A cryptocurrency trader lost nearly $50 million in USDT after falling victim to an address-poisoning scam, according to blockchain security firm SlowMist.
The user mistakenly copied a fraudulent wallet address from their transaction history, unknowingly sending funds to an attacker-controlled address designed to closely resemble the intended recipient.
The victim transferred 49,999,950 USDT to the fake address, which matched the first three and last four characters of the legitimate wallet.
The stolen funds were quickly converted into ETH, spread across multiple wallets, and partially routed through the Tornado Cash mixer to obscure their movement.
Onchain data shows the compromised wallet had been active for about two years and was primarily used for USDT transfers.
The funds were withdrawn from Binance shortly before the transaction, suggesting the wallet was actively managed.
The incident underscores a wider security crisis in crypto, which has lost nearly $90 billion to hacks and exploits since its inception.
