Hacker Returns Fraction of $68M Stolen Bitcoin in 'Good Faith', Opens Negotiation
Summary:
An alleged hacker, accused of tricking a user into sending them $68 million in Wrapped Bitcoin, has returned a small portion of stolen funds worth $153,000 in Ether. The hacker agreed to negotiate with the victim, asked for their Telegram username for further communication, and hinted at the potential return of more stolen funds. The dialogue was initiated after a so-called "address poisoning attack," where the hacker managed to trick the victim into transferring a significant sum of money into the hacker's account.
A hacker who deceitfully persuaded a user into forwarding a sum valued at $68 million in Wrapped Bitcoin (WBTC) has returned a fraction of the amount, a modest $153,000 Ether (ETH) back to the deceived party, seemingly in a goodwill gesture. In the same multisig process, the rogue operator shared a message expressing openness to dialogue and seeking the victim's Telegram contact details for further communication. The returned amount merely represents 0.225% of the total funds reportedly pilfered.
Blockchain records indicate that on May 5, the unsuspecting victim with a wallet ending with 8fD5, sent three communiques to another address, ending in dA6D. The receiver had previously accepted funds from the same dubious account, named “FakePhishing327990” on Etherscan, via multiple intermediary accounts, suggesting that dA6D was under the hacker's control. Messages from the victim implied a 10% finder's fee and a promise to abstain from legal proceedings should the perpetrator return the remaining 90%.
The defrauded party argued: “The funds you've obtained cannot be laundered. You will be traced. Let's not pretend your 'sleep well' remark was about your conscience. Nonetheless, we accept your claim to the 10%. Return the 90%. You have until 10 am UTC, May 6, 2024, 24 hours to decide.”
At 11:37 am UTC on May 9, a different account, ending in 72F1, returned 51 Ether (ETH) amounting to $153,000 at the current rate, to the victim. This address had also received funds from FakePhishing327990 through other intermediary accounts, underscoring the hacker's control. Within the 51 ETH transaction, an appeal for contact was included, reading “PleaseleaveyourtelegramandIwillcontactyou.” They subsequently corrected their punctuation, saying, “Please leave your telegram and I will contact you[.]”
This dialogue between the victim and attacker ensued after the victim was fooled into transferring 1,155 WBTC (valued at $68 million then) to the hacker's wallet, a result of an “address poisoning” act.
Blockchain details reveal that the attacker had employed a smart contract to move 0.05 of a nameless token from the victim's account to the hacker's account at 09:17 am on May 3. Usually, an attacker can't move a token from a user's account without their approval, but this specific token had a custom trait that let it be moved without the user's knowledge.
Then at 10:31 am, the victim accidentally forwarded 1,155 WBTC to the same address. The victim probably deemed the address safe due to its similarity to an address they've interacted with before.
In reality, the infamous 0.05 tokens were moved by the attacker, indirectly appearing to originate from the victim. This deceptive technique labelled an “address poisoning attack” by cybersecurity experts, involves obscuring the real source of transactions leading to costly mistakes. They advise users to thoroughly cross-check the sending address before finalizing to avoid falling prey to such attacks.
Related: Tips to dodge zero-value transfer address poisoning attacks.
Published At
5/9/2024 9:20:00 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.