A crypto whale who fell victim to a sophisticated dusting attack, losing $71 million worth of wrapped bitcoins (WBTC), has recovered the stolen funds after the attacker unexpectedly returned the loot.
TLDR
- A crypto whale lost $71 million worth of wrapped bitcoins (WBTC) in a dusting attack on May 3, 2024, after mistakenly sending the funds to a malicious address placed in their transaction history.
- The scammer converted the stolen 1,155 WBTC to approximately 23,000 ether (ETH) and began spreading the funds across over 400 wallets, eventually distributing them to more than 150 addresses.
- On May 12, the attacker unexpectedly returned the stolen funds, worth around $66.8 million due to ETH’s decline in value compared to BTC.
- The return of the funds followed the publication of an analysis by on-chain security firm SlowMist, which tracked the attacker’s potential Hong Kong-based IPs, suggesting that the thief became wary of the consequences.
- The $71 million theft is part of a larger phishing campaign linked to the WBTC thief, who initiated over 20,000 small transactions distributing ETH to various addresses for phishing purposes between April 19 and May 3.
The incident, which took place on May 3, 2024, involved the victim mistakenly sending 1,155 WBTC to a malicious address that had been placed in their transaction history through a technique known as address poisoning or dusting attack.
#PeckShieldAlert The scammer who took ~$71 million worth of WBTC through a poisoning scam has returned the stolen $ETH to the victim (2,683.7 $ETH worth ~$8m) https://t.co/hnV9fC1ujm pic.twitter.com/Hr1JCs4PRh
— PeckShieldAlert (@PeckShieldAlert) May 10, 2024
The attack relied on creating a wallet address with similar starting and ending alphanumeric characters to the victim’s genuine wallet, making it difficult to detect the difference at first glance.
The victim, like most investors, validated the wallet address by matching the first and last few characters, unaware that the discrepancy lay in the middle characters, which are often hidden on platforms to enhance visual appeal.
After receiving the stolen funds, the attacker swiftly converted the 1,155 WBTC to approximately 23,000 ether (ETH), a common tactic employed by malicious hackers to launder stolen assets through privacy protocols and crypto mixing services like Tornado Cash.
The attacker then proceeded to distribute the funds across over 400 wallets, ultimately dispersing them to more than 150 addresses.
However, in an unexpected development on May 12, the attacker returned the stolen funds to the victim. Due to the decline in ETH’s value compared to BTC during the intervening period, the returned assets were worth around $66.8 million.
The return of the funds closely followed the publication of an analysis by on-chain security firm SlowMist, which had tracked the attacker’s potential Hong Kong-based IP addresses.
This suggests that the thief may have become apprehensive about the consequences of their actions as investigators closed in.
Further investigation revealed that the $71 million theft was just a small part of a more extensive phishing campaign linked to the WBTC thief.
A whale lost 1,155 $WBTC($71M) due to a phishing attack on May 3.
A week later, the attacker returned all the funds.
How did it happen?
What should we pay attention to?
1/????
A thread tells you the whole story. pic.twitter.com/4FVwO631Qo— Lookonchain (@lookonchain) May 12, 2024
According to a May 10 incident report by SlowMist, the attacker had initiated over 20,000 small transactions between April 19 and May 3, distributing small amounts of ETH to various addresses for phishing purposes.