Trader Loses $50 Million in Tether Address‑Poisoning Incident

Global: Trader Loses $50 Million in Tether Address‑Poisoning Incident

A cryptocurrency trader inadvertently transferred nearly $50 million worth of Tether (USDT) to a malicious wallet after falling victim to an address‑poisoning scheme. The victim, who remains unidentified, copied a wallet address that closely resembled a legitimate recipient’s address and completed a high‑value transaction, resulting in the loss.

How Address‑Poisoning Operates

Address‑poisoning exploits the practice of abbreviating long blockchain addresses by using only the first and/or last characters for quick recognition. Scammers generate fraudulent addresses that share these visible fragments with well‑known wallets, increasing the likelihood that users will mistakenly select the wrong address when copying and pasting.

Victim’s Countermeasures

Following the theft, the trader posted an on‑chain message to the offending wallet, offering a $1 million "bounty" for the return of the remaining funds and stating that a criminal case had been filed. The message also claimed coordination with law‑enforcement and cybersecurity agencies to gather actionable intelligence.

Laundering via Tornado Cash

Despite the public appeal, the malicious wallet has shown no activity since the message was posted. Blockchain analysis indicates that the stolen funds were subsequently moved through Tornado Cash, a privacy‑preserving mixer that obscures transaction trails.

Implications for Crypto Security

The incident highlights persistent vulnerabilities in user‑level address verification. Even experienced traders can be deceived when relying on partial address cues, underscoring the need for more robust safeguards such as address‑book whitelisting or multi‑factor confirmation for large transfers.

Recommendations for Users

Security experts advise double‑checking the full address string, using hardware wallets that display the entire address, and employing third‑party services that verify recipient addresses before execution. Implementing these practices can reduce the risk of address‑poisoning attacks.

This report is based on information from Web3 is Going Great, licensed under Creative Commons Attribution 3.0 (CC BY 3.0). Analysis provided by Web3 is Going Great.