In a fortunate yet mysterious turn of events, the victim of a recent wallet poisoning scam has had $71 million worth of stolen cryptocurrencies returned to them. The unknown attacker returned the stolen Ether (ETH) tokens on May 12, catching the attention of multiple blockchain investigation firms. Lookonchain, an on-chain security firm, provided details of the incident in a post on May 13.
The original attack occurred on May 3 when an investor fell victim to a wallet poisoning scam and mistakenly sent $71 million worth of Wrapped Bitcoin (wBTC) to a bait wallet address. The scammer had created a wallet address with similar alphanumeric characters and made a small transaction to the victim’s account. Like most investors, the victim validated the wallet address by matching the first and last few characters, but failed to notice the difference in the middle characters, which are often hidden on platforms for visual appeal.
Despite returning all the stolen funds, the on-chain transactions leading up to the event suggest that the attacker had different intentions initially. Upon receiving the stolen funds, the attacker promptly converted 1,155 WBTC to approximately 23,000 ETH. This is a common tactic used by malicious hackers to launder stolen funds through privacy protocols and crypto mixing services like Tornado Cash. On May 8, the attacker began spreading the funds across more than 400 crypto wallets, ultimately distributing them to over 150 separate wallets, before returning the assets.
The return of the funds coincided with the publication of an analysis by SlowMist, another on-chain security firm, which identified potential Hong Kong-based IPs associated with the attacker. It is speculated that the thief may have become frightened by the potential consequences and decided to return the stolen funds.
According to a May 10 incident report by SlowMist, the $71 million theft is just a small part of the phishing attempts connected to the WBTC theft. In April, the amount of crypto stolen from hacks and scams dropped to $25.7 million, the lowest figure since 2021 when CertiK, an on-chain intelligence firm, began tracking the data.
In other news, for the first time since the Merge, Ether has become inflationary, marking a significant development in the cryptocurrency market.