Address Poisoning Scam Highlights Growing Risk of Copy-Paste Transfers
A single moment of inattention has resulted in one of the largest individual onchain losses of the year, after a crypto user accidentally sent nearly $50 million in stablecoins to a scammer-controlled wallet.
Blockchain investigators say the loss occurred when the user copied a wallet address from their transaction history, unaware that it had been deliberately planted by an attacker. The technique, known as address poisoning, exploits visual similarities between wallet addresses rather than technical vulnerabilities.
Key takeaways:
- Nearly $50 million in USDt was lost due to an address poisoning scam.
- The attacker relied on address lookalikes, not wallet or protocol exploits.
- Copying addresses from transaction history remains a major security risk.
- Even experienced users can be fooled by subtle address similarities.
In this case, the victim had previously received a small transfer from a malicious address designed to closely resemble a legitimate destination. When the user later copied what they believed was the correct address, they unknowingly selected the fraudulent one. A brief test transfer was sent successfully to the intended recipient, but the subsequent full transfer — nearly $50 million worth of USDt — was routed to the attacker instead.
How to lose $50M in under an hour. This is one of the largest on-chain scam losses we’ve seen recently.
A single victim lost $50M in $USDT to an address poisoning scam. The funds had arrived less than 1h earlier.
The user first sent a small test tx to the correct address. Mins… pic.twitter.com/Umsr8oTcXC
— Web3 Antivirus (@web3_antivirus) December 19, 2025
Security researchers noted that the forged address shared the same opening and closing characters as the legitimate one, making the difference difficult to spot at a glance. Analysts emphasized that this type of attack does not rely on hacking wallets or protocols, but instead takes advantage of common user habits such as copying addresses directly from transaction histories.
How the Funds Were Moved After the Attack
Onchain data suggests the affected wallet had been in regular use for roughly two years and primarily handled large USDt transfers. The funds were reportedly withdrawn from a centralized exchange shortly before the incident, indicating the wallet was actively managed rather than dormant or automated.
After receiving the funds, the attacker quickly converted the stablecoins into Ether, distributed them across multiple wallets, and routed part of the proceeds through a privacy mixer in an apparent attempt to obscure the trail.
The incident comes amid a broader surge in crypto-related losses this year. Industry tracking shows that total losses from hacks and exploits have reached $3.4 billion in 2025, the highest level since 2022. Notably, the majority of that figure stems from a small number of high-impact incidents rather than widespread low-level attacks.
Security experts say the case underscores a growing threat vector in crypto: social and behavioral exploits that bypass technical defenses entirely. As wallet interfaces and transaction volumes scale, they warn that address poisoning remains one of the most dangerous – and deceptively simple – traps facing even experienced users.
The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
Alexander Zdravkov is a person who always looks for the logic behind things. He has more than 3 years of experience in the crypto space, where he skillfully identifies new trends in the world of digital currencies. Whether providing in-depth analysis or daily reports on all topics, his deep understanding and enthusiasm for what he does make him a valuable member of the team.
