One transaction mistake led to the biggest onchain loss this year. A user sent USDt worth nearly $50m to an address that was a fraud in what is known as a classic “address poisoning” attack.
Onchain Investigator Web3 AntivirusThe victim’s loss was 49.999.950 USDtUSDT(after copying an malicious wallet address out of their transaction history.
Poisoning and its scams rely on look-alike wallet addresses The small transfer is inserted in the victim’s history of transactions. In the future, when victims choose to copy a recipient’s address from the transaction history they have created in their account, the copied address may be the one of the fraudster.
According to Onchain, the victim first sent a test transaction of a smaller amount to the correct destination. Minutes later however, the entire $50 million transfer had been sent to the poisoned account.
Related: Attacker takes over multisig minutes after creation, drains up to $40M slowly
Even experienced users can be fooled by subtle address similarities
SlowMist’s founder, Cos, a security researcher, noticed that although the address similarities were slight, they could fool experienced users. “You can see the first 3 characters and last 4 characters are the same,” He has written.
Onchain analysis revealed that the wallet of the victim had been in use for two years, and it was mostly used to send USDt. Binance had withdrawn the funds shortly before, which suggests that they were actively being managed.
“This is the brutal reality of address poisoning, an attack that doesn’t rely on breaking systems, but on exploiting human habits,” One more onchain analyst wrote.
Since then, the attacker has swapped USDt into Ether.ETHTornado Cash was partially transferred into the wallet after it had been split into several.
Related: Binance denies reports of delayed action over funds linked to Upbit hack
Crypto-hacks to reach $3.4 Billion in 2025
Cointelegraph has reported on crypto-related hacks resulted in $3.4 billion In 2025, the total losses will be at their highest level since 2022. This surge in attacks was driven primarily by major breaches that targeted crypto-entities rather than an increase in the average size of attacks.
Three incidents alone accounted for 69% total losses in this year. $1.4 billion hack of crypto exchange BybitThe amount of money stolen by thieves is estimated to be around half.
Magazine: 2026 is the year of pragmatic privacy in crypto — Canton, Zcash and more
“This article is not financial advice.”
“Always do your own research before making any type of investment.”
“ItsDailyCrypto is not responsible for any activities you perform outside ItsDailyCrypto.”
Source: cointelegraph.com
