User Sends $50 Million USDT To Fake Wallet In Copy-Paste Scam Incident

TLDR

• The victim lost $50M USDT after copying a scam address from the transaction history.
• The scammer used a dust transaction to insert a fake lookalike address.
• Stolen funds were converted to ETH and routed through Tornado Cash.
• Victim offered $1M bounty and given 48 hours before legal action.

In one of the largest individual crypto scams reported this year, a user lost $50 million in USDT through a deceptive tactic known as “address poisoning.” The incident highlights the growing risks facing cryptocurrency holders, especially those who rely on transaction history when sending funds. As scammers continue to exploit behavioral patterns rather than technical vulnerabilities, the importance of caution in managing digital assets becomes increasingly crucial.

Fake Address Leads to Major On-chain Loss

A crypto investor transferred nearly $50 million in USDT to a scammer after unknowingly copying a spoofed address that had been inserted into their transaction history. Blockchain security firm Web3 Antivirus identified the incident, which began with a standard $50 test transfer meant to verify a destination address before a larger transaction.

The scammer quickly generated a wallet address that closely resembled the original recipient’s address. By mimicking the first and last characters, the address appeared legitimate in wallet interfaces, which typically shorten long addresses for display. The attacker then sent a small “dust” transaction to the victim, placing the fake address in their recent activity log.

The user copied the address from this poisoned history and sent $49,999,950 USDT to the attacker’s wallet. This scam method relies on exploiting trust in abbreviated address displays and everyday copy-paste habits.

Funds Laundered Through Mixers After the Exploit

Blockchain data shows that the stolen USDT was quickly exchanged for Ether and distributed across several wallets. Some of the addresses associated with the scam later interacted with Tornado Cash, a privacy-focused crypto mixer that has been sanctioned in various jurisdictions. This tool enables users to conceal the origin and destination of digital assets, thereby complicating efforts to trace or recover funds.

Address poisoning scams do not compromise smart contract code or Blockchain infrastructure. Instead, they target the human element of crypto transactions. By flooding wallets with small, misleading transactions, scammers increase the chance of being mistakenly copied in high-value transfers.

These attacks often involve automated bots that monitor blockchain activity for potential targets, particularly wallets with significant balances or frequent movement. Once identified, bots send out look-alike addresses via small transfers in hopes of catching users off guard.

Victim Responds With Legal Threats and Bounty Offer

The victim of the scam published an on-chain message offering a $1 million white-hat bounty in exchange for the return of 98% of the stolen assets. The message included a 48-hour deadline and warned of legal consequences if the attacker failed to return the funds within that timeframe.

“This is your final opportunity to resolve this matter peacefully,” the message stated. The sender warned that failure to comply would result in engagement with international law enforcement.

The case has drawn further attention to the security risks associated with self-custody and manual transaction handling. Experts advise users to avoid relying on transaction history for address reuse, implement address whitelisting where possible, and verify complete wallet addresses before sending significant funds.

The post User Sends $50 Million USDT To Fake Wallet In Copy-Paste Scam Incident appeared first on CoinCentral.