Hackers Steal $50M from Crypto Trader in Address Poisoning Scam

Reading Time: < 1 minute

A cryptocurrency trader lost approximately $50 million in USDT stablecoins after becoming the target of an address poisoning attack, a deceptively straightforward scam that occasionally catches unsuspecting traders off guard, security firms reported.

Onchain analytics platform Lookonchain documented that the victim transferred 49,999,950 USDT to an address controlled by scammers on December 20. The incident occurred after the victim had withdrawn the funds from Binance and was in the process of moving them to their personal wallet.

In line with common security practices, the victim initially sent a small test transaction of 50 USDT to verify their intended destination address. An automated script operated by the attacker then immediately created a “spoofed” wallet address engineered to mirror the victim’s legitimate address at both the start and finish of the alphanumeric sequence.

The fraudulent address replicated the same opening five and closing four characters as the victim’s target recipient. The crucial distinctions existed only within the middle characters, which most wallet interfaces hide with ellipses for ease of reading.

The scammer subsequently sent minor transactions from the spoofed address to the victim’s wallet, effectively “contaminating” their transaction history. When the victim later selected an address from their history to complete the full $50 million transfer, they presumably inadvertently chose the attacker’s nearly identical address.