The assault marks one of many largest particular person losses from this sort of fraud on document.
Blockchain safety companies SlowMist, Rip-off Sniffer, and Web3 Antivirus recognized the sufferer as sending 49,999,950 USDT to a scammer-controlled handle. The funds had been withdrawn from Binance trade simply earlier than the assault occurred.
The Assault Timeline
In response to Etherscan data, the sufferer initially despatched a small take a look at transaction of 50 USDT to their meant vacation spot handle at 06:20:35 UTC. It is a normal safety follow many crypto customers comply with earlier than sending giant quantities.
Nonetheless, an automatic script managed by the attacker instantly created a pretend pockets handle. The malicious handle (0xBaFF2F13638C04B10F8119760B2D2aE86b08f8b5) was designed to look almost an identical to the sufferer’s actual vacation spot handle (0xbaf4b1aF7E3B560d937DA0458514552B6495F8b5).
The scammer made the pretend handle match the primary three and final 4 characters of the professional handle. Since most crypto wallets present solely the start and finish of addresses with dots within the center, this trick simply fools customers who don’t examine each character.
Supply: @lookonchain
The attacker then despatched small transactions from the pretend handle to the sufferer’s pockets. This “poisoned” the sufferer’s transaction historical past with the scammer’s handle. When the sufferer copied an handle from their historical past 12 minutes later to ship the total $50 million, they by accident grabbed the pretend one as an alternative. The large switch went via at 06:32:59 UTC.
Swift Cash Laundering
The attacker moved quick to cover the stolen cash. Inside 30 minutes of receiving the USDT, the scammer transformed all of it to DAI utilizing MetaMask Swap. This was a sensible transfer as a result of Tether can freeze USDT in suspicious wallets, however DAI is decentralized and can’t be frozen.
The attacker then swapped the DAI for about 16,690 ETH. Most of this—round 16,680 ETH—was deposited into Twister Money, a crypto mixing service that makes transactions almost inconceivable to hint.
Safety researcher Cos from SlowMist defined that “the subtlety is within the center characters—sufficient to deceive even execs who depend on partial checks.”
Restoration Makes an attempt and Authorized Threats
The sufferer despatched an on-chain message to the attacker providing a $1 million reward for returning 98% of the stolen funds. The message got here with severe authorized warnings.
“We’ve got formally filed a prison case. With the help of legislation enforcement, cybersecurity businesses, and a number of blockchain protocols, we’ve got already gathered substantial and actionable intelligence concerning your actions,” the message stated.
The sufferer gave the attacker 48 hours to simply accept the bounty. If refused, they threatened to “escalate the matter via authorized and worldwide legislation enforcement channels” and pursue “relentless” prison and civil motion.
There may be some hope for restoration. In Might 2024, one other sufferer misplaced $71 million in the same handle poisoning assault. That sufferer ultimately recovered almost all their funds after negotiations helped by blockchain safety agency Match Techniques and Cryptex trade. Nonetheless, the present case could also be more durable to resolve because the funds had been shortly moved to Twister Money.
A Rising Drawback
Tackle poisoning assaults are spreading throughout totally different blockchains. Jameson Lopp, Chief Safety Officer at Bitcoin custody agency Casa, warned in April 2025 about this rising menace. His evaluation discovered 48,000 suspected assaults on Bitcoin alone since 2023.
“[The attacks are] a results of the truth that we’re in a really low-fee atmosphere,” Lopp stated on the MIT Bitcoin Expo. Low transaction charges make it low cost for scammers to ship 1000’s of faux transactions to potential victims.
Lopp prompt that pockets builders ought to add warnings when customers work together with addresses that look just like ones they’ve used earlier than. “I feel it will be simple for wallets to say ‘Oh, this got here from the same trying handle,’ and throw up an enormous purple flag: don’t work together,” he defined.
In response to safety companies Web3 Antivirus and SlowMist, handle poisoning accounted for over 10% of all pockets drains in 2025. Customers of stablecoins like USDT face specific threat as a result of their predictable switch patterns assist scammers plan assaults.
File Theft Yr
This assault provides to an already devastating yr for crypto safety. Chainalysis reported that cryptocurrency losses exceeded $3.four billion in 2025, barely greater than the $3.38 billion stolen in 2024.
The February 2025 hack of Bybit trade was the only largest crypto theft ever recorded. North Korean menace actors stole $1.5 billion, accounting for round 44% of the yr’s whole losses. Safety agency Elliptic referred to as it “the biggest crypto theft of all time.”
Private pockets assaults have grown dramatically. In 2022, assaults on particular person wallets made up simply 7.3% of whole stolen worth. By 2024, that quantity jumped to 44%. Chainalysis documented 158,000 cases of non-public pockets breaches affecting a minimum of 80,000 totally different victims.
Mitchell Amador, CEO of blockchain safety agency Immunefi, defined the shift: “The menace panorama is shifting from on-chain code vulnerabilities to operational safety and treasury-level assaults. As code hardens, attackers goal the human aspect.”
The way to Keep Secure
Safety consultants suggest a number of steps to keep away from handle poisoning:
Examine Each Character: By no means belief simply the primary and previous few characters of an handle. Confirm the entire handle earlier than sending any quantity.
Use Tackle Books: Save trusted addresses in your pockets’s handle ebook. Don’t copy addresses out of your transaction historical past the place scammers can plant fakes.
Spot Mud Assaults: Look ahead to tiny surprising transactions from unknown addresses. These are purple flags that your pockets is likely to be getting poisoned.
Check and Wait: For those who ship a take a look at transaction, wait and ensure it arrived on the proper place earlier than sending bigger quantities.
{Hardware} Wallets Assist: {Hardware} wallets with built-in screens power you to overview the total handle earlier than approving transactions.
Not like hacks that exploit code vulnerabilities, handle poisoning assaults goal human conduct. The blockchain itself works completely—scammers simply trick folks into making errors. This makes the issue more durable to unravel via know-how alone.
Instructional campaigns from trade teams stress the significance of {hardware} wallets with handle affirmation screens. These instruments power customers to manually overview addresses, which may forestall expensive errors.
When Belief Turns into a Weak point
The $50 million loss reveals how even skilled crypto customers following safety greatest practices can fall sufferer to classy scams. The attacker exploited the very safety measure—take a look at transactions—that ought to have protected the sufferer.
As blockchain know-how improves and turns into more durable to hack instantly, criminals are discovering success by focusing on the folks utilizing it as an alternative. Whether or not via authorized stress or negotiation, the crypto group hopes this sufferer would possibly be part of the small group who’ve efficiently recovered stolen funds. However with the cash already in Twister Money, the percentages look difficult.
Sven Luiv Sven Luiv Read More
