A cryptocurrency user lost approximately $50 million in USDt after copying a fraudulent wallet address from their transaction records. This incident illustrates how easily users can be deceived by subtle address alterations in the context of address poisoning attacks.

The victims lost the staggering sum of 49,999,950 USDt (USDT) after mistakenly selecting a malicious wallet address, as reported by Web3 Antivirus. Address poisoning attacks introduce counterfeit addresses that resemble real ones within the transaction history through small, seemingly innocuous transfers. When users later select wallet addresses from their transaction history, they risk choosing the scammer’s counterfeit address instead of the intended recipient.

Initially, the victim conducted a small test transaction to the correct address. Minutes later, however, the complete transaction of $50 million was directed toward the compromised address.

User falls victim to address poisoning scam. Source: Web3 Antivirus

This is the severe consequence of address poisoning, a scheme relying not on digital system breaches but rather on exploiting habitual user behavior.

As security analyst Cos, founder of SlowMist, noted, the addresses’ resemblance was trivial yet sufficient to mislead even seasoned users. “You can see the first three characters and the last four characters are identical,” he expressed.

The victim’s wallet had been actively transacting for roughly two years, predominantly for USDt swaps. Shortly before the incident, the funds had been withdrawn from Binance, indicating the wallet’s active management.

The criminal has now exchanged the stolen USDt for Ether (ETH) and distributed it across multiple wallets while partially channeling it into Tornado Cash.

According to earlier reports from Cointelegraph, cryptocurrency hacks caused losses of $3.4 billion in 2025, the highest annual total since 2022, primarily incurred from a few extensive breaches confronting major cryptocurrency platforms.