{"id":1943,"date":"2025-12-21T10:41:32","date_gmt":"2025-12-21T15:41:32","guid":{"rendered":"https:\/\/www.decentralnetwork.org\/news\/?p=1943"},"modified":"2025-12-21T10:46:23","modified_gmt":"2025-12-21T15:46:23","slug":"address-poisoning-scam","status":"publish","type":"post","link":"https:\/\/www.decentralnetwork.org\/news\/address-poisoning-scam\/","title":{"rendered":"$50M USDT Vanishes in Address Poisoning Scam in Under an Hour"},"content":{"rendered":"\n
\"$50M<\/figure>\n\n\n\n

Address Poisoning Scam:<\/strong> A cryptocurrency trader lost nearly $50 million in USDT<\/strong> on December 20, 2025, after falling victim to a sophisticated address poisoning attack\u2014showing how even experienced users can be misled by subtle on-chain scams that exploit routine wallet habits.<\/h2>\n\n\n\n

According to blockchain monitoring firm SlowMist<\/strong>,<\/a> the victim mistakenly sent 49,999,950 USDT<\/strong> to a fraudulent wallet address that had been deliberately planted into their transaction history. From start to finish, the entire theft unfolded in less than one hour<\/strong>.<\/p>\n\n\n\n

Once the funds landed in the attacker\u2019s wallet, the stolen USDT was quickly swapped into Ethereum<\/strong>, split across several addresses, and partially laundered through Tornado Cash<\/strong>, making recovery significantly more difficult.<\/p>\n\n\n\n

In a last-ditch effort, the victim later posted an on-chain message<\/strong> demanding the return of 98% of the stolen funds within 48 hours<\/strong>. They also offered the attacker a $1 million white-hat bounty<\/strong>, while warning that failure to comply would trigger legal action and involvement of international law enforcement agencies<\/strong>.<\/p>\n\n\n\n

How the scam worked<\/h3>\n\n\n\n

The attack took place shortly after the victim withdrew $50 million from Binance<\/strong>. Following standard security habits, the trader first sent a small test transaction of 50 USDT<\/strong> to confirm the destination address.<\/p>\n\n\n\n

That routine step opened the door for the attacker.<\/p>\n\n\n\n

Within minutes, the scammer sent a dust transaction of just 0.005 USDT<\/strong> to the victim\u2019s wallet. This tiny transfer caused a fake address<\/strong>\u2014crafted to closely resemble the real destination\u2014to appear in the wallet\u2019s recent transaction list.<\/p>\n\n\n\n

When the victim returned to send the full amount, they copied the address from their transaction history<\/strong>, unknowingly selecting the spoofed one. The fraudulent address matched the legitimate wallet in the first three and last four characters<\/strong>, making the difference nearly impossible to spot at a glance.<\/p>\n\n\n\n

Blockchain data shows the victim\u2019s wallet had been active for nearly two years<\/strong> and was primarily used for USDT transfers, suggesting the attackers may have been monitoring whale wallets<\/strong> and waiting for a large transaction to strike.<\/p>\n\n\n\n

A growing threat across crypto<\/h3>\n\n\n\n

While the $50 million loss is shocking, it represents only a small part of a much larger problem. In 2025 alone<\/strong>, address poisoning attacks have caused an estimated $3.4 billion in total losses<\/strong> across the crypto ecosystem.<\/p>\n\n\n\n

More than 158,000 wallets<\/strong> have been compromised, affecting around 80,000 unique victims<\/strong>. September 2025 was particularly severe, with 32,290 suspicious poisoning incidents<\/strong> recorded across multiple blockchains, impacting 6,516 users<\/strong> in just one month.<\/p>\n\n\n\n

Researchers have tracked over 270 million poisoning attempts<\/strong> on Ethereum and Binance Smart Chain<\/strong>, with confirmed losses directly tied to these attacks exceeding $83.8 million<\/strong>, excluding major headline cases.<\/p>\n\n\n\n

Address poisoning scams rely on speed, precision, and human error. Scammers continuously scan blockchain activity for large transfers and inject lookalike addresses at exactly the right moment\u2014turning a simple copy-paste action into a multimillion-dollar mistake.<\/p>\n\n\n\n

As this incident shows, even careful users can be caught off guard, making address verification more critical than ever in high-value crypto transactions.<\/p>\n\n\n\n

Also Read: Vitalik Buterin Says Prediction Markets Are Healthier Than Stocks<\/a><\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Address Poisoning Scam: A cryptocurrency trader lost nearly $50 million in USDT on December 20, 2025, after falling victim to … <\/p>\n

Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":1946,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[9],"tags":[2366,2367,2369,2371,2374,2372,2373,2370,2365,2368],"class_list":["post-1943","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency","tag-50-million-usdt-hack-news","tag-address-poisoning-scam-in-crypto","tag-blockchain-address-spoofing-attack","tag-crypto-address-poisoning-explained","tag-crypto-security-mistakes-to-avoid","tag-crypto-wallet-transaction-history-scam","tag-ethereum-laundering-via-tornado-cash","tag-how-address-poisoning-scams-work","tag-usdt-address-poisoning-attack-2025","tag-usdt-stolen-through-fake-wallet-address","resize-featured-image"],"jetpack_featured_media_url":"https:\/\/www.decentralnetwork.org\/news\/wp-content\/uploads\/2025\/12\/Untitled-design-2025-12-21T211413.061.webp","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.decentralnetwork.org\/news\/wp-json\/wp\/v2\/posts\/1943","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.decentralnetwork.org\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.decentralnetwork.org\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.decentralnetwork.org\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.decentralnetwork.org\/news\/wp-json\/wp\/v2\/comments?post=1943"}],"version-history":[{"count":2,"href":"https:\/\/www.decentralnetwork.org\/news\/wp-json\/wp\/v2\/posts\/1943\/revisions"}],"predecessor-version":[{"id":1947,"href":"https:\/\/www.decentralnetwork.org\/news\/wp-json\/wp\/v2\/posts\/1943\/revisions\/1947"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.decentralnetwork.org\/news\/wp-json\/wp\/v2\/media\/1946"}],"wp:attachment":[{"href":"https:\/\/www.decentralnetwork.org\/news\/wp-json\/wp\/v2\/media?parent=1943"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.decentralnetwork.org\/news\/wp-json\/wp\/v2\/categories?post=1943"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.decentralnetwork.org\/news\/wp-json\/wp\/v2\/tags?post=1943"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}