Attacker Returns $153,000 Worth of Ether to Victim After Stealing $68 Million
In a surprising turn of events, an attacker involved in a $68 million address poisoning scam has shown an act of goodwill by returning $153,000 worth of Ether to the victim.
The address-poisoning attack initially occurred when the attacker deceived a user into transferring $68 million worth of Wrapped Bitcoin (WBTC). However, the situation has taken a new twist with the recent kind-hearted act of returning a fraction of the stolen funds.
The attacker, who goes by the name “FakePhishing327990” on Etherscan, sent $153,000 worth of Ether to the victim along with a message expressing a willingness to negotiate and requesting communication through Telegram.
Blockchain data reveals that the victim, identified by their account ending in 8fD5, initiated communication with the attacker. The victim proposed a resolution in which the attacker would return 90% of the stolen funds in exchange for a 10% bounty and a commitment to avoid legal action. The victim emphasized the inevitability of tracing the funds and set a deadline for the decision.
In response, another account controlled by the attacker, ending in 72F1, sent 51 Ether to the victim, symbolizing a portion of the stolen funds returned as a goodwill gesture. The accompanying message reiterated the attacker’s willingness to negotiate and requested the victim’s Telegram username for further communication.
The negotiation takes place amidst the address poisoning scam, where the attacker exploits a smart contract to deceive the victim into transferring 1,155 WBTC by creating the appearance of similarity between addresses.
This sophisticated tactic, known as an “address poisoning attack,” involves flooding victims with transactions that mimic their own, ultimately leading to costly mistakes. Security experts advise users to carefully examine transaction details, particularly the sending address, to mitigate the risks associated with such attacks.
Phishing attacks are on the rise, with a recent incident involving an NFT trader losing over $145,000 worth of tokens. The trader, known as “tatis.eth,” was targeted by an attacker named “PinkDrainer,” who stole three valuable BAYC NFTs from the victim’s wallet.
BAYC, short for Bored Ape Yacht Club, is a collection of highly sought-after Ethereum-based NFTs featuring unique cartoon ape designs. The stolen NFTs were transferred to a phishing address and sold for 48.5 ETH.
This incident is part of a larger trend of phishing scams targeting cryptocurrency users, with significant losses reported in the first two months of 2024. According to Scam Sniffer data, over $104 million worth of cryptocurrencies have been lost to phishing attacks during this period, with a significant portion coming from the Ethereum ecosystem.