You must never directly copy the address from the most recent transaction for transfers...

Today we have another profound lesson: a whale/institution lost 50 million USDT due to a phishing attack involving a similar address...

1⃣10 hours ago, he withdrew 50 million USDT from Binance and then tested a transfer of 50 USDT to the address he planned to transfer to.

2⃣Here's the key point: the phisher generated a similar address with the first and last 3 characters being the same and transferred 0.005 USDT to him. When he made the official transfer, he must have copied the address directly from the most recent transaction record, and then all 50 million USDT was transferred to the phisher's generated similar address...

3⃣The phisher quickly converted the 50 million USDT into DAI (to prevent it from being frozen), and then bought a total of 16,624 ETH. Then all these ETH were washed away through Tornado.