Skip to content

Coin Star

Coin Star empowers your crypto journey with market forecasts, expert analysis, and the latest blockchain news.

Primary Menu
  • Home
  • Contact
  • About
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
  • Home
  • 2025
  • December
  • 20
  • Copy-Paste Error Leads to $50 Million in Address Poisoning Fraud Coinstar
  • Coinstar

Copy-Paste Error Leads to $50 Million in Address Poisoning Fraud Coinstar

Coinstar December 20, 2025 2 minutes read
Copy-Paste Error Leads to Million in Address Poisoning Fraud Coinstar

A single transaction error led to one of the biggest onchain losses seen this year, after a user mistakenly sent nearly $50 million in US dollars to a fraudulent address in a classic address poisoning attack.

According to the onchain researcher Web3 Antivirusthe victim lost 49,999,950 USDt (USDT) after copying the malicious wallet address from his transaction history.

Address poisoning scams rely on similar wallet addresses being injected into the victim’s transaction history via small transfers. When victims later copy an address from their transaction history, they may unknowingly choose an address similar to the fraudster’s instead of the intended recipient.

Onchain data shows that the victim initially sent a small test transaction to the correct address. A few minutes later, the entire $50 million transfer was sent to the poisoned address.

The user becomes a victim of the poisoning scam solution. Source: Web3 Antivirus

Related: Attacker downloads multisig minutes after creation, slowly spends up to 40 million dollars

The subtle similarity of the address is enough to fool experienced users

Security researcher Cos, founder of SlowMist, noted that the similarity between the addresses is subtle but enough to fool even experienced users. “You can see the first 3 characters and the last 4 characters are the same,” he wrote.

The victim’s wallet was active for approximately two years and was primarily used to transfer USDt, according to onchain analysis. Shortly before the loss, funds were withdrawn from Binance, suggesting that the wallet was actively managed at the time of the incident.

“This is the brutal reality of address poisoning, an attack that does not rely on breaking systems, but on exploiting human habits,” another onchain analyst wrote.

The attacker has since exchanged the stolen USDt for Ether (ETH), split it into multiple wallets and partially moved it to Tornado Cash.

Related: Binance denies reports of delayed action on funds linked to Upbit hack

Crypto Hacks to Reach $3.4 Billion in 2025

As Cointelegraph reported, crypto-related hacks resulted in $3.4 billion in losses in 2025, the highest annual total since 2022. The increase was mainly driven by a handful of massive breaches targeting major crypto entities rather than a broad increase in average attack size.