Whale Torches $50M USDT in Fatal ‘Address Poisoning’ Slip; Victim Offers $1M Bounty
A routine copy-paste error spiraled into one of 2025’s largest individual losses as a spoofer drained 50 million Tether in minutes.
A single copy-paste error incinerated $49.9 million in Tether (USDT) yesterday after a high-net-worth trader fell for a textbook "address poisoning" attack. The loss, confirmed by Scam Sniffer and SlowMist, stands as one of the largest individual user blunders of 2025, underscoring the lethal efficiency of automated dusting bots.
The Receipt: How 50 Million Vanished
On December 20, the victim’s wallet (0xcB80...0819) initiated a withdrawal of roughly 50 million USDT from Binance. Following standard security hygiene, the user sent a test transaction of 50 USDT to their intended cold wallet (0xbaf4...f8b5). This prudent step paradoxically triggered the attack.
An automated script monitored the blockchain for high-value test transfers and instantly generated a "spoofed" address (0xBaFF...f8b5). The attacker’s bot then dusted the victim’s wallet with a micro-transaction from this lookalike address, pushing it to the top of the victim's transaction history.
Minutes later, the victim copied the poisoned address—likely verifying only the matching first three and last four characters—and executed the full transfer of 49,999,950 USDT. The funds were immediately routed to the attacker’s control.
The Laundering & Ultimatum
Blockchain security firm SlowMist noted the speed of the liquidation. The stolen USDT was rapidly swapped for DAI, then converted into approximately 16,690 ETH (worth roughly $49.5 million at current prices of ~$2,970). A significant portion was subsequently routed through Tornado Cash to obfuscate the trail.
"This is the brutal reality of address poisoning, an attack that doesn't rely on breaking systems, but on exploiting human habits," an on-chain analyst noted regarding the incident. In a desperate bid to recover the assets, the victim sent an on-chain message to the attacker, offering a $1 million "white hat" bounty (approximately 2% of the stolen funds) if 98% of the assets are returned within 48 hours. The message threatens involvement from law enforcement and cyber-forensics agencies if the deadline passes without compliance.
This incident pushes total crypto theft losses in 2025 past the $3.4 billion mark, with wallet interface vulnerabilities—specifically the truncation of addresses—remaining a primary attack vector for high-value targets.
