**How a Single Copy-Paste Mistake Cost a User $50M in USDt**

A devastating loss of nearly $50 million in USDt has highlighted the dangers of address spoofing, a type of attack that can trick even experienced users into sending funds to the wrong wallet.

The victim, who had been using their wallet for roughly two years and primarily transferring USDt, fell prey to a classic case of address poisoning. According to onchain investigator Web3 Antivirus, the user lost 49,999,950 USDt after copying a malicious wallet address from their transaction history.

Address poisoning scams rely on inserting look-alike wallet addresses into a victim's transaction history via small transfers. When victims later copy an address from their transaction history, they may unknowingly select the scammer's lookalike address instead of the intended recipient.

In this particular case, the victim initially sent a small test transaction to the correct address, but minutes later, the full $50 million transfer was sent to the poisoned address. The similarity between the addresses was subtle, but enough to deceive even experienced users, as noted by security researcher Cos, founder of SlowMist.

“You can see the first 3 characters and last 4 characters are the same,” Cos wrote in a statement. “This is the brutal reality of address poisoning, an attack that doesn't rely on breaking systems, but on exploiting human habits.”

The attacker has since swapped the stolen USDt for Ether (ETH), splitting it into multiple wallets, and partially moved it into Tornado Cash.

**The Consequences of Address Spoofing**

Address spoofing attacks are becoming increasingly common in the cryptocurrency space. In fact, crypto-related hacks resulted in $3.4 billion in losses in 2025, marking the highest annual total since 2022. The surge was largely driven by a handful of massive breaches targeting major crypto entities rather than a broad rise in average attack size.

Just three incidents accounted for 69% of total losses this year, led by the $1.4 billion hack of crypto exchange Bybit, which alone made up nearly half of all stolen funds.

**A Cautionary Tale**

The loss of $50 million in USDt serves as a stark reminder of the importance of diligence and caution when dealing with cryptocurrency transactions. Even experienced users can fall prey to address spoofing attacks, making it essential for individuals and organizations to take steps to protect themselves against these types of threats.

As the cryptocurrency space continues to evolve, it is crucial that users remain vigilant and aware of the potential risks involved in online transactions. By taking proactive measures to secure their assets, individuals can help prevent devastating losses like this one from occurring in the future.