A cryptocurrency user has lost more than $500,000 in USDT due to an address poisoning attack on the Ethereum blockchain. The incident was detected around 14:01 UTC and was reported by the web3 security platform CyversAlerts shortly after at 14:34 UTC, marking it as one of the first reported address poisoning cases of the new year.
How the $500K Address Poisoning Scam Unfolded
According to an alert posted by CyversAlerts, the victim initially sent a small test transaction of 5,000 USDT to what they believed was the intended recipient address, which ended in D3E6F. However, this was a carefully crafted poisoned fake address monitored by the scammer. The scammer's address, f3e6F, differed only subtly in the middle characters. Scammers frequently exploit this by using abbreviated dots for aesthetic purposes, which can easily mislead users.
Just two minutes after the victim sent the initial $5,000, they proceeded with a bulk transfer of 509,000 USDT to the same incorrect address, resulting in a total loss of $514,000.
The attack flow timeline shared by CyversAlerts indicated that the scammer invested significant preparation into this operation. They sent multiple small transactions from various similar-looking addresses to poison the victim's transaction history. This tactic aimed to deceive the victim into believing the fake address was legitimate when they copied it from their past transactions.
Unfortunately, once confirmed on-chain, funds lost to such scams are rarely recoverable. These attacks prey on human error and common "copy-paste" habits.
Previous Large Losses from Address Poisoning Scams
Address poisoning scams have contributed significantly to substantial crypto losses in the past year, with millions of dollars lost to such schemes. One of the most significant known losses occurred in December.
In that incident, an experienced trader fell victim to a similar scam, losing a staggering $50 million in a single transaction. The trader had copied a fraudulent wallet address from their transaction history, which closely mimicked their intended destination, matching the first three and last four characters.
The victim transferred 49,999,950 USDT to the attacker-controlled address. The scammer quickly converted the stolen funds to ETH and distributed them across multiple wallets. Subsequently, a portion of these funds was laundered through the Tornado Cash mixer.
Reports indicated that the victim's wallet had been active for approximately two years and was primarily used for USDT transfers. The stolen funds were withdrawn from Binance shortly before the fraudulent transfer took place.
Similar to the recent $500K loss, the victim in the December incident also sent a test transaction, which successfully reached the correct address. This may have led them to not double-check when they pasted the address again from their transaction history to send the bulk of the funds.
This event was one of the largest on-chain scam losses recorded in recent times. Following the incident, the victim posted an on-chain message demanding the return of 98% of the stolen funds within 48 hours. They also threatened to involve law enforcement and legal entities, even offering the attacker a $1 million white hat bounty if the funds were returned in full.
The message stated: "This is your final opportunity to resolve this matter peacefully. If you fail to comply: we will escalate the matter through legal international law enforcement channels."
As of the time of reporting, there has been no response from the scammer, and there is no indication that the funds have been recovered. The trail of the stolen funds likely went cold after being laundered via Tornado Cash, making recovery highly unlikely.