Victim loses $50M USDT funneled through Tornado Cash

A crypto investor became a victim of a major $50 million USDT fraud after sending funds to a poisoned address by mistake. SlowMist, a blockchain security firm, revealed that, within 30 minutes of receiving the $50 million USDT, the attacker converted the whole sum into DAI via MetaMask Swap.

The blockchain security firm stated that the hacker converted the entire sum into 16,690 ETH and channeled 16,680 ETH through Tornado Cash to conceal the transaction trail. Etherscan on-chain data revealed that the transaction timestamps show that the attack happened within minutes. 

Web3 wallets targeted in high-value hacks

Initially, on-chain data revealed that the user submitted a small test transaction of 0.005 USDT to the correct address. A few minutes later, the victim transferred $50 million to a poisoned address, 0xBaFF2F13638C04B10F8119760B2D2aE86b08f8b5, which was copied from the transaction history. Etherscan revealed that the test transaction occurred at 06:20:35 and the massive transfer occurred at 06:32:59.

The wallet has been active for almost two years of on-chain activity. The victim mostly used the wallet for USDT transactions. Web3 Antivirus revealed that the $50 million was withdrawn from Binance just before the tainted transfer. For the time being, the stolen USDT remains at the target address.

The attack follows the recent attack on the 0G Foundation. The 0G Foundation reported on December 13 that the incentive contract was violated due to a targeted attack that occurred on December 11. The firm stated that the attacker stole 520,010 0G tokens, 9.93 ETH, and USDT worth approximately $4,200 by exploiting the emergency withdrawal provision of the 0G reward contract, which is used to distribute alliance benefits. 

Similar to the recent attack, the firm mentioned that the tokens were then bridged and distributed through Tornado Cash.

The 0G Foundation explained that the attacker moved laterally via internal IP addresses due to a serious Next.js vulnerability (CVE-2025-66478) that was exploited on December 5. The report stated that the breach affected services such as calibration, validator nodes, Gravity NFT services, node sales services, computing, Aiverse, Perpdex, Ascend, etc. 

However, according to the report, the attack did not affect the core chain infrastructure or user funds.

The report revealed that Foundation immediately took action by shutting down and rebuilding the impacted services, as well as revoking and rotating all compromised keys. Additionally, the company purchased and implemented an enhanced AliCloud Firewall + Security Suite and addressed critical dependencies, including Next.js.

On May 3, the Web3 anti-fraud platform Scam Sniffer announced that a whale had lost 1,155 WBTC, equivalent to approximately $70 million. According to Scam Sniffer, the $70 million loss happened as a result of a phishing attack using the same address with the same first and final digits.

On-chain data revealed that the funds were transferred from the victim’s address 0x1E227979f0b5BC691a70DEAed2e0F39a6F538FD5 to a phishing address 0xd9A1C3788D81257612E2581A6ea0aDa244853a91. Notably, the victim’s target transfer address was 0xd9A1b0B1e1aE382DbDc898Ea68012FfcB2853a91.

Analysis using the on-chain tracing tool MistTrack showed that the hacker swapped 1,155 WBTC for 22,955 ETH and moved them to ten different addresses.

Crypto thefts increase, most targeting personal wallets 

Blockchain analytics company Chainalysis said that cryptocurrency theft totaled more than $3.41 billion between January and early December 2025. According to the blockchain intelligence firm, the amount exceeds the $3.38 billion from the previous year.

Chainalysis claimed that $1.5 billion hack of the Bybit exchange accounted for approximately 44% of the annual total of crypto hacks. The blockchain intelligence firm argued that the top three attacks accounted for 69% of all service losses, demonstrating the growing seriousness of significant breaches.

According to Chainalysis, assaults against private keys on centralized cryptocurrency services and personal cryptocurrency wallets have significantly increased this year. The firm stated that personal wallet compromises have increased rapidly from just 7.3% of the total stolen value in 2022 to 44% in 2024.

The blockchain analytics firm claimed that at least 80,000 distinct victims were involved in 158,000 instances of personal wallet intrusions. The overall amount of money taken from people decreased to $713 million from $1.5 billion the year before.

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.