A crypto user has lost 1.25 million USDT after sending funds to a lookalike address set up by scammers. The attacker created a near-identical wallet address to one the victim had interacted with 99 days earlier, exploiting routine copy-and-paste habits.
The incident underscores a growing threat known as address poisoning—where scammers generate wallet addresses that closely resemble legitimate ones, often matching the first and last characters or using visually similar characters. Attackers rely on users verifying only a small portion of an address, or copying addresses from transaction history without re-confirming with the intended recipient.
What happened
- The victim transferred 1.25 million USDT to a spoofed address that mimicked a previously used counterparty.
- The genuine counterparty address was last used 99 days earlier, suggesting the attacker targeted a known contact to increase credibility.
Why address poisoning works
- Many users check only the first and last few characters of an address.
- Scammers seed transaction histories or mimic known counterparties to appear legitimate.
- Copy-paste workflows and hurried confirmations increase the risk of error.
How to protect your funds
- Verify the full address: Check multiple segments of the address, not just the first and last characters.
- Use trusted address books/allowlists: Save verified recipient addresses in your wallet or exchange and enable withdrawal whitelists where available.
- Send a small test transaction: Confirm receipt before sending large amounts.
- Confirm out-of-band: Verify the address with the recipient via a separate, trusted communication channel.
- Avoid copying from history: Always re-verify the address from an authoritative source instead of past transactions.
- Use hardware wallets: Review and confirm the full address on the device screen before approving.
- Check block explorers: When possible, confirm known labels or previous interactions for added confidence.
What to do if you are affected
- Act immediately: Contact your wallet provider and any exchange involved.
- File a report with law enforcement and provide transaction details.
- Engage blockchain analytics and consider notifying the token issuer; in limited cases, issuers have frozen tokens subject to legal and law-enforcement processes. Recovery is not guaranteed.
Conclusion This loss highlights the sophistication and persistence of address-poisoning scams targeting crypto users. Meticulous address verification, whitelisting, and test transactions are essential steps to protect large transfers of USDT and other digital assets.