As a seasoned crypto investor who has seen it all, I can’t help but feel a mix of emotions reading about this recent turn of events in the $24 million phishing attack case. On one hand, I’m relieved to hear that the victim is getting some of his stolen funds back, but on the other hand, I’m left with a sense of unease and caution.
A person who fell prey to a $24 million phishing scam has been returned some of the money he lost, as the scammer voluntarily transferred the funds back to him.
In late 2023, an attacker managed to steal approximately 9,579 stETH and 4,850 rETH tokens worth over $9.3 million from a victim, as reported by Scam Sniffer, a web3 anti-scam solution. However, the attacker subsequently returned the stolen funds to the victim.
As a cautious crypto investor, I would never click on unsolicited links or approve any transaction requests that come through phishing emails. However, unfortunately, some investors have been tricked into doing so, leading them to unknowingly authorize “Increase Allowance” transactions during the phishing process. This unfortunate action leaves their digital assets vulnerable to theft.
As a researcher studying the tactics used in phishing schemes, I’ve come across this strategy frequently. When you grant approval, the other party gains authorization to move funds from your digital wallet.
Critics argue that a potential drawback unique to ERC-20 tokens is the possibility for unscrupulous developers to create and deploy deceitful smart contracts, which could mislead innocent users.
Approximately ten months following the theft, on July 6, an anonymous message from the thief appeared on the blockchain. This communication, permanently etched into the digital ledger, read:
“Hello, I am the guy who took your money [..,] I want to give the money back.”
Afterward, on July 8, the hacker transferred back approximately $5.23 million in DAI tokens. An additional $4.04 million was moved on July 13, bringing the total to around $9.3 million according to Etherscan records.
Using Railgun, a privacy shield, the attacker concealed the origin of the funds before transferring them to the victim. These recovered funds represent approximately 38.84% of the overall funds that were taken in the heist.
As a crypto investor, I’d put it this way: At the moment of writing this, the fraudster’s wallet contained more than three million dollars worth of diverse cryptocurrencies.
Occasionally, in certain cases, cybercriminals have surprisingly restored pilfered funds. For instance, last year, the Euler protocol, which suffered a loss of $197 million in digital assets, witnessed the thief returning close to 90% of the ill-gotten gains.
In February 2024, the Seneca Protocol hack, which resulted in a loss of $6.4 million, was perpetrated by an unidentified hacker. Subsequently, the hacker agreed to return $5.3 million as part of a settlement. The project offered a reward of 20% of the returned funds and granted immunity from legal action if 80% of the stolen money was recovered.
Despite the efforts to combat them, phishing attacks remain a significant threat in the cryptocurrency world. According to Scam Sniffer’s reports, over $290 million in funds were stolen in 2023 due to these deceitful schemes.
Read More
Sorry. No data so far.
2024-07-15 12:46