Stay connected with BizTech Community—follow us on Instagram and Facebook for the latest news and reviews delivered straight to you.
On December 20, 2025, an unknown trader lost around $50 million in USDT in one of the worst single-victim crypto thefts of the year. The trader was the victim of a complex address poisoning attack.
Lookonchain, an on-chain analytics company, brought attention to the issue, which shows how phishing methods are still a threat in blockchain transactions, even for experienced users. The scammer used the fact that wallet addresses and transaction histories seem identical to trick the victim into sending a huge amount of money to the scammer’s own wallet. The money was quickly converted to DAI and laundered through Tornado Cash, making it less likely that it will be found. This shows how important it is to improve wallet security in a market where $2.1 billion has already been lost to breaches this year. This episode, which happened while Bitcoin was trying to reach $120,000, is a clear example of how human mistake is still the weakest link in crypto security.
The Attack Begins
The victim, whose wallet address is 0xcB80, started the transfer after taking money out of Binance. At 03:06 UTC, they sent a test transaction of 50 USDT to the address they wanted (0xbaf4b1aF…B6495F8b5) as part of best practices. At 03:32 UTC, just 26 minutes later, the major transfer of 49,999,950 USDT took place, but it went to an address that the attacker had made up.
To poison an address, you need to make “vanity” wallets that match the beginning and last characters of the target’s address. You can hide the discrepancies in the middle with ellipsis displays that are popular in wallet interfaces. The fraudster had already transmitted modest amounts of money from this phony address to the victim, “poisoning” the transaction history so that it seemed real when copied from recent activity.
The alert from Lookonchain caught the sequence: The test went to the right address, but the rest got lost. SlowMist said that after 30 minutes, the burglar used MetaMask Swap to change the USDT to DAI, which got over Tether’s blacklist feature. Then, they changed it to 16,690 ETH and put 16,680 ETH into Tornado Cash to hide it. This quick washing made it less likely that the money would be found, since Tornado Cash’s mixing pools make it harder to trace.
The $50 million stolen is one of the biggest losses of 2025, along with the $71 million wrapped Bitcoin theft in May (partially recovered through talks).
The Victim’s Attempts to Get Better
The victim sent out an on-chain post promising a $1 million whitehat bounty for a 98% return in an effort to get their money back. They said, “We have officially reported this criminal case.” We have gotten a lot of useful information regarding what you do with the help of law enforcement, cybersecurity agencies, and blockchain protocols.
This is similar to what happened in 2024, when exchanges froze assets after a theft. However, Tornado Cash’s involvement makes things more complicated because mixed funds are almost impossible to trace. The U.S. government allowed Tornado Cash to continue operating in 2022. Companies that do blockchain forensics, like Chainalysis, are probably helping, but since ETH is spread out across mixers, full restoration seems doubtful.
Why Address Poisoning Keeps Happening?
This assault is a good example of zero-transfer. the growth of phishing: No need for malware; just use history pollution to trick them. Scammers utilize bots to make matching addresses (tools like VanityGen make thousands of them every hour) and send little transactions to prime victims. Wallet UIs that cut off addresses (like 0xbaf4…5F8b5) make it more likely that verification will fail.
According to Chainalysis, there have been 40% more of these scams in 2025, costing $500 million in losses as DeFi TVL reaches $150 billion. High-profile incidents, like Vitalik Buterin’s warning after a $70 million loss in 2023, show that even specialists can be vulnerable. There are methods to help, like hardware wallet confirmations or whitelisting an address book, but not many people use them yet.
For the market, these kinds of things hurt people’s feelings: After the news, Bitcoin dropped 1% to $118,000 as fear of contagion spread. But resilience wins out: ETF inflows are $1 billion a week, thanks to protections for institutions.
More General Lessons For People Who Use Crypto
This $50 million loss is a good reminder of old advice: Always check entire addresses by hand, use bookmarks, and turn on hardware confirmation for big transfers. Tools like Revoke or Etherscan’s address labeling.Checks for cash add layers of permission. Multi-signature and whitelisting are standard for businesses, and retail consumers should do the same.
As the crypto market grows (with a $4 trillion market valuation and $46 trillion in stablecoin volumes), scams change, but education fights them. Exchanges like Binance now highlight histories that look suspicious, but users still need to be very careful.
Final Thoughts
The $50 million address poisoning heist on December 20, 2025, which was quickly laundered using Tornado Cash, shows that crypto is still a dangerous place for phishing, losing one trader a lot of money despite test transactions. As recovery efforts slow down, it shows how important verification is in a system where trust is not possible. For the market, it’s only a blip in Bitcoin’s $118,000 stability, but it’s a wake-up call: security isn’t a choice. Traders, verify addresses again—$50 million mistakes can’t be fixed.
