In a fortunate and intriguing twist of events, the victim of a recent wallet poisoning scam has had $71 million worth of stolen cryptocurrencies returned to them. The unidentified attacker returned the stolen Ether (ETH) tokens on May 12, following the high-profile phishing incident that had caught the attention of various blockchain investigation firms. On May 13, Lookonchain, an on-chain security firm, provided a detailed account of the incident in a post.
The incident occurred on May 3 when an investor fell victim to a wallet poisoning scam and mistakenly sent $71 million worth of Wrapped Bitcoin (wBTC) to a bait wallet address. The scammer had created a wallet address that closely resembled the legitimate one, using similar alphanumeric characters, and made a small transaction to the victim’s account.
Like many investors, the victim verified the wallet address by matching the first and last few characters, and subsequently transferred 97% of their assets to it. However, the slight variation in the middle characters, which are often obscured on platforms for aesthetic purposes, would have been noticeable.
Interestingly, despite returning all the stolen funds, the on-chain transactions leading up to the event suggest that this was not the attacker’s original plan. Upon receiving the stolen funds, the attacker promptly converted 1,155 WBTC into approximately 23,000 ETH. This is a common tactic employed by malicious hackers to launder stolen funds through privacy protocols and crypto mixing services like Tornado Cash.
On May 8, the attacker began distributing the funds across more than 400 crypto wallets, eventually dispersing them into over 150 separate wallets, before ultimately returning the assets.
The return of the funds occurred shortly after on-chain security firm SlowMist published an analysis on the potential Hong Kong-based IP addresses linked to the attacker, speculating that the thief became frightened by the potential consequences.
According to a May 10 incident report by SlowMist, the $71 million theft is only a small portion of the phishing attempts associated with the WBTC theft. In April, the total amount of crypto stolen from hacks and scams decreased to $25.7 million, marking the lowest figure since 2021 when on-chain intelligence firm CertiK began monitoring the data.
In related news, Ether has recently become inflationary for the first time since the Merge, further highlighting the dynamic landscape of the cryptocurrency market.