Match Systems uncovers WBTC address poisoner using ‘digital evidence’

The CEO of Match Systems, Andrey Kutin, revealed that the attacker responsible for draining $68 million worth of Wrapped Bitcoin (WBTC) was identified through digital evidence, including a device fingerprint. Kutin claimed that this evidence played a crucial role in negotiations, leading to the return of all the stolen funds. The attacker did not use regulated exchanges compliant with Know Your Customer and Anti-Money Laundering requirements, making it difficult to definitively prove their identity. However, investigators found secondary evidence that indicated the attacker’s lack of due diligence and negligence in handling the stolen funds. This bolstered their position in negotiations. The attack occurred on May 5 against an Ethereum account starting with “0x1e,” where the attacker created a fake transaction to confuse the victim. The victim mistakenly believed the attacker’s address was safe and willingly transferred $68 million worth of WBTC. However, on May 10, the attacker returned nearly all the funds, resulting in a near-full recovery. Match Systems claimed that their facilitated negotiations and assistance from Cryptex cryptocurrency exchange played a role in this outcome. Kutin revealed that the team posted a message to the Ethereum network, urging the hacker to refund the stolen funds, which led to a third party contacting them. The team traced some of the attacker’s transactions to IP addresses in Hong Kong and connected them to further digital evidence, including a device fingerprint. Kutin emphasized that such evidence is critical in catching cybercriminals today, as they rarely cash out through regulated exchanges and instead use laundering services. Rather than targeting these services, Match Systems focuses on finding thin threads of digital evidence to identify scammers. While the evidence was circumstantial, it proved that the individual did not exercise due diligence in determining the source of the funds. The team used this evidence in negotiations, leading to the return of all the funds. Despite the lack of prosecution, Kutin argued that the outcome was still preferable as the victim recovered their funds. Address poisoning attacks are a common problem in the blockchain space, and users are advised to inspect the sending address in every transaction to avoid falling victim to such attacks.