book instead.
