Stolen cryptocurrency funds linked to a recent $71 million wallet impersonation scam are now on the move after six days of silence.
On May 3, an investor fell victim to a wallet poisoning scam by sending $71 million worth of Wrapped Bitcoin (WBTC) to a bait wallet address. The scammer created a wallet address with similar alphanumeric characters and made small transactions into the victim’s account.
Like most investors, the victim verified the wallet address by matching the first and last few characters and transferred 97% of total assets to the wallet address. However, the difference would have been noticeable in the middle characters, who are often hidden on platforms to improve visual appeal.
Hackers often convert stolen cryptocurrencies into Ether (ETH). This makes it easier to exfiltrate via privacy protocols like Tornado Cash. This hacker was no different. 1,155 WBTC was instantly converted to approximately 23,000 ETH and sat dormant in the scammer’s wallet for 6 days.
On May 8, blockchain research firm PeckShield discovered that some of the stolen funds were being laundered. The scammer began dividing the loot into several parts and sending them in parts to various cryptocurrency wallets.
The fraudsters used approximately 400 cryptocurrency wallets to dilute the stolen funds and reduce traceability. Ultimately, the funds in question ended up in more than 150 wallets. However, all of the stolen funds can be traced to an unknown fraudster as of this writing.
Cryptocurrency scammers and hackers have historically been most active during bull markets. Read Cointelegraph’s learner’s guide on how to keep your cryptocurrency safe.
Related: 4 tips to keep your cryptocurrency safe from hackers during this bull market
A new type of fraud allows malicious actors to drain users’ wallets without authorizing transactions.
The scam only works with tokens that comply with the ERC-2612 token standard, which allows for “gasless” transfers, or transfers through wallets that do not hold ETH.
However, to enable unauthorized transactions, users must be tricked into signing the message. Cointelegraph’s investigation found that the scam was organized by a Telegram group featuring a fake version of the Collab.Land Telegram verification system.
magazine: Meme Coin: A Betrayal of Cryptocurrency Ideals… Or its true purpose?