Poisoning scam attackers strike again as victim loses $500K

A crypto user lost over $500,000 in USDT after falling victim to an address poisoning attack on the Ethereum blockchain. 

The attack was detected around 14:01 UTC, and CyversAlerts, a web3 security platform, posted it shortly after at 14:34 UTC, making it one of the first reported cases of address poisoning in the new year.

How the $500K address poisoning scam happened

According to the alert posted by CyversAlerts, the victim had initially sent a small test transaction of 5,000 USDT to what they thought was the intended recipient address, which ended in D3E6F.

However, this was a poisoned fake address being monitored by the scammer. The scammer’s address ended in f3e6F, only differing subtly in the middle characters, which is usually abbreviated with dots for aesthetic purposes, something that these scams exploit.

Two minutes after the victim sent the $5,000, he followed up with a bulk transfer of 509,000 USDT to the same incorrect address, bringing the total loss to a whopping $514,000.

According to the attack flow timeline shared by CyversAlerts, the scammer put a lot of preparation into the effort, sending multiple small transactions from various similar addresses to poison the victim’s transaction history. In this way, they were able to fool the victim into thinking the fake address was legitimate when they copied it from their history.

Unfortunately, once confirmed onchain, funds lost to such scams are rarely recoverable. They prey on human error and “copy pasta” habits.

Victim lost $50M in December 2025

Last year, address poisoning scams contributed significantly to the millions of dollars lost to crypto scams. One of the biggest known losses was recorded in December.

That attack saw a seasoned trader fall victim, losing a shocking $50 million in a single transaction after they copied a fraudulent wallet address from their transaction history.

The victim transferred 49,999,950 USDT to the attacker-controlled address because it also closely mimicked their intended destination, with the first three and last four characters matching.

The scammer quickly converted the stolen funds to ETH and distributed them across multiple wallets. Then they partially funneled it through the Tornado Cash mixer.

According to reports, the victim’s wallet had been active for approximately two years and was primarily used for USDT transfers, with the stolen funds withdrawn from Binance shortly before the poisoned transfer occurred.

Like the person who lost $500K today, the victim from last year also sent a test transaction, but theirs actually went to the correct address. This made them not doublecheck when they pasted the address again from their transaction history to send the bulk of the funds.

It was one of the largest onchain scam losses in recent times. The victim followed up with an onchain message demanding a return of 98% of the stolen funds within 48 hours and backed it up with threats to involve law enforcement and legal entities, even offering the attacker a $1 million white hat bounty if they returned the funds in full.

“This is your final opportunity to resolve this matter peacefully,” the message read. “If you fail to comply: we will escalate the matter through legal international law enforcement channels.”

However, as of the time of this writing, no response has come from the scammer, and there is no proof the funds were recovered.Since it was laundered via Tornado Cash, the trail quickly went cold and recovery is unlikely.

Join a premium crypto trading community free for 30 days - normally $100/mo.