Trader Duped by Address Poisoning Scam Twice, Resulting in $2.5M USDT Loss

A cryptocurrency trader experienced a loss exceeding $2.5 million in Tether (USDT) after being tricked by the same scam on two separate occasions within a few hours.

On May 26, a blockchain security company named Scam Sniffer disclosed that the initial incident occurred when the trader mistakenly copied an altered wallet address from their transaction history, resulting in a transfer of $843,000 to the fraudulent address.

Not long after, the trader made the same error again, inadvertently sending an additional $1.7 million to the same scam address.

This particular scam technique, identified as address poisoning or history poisoning, involves fraudsters sending small transactions from wallet addresses that resemble genuine ones. These fraudulent transfers are designed to show up in the victim’s transaction history.

When users later try to copy a recipient’s address from their transaction history, they may unknowingly select the counterfeit address and send funds to the scammer.

Such tactics are becoming more prevalent as attackers increasingly exploit low-effort techniques that capitalize on user mistakes and habitual interactions with interfaces.

Cybercriminals have been refining their approaches to more directly target users. SlowMist, a blockchain security firm, pointed out a rise in SMS phishing schemes.

In these scams, criminals typically send messages masquerading as representatives from cryptocurrency exchanges like Coinbase, falsely alleging issues related to withdrawals or security breaches.

Victims are then directed to call a support number included in the message, leading them to connect with a fake agent who guides them to a phishing site. On this site, users are prompted to enter their recovery or mnemonic phrase, granting hackers complete access to their cryptocurrency wallets.

Blockchain analyst ZachXBT noted that these social engineering strategies have already resulted in losses exceeding $300 million for Coinbase users.

In light of this, SlowMist strongly recommends that cryptocurrency users refrain from sharing their recovery phrases, dismiss unsolicited texts or calls, and authenticate all communications through official websites or applications.