Key Takeaways
- On May 8, the hacker started spreading the funds across over 400 crypto wallets, which eventually ended up in over 150 separate wallets
- The scammer began returning the stolen funds on May 9 and completed it on May 11
In a surprising turn of events, a hacker who stole $71 million worth of wrapped bitcoins (WBTC) via a dusting attack has returned the funds. As per leading blockchain security firm PeckShield,
As per reports, the WBTC scammer used over 400 wallets to distribute the funds to around 150 addresses. Notably, they had swapped the loot to approximately 23,000 ether (ETH) on May 3, the day of the attack.
On May 8, the hacker started spreading the funds across over 400 crypto wallets, which eventually ended up in more than 150 separate wallets, before returning the assets. The scammer began returning the stolen funds on May 9 and completed the return on May 11.
According to an on-chain security expert SlowMistโs incident report, the WBTC scammer has been associated with other phishing attempts in the past.โUpon investigating this fee address, we observed that from April 19 to May 3, this address initiated over 20,000 small transactions, distributing small amounts of ETH to various addresses for phishing purposesโ, the report reads
Earlier this month, an investor sent WBTC to a bait wallet address, falling prey to a wallet-poisoning scam. This type of scam occurs when the attacker bombards the victim with a significant number of blockchain transactions. Following this, the scammer created a wallet address with similar alphanumeric characters as that of the victim and made a small transaction to the victimโs account.
Unfortunately, the victim validated the wallet address by matching the first and last few characters and transferred around 97% of their total assets to it. The scammer had moved 1,155 WBTC, worth $71 million, to his address.
The victim first reached out to the scammer on May 5, offering a 10% in return for the stolen funds. A few days following the attack, the hacker contacted the victim before sending over 51 ETH, equivalent to approximately $151,600, sparking doubts that the hacker might be up for negotiation.
Many crypto commentators are of the opinion that SlowMistโs incident report might have scared the hacker into discarding the bounty offer and returning the entirety of the assets
Address poisoning is a type of scam that has been gaining popularity recently. In this type of scam, the hacker tries to trick users into sending assets to a fraudulent address.
The attacker designs the fraudulent address to look similar to the correct one by generating a โvanity addressโ withย someย characters matching. In case victims accidentally copy the address without further verification, they may send their assets to the fraudulent address instead.