The user sent 49,999,950 USDT to a fraudulent address by mistakenly copying it from a compromised transaction history.
The malicious scheme is based on injecting addresses similar to legitimate ones from the victim's transaction list.
The investor initially sent a test transaction of 50 USDT to the correct wallet. A few minutes later, he transferred the main amount by copying data from the already compromised transfer of 0.005 USDT history. The similarity between the attacker’s and the recipient’s addresses was sufficient to mislead, as the first three and last four characters matched.
According to on-chain data, the victim's wallet had been actively used for the past two years primarily for transactions in the Tether stablecoin. Shortly before the loss, funds were withdrawn from Binance.
Subsequently, the attacker exchanged the stolen assets for Ethereum, split the funds among several wallets, and partially sent them to the crypto mixer Tornado Cash.#Write2Earn
