Digital Evidence Unmasks $68M Bitcoin Scammer, Leads to Recovery of Stolen Funds
Summary:
An address spoofing scammer who stole $68 million in Wrapped Bitcoin (WBTC) was revealed due to digital evidence such as device fingerprinting. Although the attacker evaded regulated exchanges, which made it hard for their identity to be conclusively proven, indirect evidence pointed to their negligence and responsibility, according to Match Systems CEO, Andrey Kutin. The majority of the stolen funds were eventually returned to their rightful owner on May 10, largely due to successful negotiation efforts facilitated by Match Systems and Cryptex, a cryptocurrency exchange.
Digital proofs, including a device fingerprint, led to the unveiling of an address spoofing perpetrator who siphoned off $68 million in Wrapped Bitcoin (WBTC), affirmed Andrey Kutin, CEO of Match Systems, on May 23. This digital information tipped the scales in favor of the victims during negotiations, consequently seeing the safe return of all the stolen funds, he added.
Kutin shared that the assailant bypassed regulated exchanges adhering to Know Your Customer and Anti-Money Laundering rules, which made it hard for investigators to pinpoint their identity. But secondary or indirect evidence indicated negligence or lack of proper measure on the part of the suspect, fortifying the victim's position in the discussions.
An Ethereum account starting with "0x1e" was the target of the $68 million address spoofing assault on May 5. The offender orchestrated a counterfeit transaction that seemed to direct the victim's token to their own account, which fooled the victim into assuming that the attacker's address was secure as they had supposedly sent money to that address voluntarily before. This resulted in the victim unknowingly sending $68 million in WBTC to the offender's address, leading to a 97% loss for the account.
Despite this, on May 10, the majority of the pilfered funds were returned to the victim by the perpetrator, leading to almost a complete recovery. Match Systems, a blockchain security platform, at the moment, credited this sudden change of tide to the negotiations it helped carry out between the two entities. It was additionally noted that these talks were facilitated further by Cryptex, a cryptocurrency exchange.
Emerging details regarding how the swindled funds were recovered were shared by Kutin during a discussion with Cointelegraph on May 23. He explained how their team initially became aware of the spoofing assault as several social media accounts stated that a cryptocurrency enthusiast had moved $68 million in WBTC to a fresh account. Recognizing it as an address spoofing tactic, the team opted to broadcast a message on the Ethereum network urging the victim to contact them if they hadn't received a refund from the hacker.
A third party, presumably acting as an intermediary for the unidentified victim, reached out to the researchers at Match Systems. Around this time, Cryptex also joined in to aid the negotiation process. The culprit managed to avoid leaving traces by evading regulated exchanges and cashing out through them. But the investigators could link the hacker's transactions to IP addresses in Hong Kong, which opened further avenues for exploration.
A May 8 post from blockchain security platform SlowMist stated that they had also located the IP addresses via their own intelligence network. They mentioned that these addresses seemed to be associated with mobile stations or cell towers, yet they couldn't eliminate the possibility of them being VPN servers.
Kutin stated that these IP locations, along with other digital evidences including a device fingerprint, were pivotal in identifying the culprit. He mentioned these methods as the lone means to corner cyber offenders in the current ambience where regulated exchanges are being eschewed in favor of specific money-laundering services.
As direct evidence was not available and only circumstantial proof showing that the device had been used to launder the pilfered funds could be found, it could not be directly linked to the actual attack. Although, this evidence still demonstrated that the suspect in question hadn't exercised due diligence in verifying the source of the acquired funds.
With this evidence in hand, the team tried to open a dialogue with the attacker, which eventually led to the return of all the funds. The attacker managed to evade punishment, a fact Kutin admitted was not an optimal outcome but still better than other possible scenarios, given that the victim got their money back. He stated that address spoofing is a common menace for blockchain users, and advised them to inspect the sending address during every transaction to evade similar attacks.
Published At
5/28/2024 9:00:00 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.