Here is How a Trader Lost $129M from Copy-paste Transaction History Address

An anonymous trader lost $129 million by copying an incorrect cryptocurrency address from their transaction history and pasting it. Notably, the recipient address ultimately returned the funds within an hour, Scam Sniffer reported.

The victim, intending to send funds to address TMStAjRQHDZ8b3dyXPjBv9CNR3ce6q1bu8, inadvertently copied the address THcTxQi3N8wQ13fwntF7a3M88BEi6q1bu8 from their transaction history without cross-checking.

However, the seemingly minor difference—a single character altered in a long alphanumeric string—resulted in the misdirection of a substantial sum, totaling $129 million. The consequences of such a mistake could have been devastating, potentially leading to irreversible financial ruin.

The rapid return of the funds by the recipient, though fortunate, does not diminish the gravity of the situation.  “While the swift action avoided a major financial catastrophe for the victim, it underscores the potential for exploitation inherent in the system. The recipient’s prompt restitution suggests a degree of conscientiousness, but there is no guarantee that such ethical behavior will always be observed,” an X user opined.

Trader Losses From Crypto Scam Decreases in October

In October 2024 alone, approximately 12,000 victims lost $20.2 million to crypto phishing scams marking a 56% decrease in stolen funds compared to September, however, the victim count increased by 20%.

The most significant single incident involved the loss of $5.87 million in fwDETH re-staking tokens, originally valued at $35 million. The substantial loss occurred on the Blast chain due to a malicious Permit signature exploit.

Furthermore, the limited liquidity within the system prevented further exploitation on this specific occasion, the incident resulted in a de-pegging of DETH’s price, underscoring the systemic vulnerabilities inherent in such re-staking mechanisms.

Beyond large-scale individual losses, October also saw a notable instance of a supply chain attack. A victim suffered a loss of approximately $723,000 after interacting with a compromised website. Additionally, the compromise was attributed to the Lottie Player supply chain attack, highlighting the growing sophistication and reach of malicious actors. Such attacks exploit vulnerabilities within widely used software components, broadening the attack surface and affecting a potentially vast number of unsuspecting users.

The cybersecurity threat landscape experienced a shift with the publicized closure of Inferno Drainer, a prolific phishing service responsible for widespread malicious activities. Despite this shutdown, the threat level has not diminished. Angel Drainer has effectively inherited Inferno Drainer’s infrastructure and operational methods, continuing the malicious campaigns.