SlowMist and Web3 Antivirus report the theft occurred within an hour, underscoring the speed and sophistication of address poisoning scams in the crypto sector.
A cryptocurrency trader lost $49,999,950 USDT on December 20, 2025, in an address poisoning scam tracked by SlowMist and Web3 Antivirus. The attacker created a fraudulent wallet address mimicking the first and last characters of the intended recipient's address, then sent a tiny 'dust' amount to the victim’s transaction history. The victim copied the lookalike from history after initially testing with $50 USDT. The theft occurred in less than one hour, with stolen funds swiftly converted to ether, dispersed across multiple wallets, and partially sent through Tornado Cash to mask trails. An onchain ultimatum from the victim demanded 98% of funds be returned within 48 hours in exchange for a $1 million bounty, threatening legal action if ignored.