A crypto whale narrowly avoided a $129 million loss after falling victim to a phishing scam on the TRON blockchain.
Blockchain security firm Scam Sniffer reported the incident on November 20, detailing how the stolen funds were unexpectedly returned within hours.
What happened?
According to the company, the scammer used a fake wallet address, “THc…bu8,” designed to closely resemble the intended recipient’s “TMS…bu8.” The fraudulent address imitated the original by matching its start and end characters.
Despite testing the waters with a 100 USDT test transaction, the victim was unable to spot the subtle differences and ultimately transferred $129 million to the wrong address.
Surprisingly, the fraudster returned 90% of the stolen funds, or 116.7 million USDT, within an hour of the incident and finally returned the remaining balance, or 12.96 million USDT, four hours later.
After the funds were returned, the victim quickly redirected the funds to their original destination, “TMS…bu8”, where they have remained ever since.
Growing threat of address poisoning attacks
Scam Sniffer identified this incident as a classic example of an address poisoning attack, a phishing tactic that is gaining traction in the industry.
This scam involves creating wallet addresses almost identical to those used by victims, differing by only one or two characters. Fraudsters then send small token amounts to victims, embedding the fake address in their transaction history to exploit copy-and-paste errors in future transfers.
CertiK, another blockchain security company, noted that this phishing tactic, along with wallet drainers, resulted in the loss of over $800 million in crypto assets this year.
For this reason, Yu Xian, founder of Web3 company Slowmist, warned crypto users about the risks of copying sensitive information. He advised clearing clipboard data after use to avoid falling prey to such scams. Xian emphasized that no connected device is completely secure, reinforcing the need for vigilance in protecting digital assets.
Observers said the case further highlights the growing sophistication of crypto-phishing scams and underscores the importance of double-checking wallet addresses before making transfers.
