The address poisoning attacker, who tricked users into sending him $68 million worth of wBTC at the time (1,155 wBTC), has received back almost all of his stolen funds, blockchain data shows. The funds were exchanged for Ether while in the attackers’ possession, and the price of ETH subsequently fell.
However, the attackers returned approximately 22,960 Ether (ETH) worth $65.7 million, or more than 96% of the US dollar value of the initially stolen funds.
At 8:47 AM UTC on May 10, several wallets began sending ETH to the account. The first transfer was 29.999 ETH ($87,199 at the ETH price at the time). The next day, more than 225 wallet transactions were made from various accounts to send ETH to the victim’s address. The value of each transaction ranged from 29 to 67 ETH.
By the end of the series of transactions, the balance in the wallet was over 29,000 ETH.
The transmission occurred after a series of messages were exchanged between the victim and the attacker. The victim initially agreed to let the attackers keep a 10% bounty of their funds. However, the attackers have returned more than 90% of the funds at the time of publication.
In a report from blockchain security platform Match Systems, seen by Cointelegraph, the platform claimed to have uncovered information that “strengthens” the victims’ negotiating position, suggesting security experts are making progress in identifying who the attackers are. .
According to the report, Match Systems “conducted a detailed analysis of the incident and identified several opportunities to strengthen its negotiating position for subsequent communications with the attackers.” As a result, “the hacker returned the entire stolen amount of 22,960 ETH to the victim.” According to the report, the victim currently has “no complaints against the perpetrator.”
Cointelegraph reached out to Match Systems to confirm the authenticity of the report, but did not receive a response by the time of publication.
Address poisoning attacks can cause significant losses to cryptocurrency users. Experts suggest that this can be prevented by carefully checking the receiving address before each transaction is sent.
Related: DEA Fooled: Agency Lost $55,000 in Address Poison Scam.