4 Minutes
Massive $50M loss from an address poisoning scam
A cryptocurrency user mistakenly transferred nearly $50 million in stablecoins to a poisoned wallet address after copying a fraudulent address from their transaction history, according to blockchain security firm Web3 Antivirus. The incident — one of the largest on-chain losses reported this year — highlights how non-technical attack vectors such as address manipulation continue to inflict severe losses on crypto holders.
What happened
The victim first sent a small test transaction to the intended recipient. Minutes later, after withdrawing funds from Binance, the user copied an address from their transaction history and pasted it for a second transfer — only to send 49,999,950 units of a stablecoin to a near-identical but malicious address. Web3 Antivirus documented the sequence and flagged the case as a textbook example of an address poisoning scheme.
Understanding address poisoning
Address poisoning is a social-engineering technique that plants look-alike wallet addresses into a user’s transaction history or clipboard. Because cryptocurrency addresses are long and complex, many users rely on copy-and-paste. Attackers exploit this behavior by inserting nearly identical addresses that differ by only a few characters, redirecting funds without exploiting smart contract bugs or protocol vulnerabilities.
Security teams emphasize that these scams target human behavior rather than blockchain code. The malicious addresses may appear in browser extensions, clipboard managers, or even on centralized exchange withdrawal history screens if a user’s device or session is compromised.
Why withdrawals from exchanges matter
In the reported case, funds had been withdrawn from Binance shortly before the poisoned transfer occurred. Large withdrawals and multiple rapid transfers increase risk because users may attempt quick repeat transactions and are more likely to reuse copy-and-paste operations, giving attackers a narrow window to exploit.
Policy response: the SAFE Crypto Act
The rising tally of crypto fraud and on-chain thefts in 2025 has pushed U.S. lawmakers to act. Senators Elissa Slotkin and Jerry Moran introduced the bipartisan SAFE Crypto Act — the Strengthening Agency Frameworks for Enforcement of Cryptocurrency Act — which would form a federal task force to improve coordination among government agencies, law enforcement and private-sector specialists.
The proposed task force would analyze fraud trends across the ecosystem — from Ponzi schemes and rug pulls to money laundering and financial grooming. It invites participation from digital asset service providers, stablecoin issuers, custodians, blockchain intelligence firms, consumer protection groups, and victim advocates.
Practical security recommendations
Industry experts recommend several mitigations to lower the risk of address poisoning and other scams:
- Always verify addresses using multiple independent sources before large transfers.
- Send a small test transaction and confirm receipt, then wait additional confirmations before proceeding with large transfers.
- Use hardware wallets and multi-signature custody for significant holdings.
- Employ on-chain monitoring and address watchlists to detect suspicious or newly created look-alike addresses.
- Keep browsers, operating systems, and wallet software up to date, and avoid pasting addresses from unverified sources.
As blockchain adoption grows, non-technical exploits like address poisoning will remain a persistent threat. Combining stronger user practices with regulatory coordination and improved industry tooling will be essential to reduce large-scale losses and restore confidence in crypto payments and stablecoin usage.
Source: crypto
Leave a Comment