Scammer swipes nearly $50 million from user in painful crypto poisoning attack

Someone lost close to $50 million in USDT tokens after sending the crypto to the wrong address in a so-called poisoning attack.

Blockchain sleuths flagged the painfully expensive error on Friday, claiming that the $49,999,950 loss may be one of the biggest on-chain scams ever.

A poisoning attack is when a hacker creates a wallet address that closely matches the sender’s, leading the victim to transfer funds to the wrong destination.

In this case, the user mistakenly copied and pasted the scammer’s address, which looked like their own.

Crypto security firm SlowMist posted details of the poisoning attack on X and revealed that the scammer —or scammers — quickly swapped the stablecoins for other cryptocurrencies within 30 minutes after receiving them.

30 mins after receiving 50M $USDT, the scammer took action:
• Swapped 50M $USDT to $DAI via MetaMask Swap
• Swapped all $DAI to 16,690 $ETH
• Deposited 16,680 $ETH into Tornado Cash

The scammer addresses:
0xbaff2f13638c04b10f8119760b2d2ae86b08f8b5… https://t.co/ySGWtg3VIB pic.twitter.com/3BsWndrrJC

— SlowMist (@SlowMist_Team) December 20, 2025

SlowMist said that blockchain data showed that the USDT was turned into DAI before being swapped for Ethereum. The Ethereum was then laundered via Tornado Cash — a coin mixing platform that works to obfuscate digital money movements.

Blockchain sleuth Specter Analyst wrote on X that poisoning attacks as big as this one should be rare.

“What leaves me speechless is the type of attack that caused the loss,” he wrote. “Address poisoning should be one of the least likely causes of such a massive loss, yet it still happened.”

Hackers this year have stolen more crypto than ever before with cyber criminals — particularly ones from North Korea — developing more sophisticated scams.

Blockchain surveillance firm Chainalysis this week reported a 51% increase in the amount of digital assets stolen by North Korean hackers in 2025, pushing state-sponsored crooks’ proceeds from crypto theft to $6.7 billion since they began targeting the industry in 2016.

The biggest hack in the history of crypto took place in February, when hackers — again believed to be from North Korea — stole over $1.5 billion in Ethereum and Ethereum-related tokens from ByBit digital asset exchange.