A crypto holder lost $50 million USDT in a sophisticated address poisoning scam after copying a spoofed wallet address from transaction history. The scammer swiftly laundered the funds into 16,680 ETH through Tornado Cash within 30 minutes.
A cryptocurrency holder has lost $50 million in USDT after falling victim to a sophisticated address poisoning attack on December 20, 2024. The devastating incident transformed a routine transfer into one of the costliest crypto thefts ever recorded.
According to Lookonchain on X, the victim initially sent a test transaction of 50 USDT to verify their wallet address "0xbaf4b1aF...B6495F8b5" before moving the larger sum. This cautious approach is standard practice among crypto users.
However, scammers were monitoring the transaction. Within moments, they deployed an address poisoning attack by creating a spoofed wallet matching the exact first and last four characters of the victim's legitimate address. The fraudulent address was "0xBaFF2F13...b08f8b5."
The scammer sent tiny amounts of cryptocurrency to the victim's wallet, inserting the fake address into the transaction history. Most wallet interfaces display addresses in shortened format with ellipses, showing only beginning and ending characters.
When the victim transferred the remaining 49,999,950 USDT, they copied what appeared to be their verified address from transaction history. The blockchain recorded the irreversible transfer instantly, sending the entire fortune to the scammer's wallet.
Lightning-Fast ETH Laundering Through Tornado Cash
According to SlowMist Team on X, approximately 30 minutes after receiving the stolen funds, the scammer executed an elaborate laundering sequence to prevent recovery efforts.
The criminal first swapped the entire 50 million USDT into DAI stablecoin using MetaMask Swap. This conversion was strategic because DAI cannot be frozen by Tether's issuer, unlike USDT which can be blacklisted.
The converted DAI was then exchanged for approximately 16,690 Ethereum. The scammer deposited 16,680 ETH into Tornado Cash, a cryptocurrency mixer designed to anonymize transactions on the Ethereum blockchain.
SlowMist Team identified multiple wallet addresses involved in the operation, including 0xbaff2f13638c04b10f8119760b2d2ae86b08f8b5, 0xbcb94f7609973e5ea7d2cbedaf0c5518b911e6cb, and several others used to fragment the stolen assets.
How Address Poisoning Exploits Human Behavior
Address poisoning doesn't require hacking wallets or stealing private keys. Instead, these attacks exploit human habits and wallet interface limitations.
The scam works because users verify only the beginning and ending characters of cryptocurrency addresses rather than examining the complete 42-character string. Manually checking each character becomes impractical during routine transactions.
The attack becomes particularly effective when victims copy addresses from transaction history for convenience. Since the poisoned address appears alongside legitimate transactions, users assume it belongs to their verified addresses.
Similar incidents occurred throughout 2025. One victim accidentally sent $70 million to a poisoned address but negotiated with the scammer, who eventually returned more than half the stolen assets. Two additional victims collectively lost over $200,000 in comparable attacks with no funds recovered.
Tornado Cash remains controversial for laundering stolen cryptocurrency. While privacy advocates champion the service as essential for financial freedom, authorities criticize it for facilitating criminal activity. The mixer has processed billions in potentially illicit transactions since 2019.
The FBI has issued warnings about address poisoning attacks targeting both experienced and newer cryptocurrency users. The agency emphasizes that criminals create wallet addresses closely resembling legitimate ones.
Security professionals recommend several protective measures. Users should never copy addresses from transaction histories. Every transfer should involve manually verifying the complete address string character by character.
Cold storage solutions, hardware wallets, and multi-signature configurations requiring multiple approvals offer additional security layers. Some experts suggest using address book features within wallet applications rather than relying on transaction history.
Test transactions alone cannot prevent address poisoning attacks. The victim performed a test transfer but still fell prey when executing the larger transaction.
This $50 million loss highlights growing sophistication among cryptocurrency criminals. As blockchain technology becomes mainstream, scammers develop increasingly clever methods to exploit technical limitations and human behavior patterns.
Blockchain transactions are permanent and irreversible. Unlike traditional banking systems with fraud protection, cryptocurrency transfers cannot be undone once confirmed. Meticulous verification of recipient addresses before every transaction is essential in the unforgiving world of decentralized finance.
Key Takeaways:
- Victim lost $50M USDT copying spoofed address from transaction history with matching first/last characters
- Scammer converted USDT to DAI then 16,680 ETH, depositing into Tornado Cash mixer within 30 minutes
- Address poisoning exploits wallet interface design and human verification habits, bypassing technical security
#AddressPoisoning #USDT #ETH #TornadoCash #CryptoScam
Stay updated on the latest cryptocurrency news on our homepage.
Explore more in Ethereum News Category.
Related reading:
Key Topics
Crypto New Live
admin@cryptonewslive.org
$50M USDT-ETH Address Poisoning Scam Exposed
Crypto holder loses $50M USDT in address poisoning scam. Funds laundered to ETH via Tornado Cash. Learn how this devastating attack works.