The $71 Million WBTC Thief’s Surprising Return

In a fortunate turn of events, $71 million worth of stolen cryptocurrencies have been returned to the victim of a recent wallet poisoning scam. The unknown attacker returned the stolen Ether (ETH) tokens on May 12, after several blockchain investigation firms took notice of the high-profile phishing incident. Lookonchain, an on-chain security firm, provided details of the incident in a post on May 13. They revealed that the attacker’s IPs were possibly from Hong Kong and that the use of VPNs could not be ruled out. After the attacker was identified, they returned all the funds to the victim.

The attack took place on May 3 when an investor fell victim to a wallet poisoning scam and mistakenly sent $71 million worth of Wrapped Bitcoin (WBTC) to a bait wallet address. The scammer had created a wallet address with similar alphanumeric characters to deceive the victim. The victim, like many other investors, validated the wallet address by checking the first and last few characters and proceeded to transfer 97% of their funds to it. The difference in the middle characters would have been noticeable if inspected closely.

Despite returning the stolen funds, the on-chain transactions leading up to the event suggest that the attacker’s initial intention was not to return the funds. After receiving the stolen funds, the attacker quickly converted them into approximately 23,000 ETH. This conversion is a common move by malicious hackers to launder stolen funds using privacy protocols and crypto mixing services like Tornado Cash. Subsequently, the attacker began dispersing the funds into more than 400 crypto wallets, eventually distributing them across over 150 separate wallets.

The return of the funds occurred shortly after SlowMist, an on-chain security firm, published an analysis on the attacker’s potential IPs based in Hong Kong. This analysis suggested that the thief may have become scared of the potential consequences and decided to return the stolen assets. It should be noted that this does not necessarily make the attacker a white hat hacker or a good Samaritan, as their actions leading up to the return indicate a different intention.

The $71 million theft is just a small part of the phishing attempts associated with the WBTC scam. According to SlowMist’s incident report on May 10, the address used in the scam had initiated over 20,000 small transactions from April 19 to May 3, distributing small amounts of ETH to various addresses for phishing purposes. It is clear that this scammer had been actively targeting unsuspecting investors and conducting fraudulent transactions.

Interestingly, the amount of crypto stolen from hacks and scams decreased to $25.7 million in April, the lowest figure recorded since 2021. This decline in theft can be attributed to the efforts of on-chain intelligence firm CertiK, which has been actively tracking and analyzing such data. While this decrease is a positive development, it is important for investors to remain vigilant and take extra precautions to protect their digital assets from scams and hacks.

Sarette Prout

Sarette Prout

12 thoughts on “The $71 Million WBTC Thief’s Surprising Return

  1. It’s unfortunate that the victim fell for the wallet poisoning scam in the first place. Sending $71 million worth of Wrapped Bitcoin to the wrong wallet address is a costly mistake. The scammer really took advantage of the victim’s vulnerability.

  2. Even though the stolen funds were returned, it’s important to remember that the victim went through a traumatic experience. Being a victim of a scam can have long-lasting effects. We should empathize with them and work towards preventing such incidents in the future.

  3. It’s alarming to see how easily the victim fell for the scam. Checking just the first and last few characters of a wallet address is not enough validation. We should all learn from this incident and be more careful with our transactions.

  4. The attacker’s quick conversion of the stolen funds using privacy protocols and crypto mixing services raises suspicions. They clearly had a plan to launder the money before returning it. It’s a reminder that we need stronger measures against money laundering in the crypto space.

  5. This is a reminder that scams and hacks are still a threat. We must remain cautious and stay informed to avoid falling victim to such incidents.

  6. It’s disappointing to see that the attacker’s actions leading up to the return indicate a different intention. Returning the stolen assets doesn’t make them a hero. They shouldn’t be praised for their initial wrongdoing. Let’s not forget the harm they caused to the victim and others.

  7. Hong Kong IPs? It’s interesting how the attacker’s location was traced. VPNs really complicate things.

  8. It’s shocking to learn that over 20,000 small transactions were initiated by the scammer. They were persistent in their fraudulent activities. 😱🔍

  9. It’s unfortunate that scammers are still targeting unsuspecting investors, but we can fight back by staying informed and cautious.

  10. Wow, what a fortunate turn of events! It’s great to see that the stolen cryptocurrencies have been returned.

  11. This decrease in theft is definitely a positive development. It shows that we’re making progress in securing the crypto space.

  12. The attacker’s use of VPNs and their possible location in Hong Kong shows that they were trying to hide their identity. It’s disturbing to think that there are individuals out there actively targeting innocent investors. These scammers are ruining the reputation of the crypto industry.

Leave a Reply