A crypto investor has lost $50 million USDT, becoming the latest casualty after sending funds to a poisoned address by mistake. SlowMist, a blockchain security firm, revealed that, within 30 minutes of receiving the $50 million USDT, the attacker converted the whole sum into DAI via MetaMask Swap.
The blockchain security firm stated that the hacker converted the entire sum into 16,690 ETH and channeled 16,680 ETH through Tornado Cash to conceal the transaction trail. Etherscan on-chain data revealed that the transaction timestamps show that the attack happened within minutes.
Crypto investor loses $50M as hackers ramp up attack on Web3 wallets
Initially, on-chain data revealed that the user submitted a small test transaction of 0.005 USDT to the correct address. A few minutes later, the victim transferred $50 million to a poisoned address, 0xBaFF2F13638C04B10F8119760B2D2aE86b08f8b5, which was copied from the transaction history. Etherscan revealed that the test transaction occurred at 06:20:35, while the massive transfer occurred at 06:32:59.
The wallet has been active for almost two years of on-chain activity. The victim mostly used the wallet for USDT transactions. Web3 Antivirus revealed that the $50 million was withdrawn from Binance just before the tainted transfer. For the time being, the stolen USDT remains at the target address.
The attack comes after the recent attack on the 0G Foundation. The 0G Foundation reported on December 13 that the incentive contract was violated due to a targeted attack that occurred on December 11. The firm stated that the attacker stole 520,010 0G tokens, 9.93 ETH, and USDT worth approximately $4,200 by exploiting the emergency withdrawal provision of the 0G reward contract, which is used to distribute alliance benefits.
Similar to the recent attack, the firm mentioned that the tokens were then bridged and distributed through Tornado Cash. The 0G Foundation explained that the attacker moved laterally via internal IP addresses due to a serious Next.js vulnerability (CVE-2025-66478) that was exploited on December 5. The report stated that the breach affected services such as calibration, validator nodes, Gravity NFT services, node sales services, computing, Aiverse, Perpdex, Ascend, etc.
However, according to the report, the attack did not affect the core chain infrastructure or user funds. However, according to the report, the attack did not affect the core chain infrastructure or user funds. The report revealed that Foundation immediately took action by shutting down and rebuilding the impacted services, as well as revoking and rotating all compromised keys. In addition, the company purchased and implemented an enhanced AliCloud Firewall + Security Suite and addressed critical dependencies, including Next.js.
The post Crypto investor loses $50M to USDT scam first appeared on Coinfea.
