One Click, $50 Million Gone: Address Poisoning Strikes Again
A whale lost nearly $50 million in USDT after a sophisticated address poisoning script spoofed their transaction history.
The Copy-Paste Trap
A high-net-worth trader lost $50 million in USDT late Friday, falling victim to a textbook address poisoning attack. The incident, flagged by Lookonchain and Web3 Antivirus, highlights a critical vulnerability in how modern wallet interfaces display transaction data. The funds were drained from wallet 0xcB80... less than an hour after the victim funded the account.
The attack vector was brutally simple. The victim sent a standard $50 test transaction to their intended destination (0xbaf4...F8b5). Moments later, an automated script detected the transfer and generated a “spoofed” address (0xBaFF...f8b5) that matched the first four and last four characters of the legitimate wallet. The attacker then sent a zero-value transaction to the victim’s wallet, injecting the poisoned address into their transaction history.
When the victim returned to send the full $49.9 million balance, they copied the address from their history. likely verifying only the start and end characters. and unknowingly sent the funds to the attacker.
The Laundering Trail
Liquidity vanished instantly. The attacker wasted no time, swapping the frozen-prone USDT for DAI, an algorithmic stablecoin less susceptible to centralized blacklisting. From there, the funds were routed through UniswapX resolvers and converted into approximately 16,624 ETH (worth ~$49.5M at current prices).
“The victim’s wallet was active for two years and received its funds from Binance. This is one of the largest on-chain scam losses we’ve seen recently.” . Web3 Antivirus
On-chain data shows the ETH is now being batched and funneled into Tornado Cash, the sanctioned privacy mixer, effectively breaking the traceability link. This rapid conversion cycle. USDT to DAI to ETH to Mixer. has become the standard playbook for evading Tether’s freeze function.
Institutional Context
Address poisoning is no longer a niche threat. Security firms estimate these “vanity address” attacks now account for roughly 10% of all wallet drains in 2025. The attack exploits a UI/UX trade-off: most wallets truncate addresses (e.g., 0x123...abc), hiding the middle characters where the discrepancy lies. For institutions and whales, the $50 million loss serves as a grim reminder: visual verification is insufficient. Whitelisting and strict character-for-character verification are now the baseline for survival.
