Overview
- Investigators say a 50 USDT test transfer was followed by a dust transaction that planted a lookalike address in the victim’s history, leading to a 49,999,950 USDT copy‑paste error 12 minutes later.
- On‑chain data shows the thief rapidly swapped USDT to DAI and then to roughly 16,690 ETH, routing large portions into Tornado Cash within about 30 minutes, sharply reducing recovery prospects.
- An on‑chain message from the victim offers a $1 million white‑hat payment if 98% of assets are returned within 48 hours and warns of escalation to international law enforcement if ignored.
- Security firms including Web3 Antivirus, SlowMist, and Lookonchain are tracking the wallets involved, noting the spoofed address matched the first three and last four characters of the intended recipient.
- Records indicate the funds were withdrawn from Binance shortly before the theft, and experts say the case reflects a broader shift toward human‑factor scams and the need for address books, full address verification, and whitelisting for high‑value transfers.