A Crypto User's $50 Million Loss: The Shocking Story of Address Poisoning
In a recent incident, a crypto user fell victim to a cunning scam known as 'address poisoning', resulting in a staggering loss of $50 million in USDT. The victim, determined to retrieve their funds, has offered a $1 million bounty and issued a legal threat to the perpetrator.
The scam unfolded as follows: The victim, in an attempt to confirm a transaction, sent a small test transaction of $50 to the intended recipient's address. Unbeknownst to them, a scammer had created a wallet address that closely resembled the real one, matching the first and last characters. Most wallets, in an effort to save space, display only the prefix and suffix of addresses, making it easier for the scammer to mimic the real address.
The scammer's strategy involved sending a minuscule 'dust' amount to the victim's transaction history. Believing the address was correct, the victim copied and pasted the address, inadvertently sending $49,999,950 USDT to the scammer's wallet. These small dust transactions are a common tactic used by scammers to exploit users' reliance on copy-pasting from transaction history.
The stolen funds were swiftly exchanged for Ethereum (ETH) and moved across multiple wallets. Several addresses were later linked to Tornado Cash, a sanctioned crypto mixer, in an attempt to obscure the transaction trail. In response to this incident, the victim published an on-chain message demanding the return of 98% of the stolen funds within 48 hours. The message, backed by legal threats, offered a $1 million white-hat bounty if the attacker returned the full amount.
The victim's message was a stark warning: non-compliance would trigger legal action and criminal charges. The victim emphasized the final opportunity for a peaceful resolution, threatening to escalate the matter through international law enforcement channels if the attacker failed to cooperate.
Address poisoning exploits user habits rather than vulnerabilities in code or cryptography. It takes advantage of the common practice of partial address matching and the tendency to copy-paste from transaction history. This incident highlights the importance of user vigilance and the need for improved security measures in the crypto space.
This article, partially generated with AI assistance, aims to inform and educate readers about the risks associated with address poisoning. For further insights, visit CoinDesk's AI Policy page.
