How to lose $50M in under an hour. This is one of the largest on-chain scam losses we’ve seen recently. A single victim lost $50M in $USDT to an address poisoning scam. The funds had arrived less than 1h earlier. The user first sent a small test tx to the correct address. Mins

Poison attacks work quietly in small incoming transfers from lookalike addresses. The loss happens later, when the user copies the wrong address from the tx history. That’s why platforms need to surface address poisoning risk before a transfer is signed. This is exactly the gap

Victim 0x0d0793971E3a21bddf504dc7C5D10bb4F3d3a2d8

Not every scam makes headlines, but every loss hurts. Another address-poisoning case just cost a user $81K in $USDC. A familiar address in the history led to a quick copy-paste and the loss of funds followed. Double-check recipients, use an address book and let pre-sign checks

A small side note: almost all of the victim’s past activity consists of $USDT transfers between exchanges, mainly withdrawing from Binance and depositing to Coinhako and Kraken. The victim consistently used test transfers before large sends, even during routine withdrawals.

Update on the $50M address poisoning case. The victim has sent an on-chain message to the attacker, stating that a criminal case has been filed and requesting the return of 98% of the funds within 48h to halt further legal action.

https://t.co/WVwg8EGEgf

After the $50M address poisoning loss we tracked, it’s clear these attacks rely on normal user flows rather than exploits. The victim completed a test transfer, then copied an address from transaction history and sent the main transfer to a poisoned lookalike. For wallets and

A user lost $50M in USDT in an address poisoning incident, according to @web3_antivirus. The victim sent a small test transfer to the correct address, then sent the main transfer to a lookalike address copied from transaction history. [Brought to you by @web3_antivirus]

Here is another @web3_antivirus Advent exercise. Look at this token transfer history, it’s just a list of incoming and outgoing transfers. What is the first pattern here that should make you stop and take a closer look?

In the past 24h, Scam Pulse tracked over $50M in losses across 1.6M+ txs, including the massive address poisoning loss we tracked yesterday. This is what scam activity looks like at scale. Live view of what’s happening now 👇 https://t.co/sp3pwkPqwP

More than $3.4B has already been stolen in 2025, and over $2B of that is linked to North Korea–backed actors. What stands out is where the risk is shifting. A growing share of losses is now coming from personal wallet compromises, not just exchange or service breaches. The

The wallet has been active on-chain for around 2 years and was mainly used for $USDT transfers. The $50M was withdrawn from @Binance shortly before the poisoned transfer took place. The stolen USDT is still sitting at the destination address for now, though it will likely be

Victim 0xcb80784ef74c98a89b6ab8d96ebe890859600819

On-chain data also indicates the attacker may still control a second multisig tied to an Aave position, where roughly $25M in $ETH collateral backs around $12.3M in $DAI borrowed. This is a reminder that multisig security is only as strong as its operational key protection, and

A major multisig incident was reported after one of the signing keys was compromised, leading to $27.3M in losses. Around 4,100 $ETH worth roughly $12.6M has already been routed through Tornado Cash, while about $2M remains in liquid assets on the attacker’s addresses.

@MetaMask victim tx

. @MetaMask Swaps allowed a scammer to convert stolen assets into DAI. Address poisoning cost 2.38 WBTC (~$202,806); once the funds hit the attacker’s MetaMask wallet, they were swapped to DAI. DEXes need real‑time KYT, not post‑mortems. Check the full address. Don’t rush.

Here’s another short @web3_antivirus Advent exercise. You receive this message claiming you are eligible for an airdrop. It looks familiar and comes from a known community. Before clicking anything, what is the very first thing you would check?

A new Android malware campaign dubbed DocSwap is spreading via QR code phishing, posing as delivery and tracking apps. Once installed, the malware scans the device for crypto wallet data and grants attackers remote access. The campaign has been linked to the Kimsuky threat