Address Poisoning Scam Highlights Growing Risk of Copy-Paste Transfers

Blockchain investigators say the loss occurred when the user copied a wallet address from their transaction history, unaware that it had been deliberately planted by an attacker. The technique, known as address poisoning, exploits visual similarities between wallet addresses rather than technical vulnerabilities.

In this case, the victim had previously received a small transfer from a malicious address designed to closely resemble a legitimate destination. When the user later copied what they believed was the correct address, they unknowingly selected the fraudulent one. A brief test transfer was sent successfully to the intended recipient, but the subsequent full transfer — nearly $50 million worth of USDt — was routed to the attacker instead.

Security researchers noted that the forged address shared the same opening and closing characters as the legitimate one, making the difference difficult to spot at a glance. Analysts emphasized that this type of attack does not rely on hacking wallets or protocols, but instead takes advantage of common user habits such as copying addresses directly from transaction histories.

How the Funds Were Moved After the Attack

Onchain data suggests the affected wallet had been in regular use for roughly two years and primarily handled large USDt transfers. The funds were reportedly withdrawn from a centralized exchange shortly before the incident, indicating the wallet was actively managed rather than dormant or automated.

After receiving the funds, the attacker quickly converted the stablecoins into Ether, distributed them across multiple wallets, and routed part of the proceeds through a privacy mixer in an apparent attempt to obscure the trail.

The incident comes amid a broader surge in crypto-related losses this year. Industry tracking shows that total losses from hacks and exploits have reached $3.4 billion in 2025, the highest level since 2022. Notably, the majority of that figure stems from a small number of high-impact incidents rather than widespread low-level attacks.

Security experts say the case underscores a growing threat vector in crypto: social and behavioral exploits that bypass technical defenses entirely. As wallet interfaces and transaction volumes scale, they warn that address poisoning remains one of the most dangerous – and deceptively simple – traps facing even experienced users.

The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.

The post Address Poisoning Scam Highlights Growing Risk of Copy-Paste Transfers appeared first on Coindoo.