Blockchain data reveals that the individual responsible for an address-poisoning attack has returned almost all of the stolen funds. The attacker managed to trick a user into sending them 1,155 Wrapped Bitcoin (wBTC), which was valued at $68 million at the time. However, the attacker has since exchanged the funds for Ether (ETH), and with the declining price of ETH, they sent back approximately 22,960 ETH, which is worth $65.7 million. This represents over 96% of the initial value of the stolen funds.
The victim’s wallet now shows a balance of over 22,000 ETH. On May 10, at 8:47 am UTC, multiple wallets started sending ETH to the victim’s account. The first transfer amounted to 29.999 ETH, and over the course of the following day, more than 225 wallet transactions were made from various accounts to send ETH to the victim’s address. The transaction values ranged from 29 to 67 ETH. As a result, the victim’s wallet accumulated over 29,000 ETH.
The transfers occurred after a series of messages were exchanged between the victim and the attacker. Initially, the victim agreed to allow the attacker to keep 10% of the funds as a bounty. However, the attacker has returned more than 90% of the stolen funds at the time of this report.
According to a report from Match Systems, a platform involved in the investigation, they have obtained information that strengthens the victim’s negotiating position. This suggests that progress has been made in identifying the attacker. The report states, “The Match Systems team conducted a detailed analysis of the incident and identified several opportunities to strengthen the negotiating position for subsequent communication with the attacker. Today, as a result of negotiations with the attacker, conducted with the participation of the cybersecurity agency Match Systems and the Cryptex cryptocurrency exchange, the hacker returned the entire stolen amount of 22,960 ETH to the victim. At the moment, the victim has no complaints against the attacker.”
Address poisoning attacks can result in significant losses for cryptocurrency users. To prevent such attacks, experts recommend carefully inspecting the receiving address before each transaction is sent.
Update 5-11-2024 at 3:24 pm: This article has been updated to include additional information from the Match Systems statement.