A single transaction error led to one in every of the biggest on-chain losses this yr after a user mistakenly sent nearly $50 million to a fraud address in a classic address poisoning attack.
According to on-chain investigator Web3 Antivirus, the victim lost $49,999,950 USDt (USDT) after copying a malicious wallet address from his transaction history.
Address poisoning scams involve inserting similar wallet addresses right into a victim's transaction history via small transfers. When victims later copy an address from their transaction history, they might unknowingly select the fraudster's duplicate address as a substitute of the intended recipient.
Onchain data shows that the victim initially sent a small test transaction to the proper address. However, minutes later, the total $50 million transfer was sent to the poisoned address.
User falls victim to a poisoning scam. Source: Web3 Antivirus
Subtle address similarity enough to idiot experienced users
Security researcher Cos, founding father of SlowMist, noted that the similarity between the addresses was subtle but enough to idiot even experienced users. “You can see that the primary three characters and the last 4 characters are the identical,” he wrote.
According to on-chain evaluation, the victim's wallet had been lively for about two years and was primarily used for USDt transfers. Shortly before the loss, the funds were withdrawn from Binance, indicating that the wallet was actively managed on the time of the incident.
“This is the brutal reality of address poisoning, an attack based not on destroying systems but on exploiting human habits,” one other on-chain analyst wrote.
Since then, the attacker has exchanged the stolen USDt for Ether (ETH), split it across multiple wallets and partially moved it to Tornado Cash.
In 2025, crypto hacks amounted to $3.4 billion
As Cointelegraph reported, crypto-related hacks resulted in $3.4 billion in losses in 2025, the best annual total since 2022. The increase was largely as a consequence of a handful of massive security breaches against major crypto corporations, somewhat than a broad increase in average attack size.
Just three incidents accounted for 69% of total losses this yr, led by the $1.4 billion hack of crypto exchange Bybit, which alone accounted for nearly half of all funds stolen.
