A cryptocurrency trader has suffered a devastating loss of nearly $50 million in a sophisticated address poisoning attack, highlighting persistent security vulnerabilities in the digital asset space. According to on-chain analytics platform Lookonchain, the victim transferred 49,999,950 USDT to a scammer-controlled address on December 20, 2025.
The attack unfolded after the victim withdrew funds from Binance. Following standard security practice, the trader first sent a small test transaction of 50 USDT to their intended wallet address. However, an automated script controlled by the attacker immediately generated a "spoofed" wallet address designed to mimic the victim's legitimate address, sharing the same first five and last four characters. The scammer then sent small transactions from this fake address to the victim's wallet, "poisoning" their transaction history.
When the victim later copied an address from their history to execute the full $50 million transfer, they unknowingly selected the attacker's lookalike address. Etherscan data shows the test transaction occurred at 3:06 UTC, with the erroneous $50 million transfer following approximately 26 minutes later at 3:32 UTC.
The attacker moved swiftly to launder the stolen funds. Within 30 minutes of receiving the USDT, the scammer swapped the entire sum to DAI via MetaMask Swap—a strategic move since Tether can freeze USDT in flagged wallets, while the decentralized DAI stablecoin lacks such centralized controls. The attacker then converted the DAI into approximately 16,690 ETH and deposited around 16,680 ETH into Tornado Cash, the once-sanctioned cryptocurrency mixer, to obscure the transaction trail.
In a desperate attempt to recover the funds, the victim sent an on-chain message to the attacker offering a $1 million white-hat bounty in exchange for the return of 98% of the stolen assets. The message stated: "We have officially filed a criminal case. With the assistance of law enforcement, cybersecurity agencies, and multiple blockchain protocols, we have already gathered substantial and actionable intelligence regarding your activities."
This incident echoes a similar attack in May 2024, when an Ethereum user lost $71 million worth of wrapped bitcoin. In that case, the victim eventually recovered nearly all available funds following on-chain negotiations facilitated by blockchain cybersecurity firm Match Systems and the Cryptex exchange.
The attack adds to a record year for cryptocurrency theft. Chainalysis reported that crypto losses exceeded $3.4 billion in 2025, up from $3.38 billion in 2024. Casa co-founder and Chief Security Officer Jameson Lopp warned in April that address poisoning attacks were proliferating, identifying 48,000 suspected attacks on Bitcoin alone since 2023.
