$50M USDT Lost: Copy-Paste Scam Trap

$50M USDT Lost in Address Poisoning Scam from Copy-Paste Error

A devastating transaction blunder has resulted in one of the most significant on-chain losses of the year, with a user accidentally transferring nearly $50 million worth of USDt to a fraudulent address during a textbook address poisoning assault.

Onchain investigator Web3 Antivirus reported that the victim suffered the loss of 49,999,950 USDt — the Tether stablecoin pegged to the US dollar — after inadvertently copying a malicious wallet address directly from their transaction history.

These address poisoning scams operate by having fraudsters send tiny amounts to the target’s wallet using addresses that closely mimic the legitimate recipient’s address. Later, when users copy-paste addresses from their history for convenience, they risk selecting the scammer’s deceptive duplicate instead of the genuine one.

Blockchain records reveal that the affected user first executed a small test transfer to the legitimate destination. However, just minutes afterward, the massive $50 million transaction went to the tainted address instead.

Even subtle address resemblances can deceive seasoned crypto participants

Security expert Cos, the founder of SlowMist, pointed out that the fraudulent address bore a subtle resemblance to the real one — matching in the first three characters and the last four — which proved sufficient to mislead even veteran users.

On-chain examination indicates the victim’s wallet had been operational for about two years, mainly handling USDt movements. Right before the incident, the funds had been pulled from Binance, implying the account was under active oversight during the mishap.

One onchain analyst highlighted the harsh truth of address poisoning tactics: “This attack bypasses technical defenses entirely, preying instead on ingrained user behaviors like quick copying from history lists.”

Following the theft, the perpetrator converted the pilfered USDt into Ethereum, dispersing it across numerous wallets and funneling portions into Tornado Cash for obfuscation.

Crypto security incidents total $3.4B losses in 2025

Throughout 2025, the cryptocurrency sector has endured hacks amounting to $3.4 billion in stolen assets, the largest yearly figure since 2022. This escalation stems predominantly from a few enormous exploits against prominent platforms, rather than widespread small-scale attacks.

Remarkably, just three major events comprised 69% of the year’s total damages, topped by the staggering $1.4 billion breach at the Bybit exchange, which represented almost half of all pilfered cryptocurrency that year.