Follow CriptoFacil on
Google News CriptoFacil

Earlier this month, a hacker stole $71 million worth of Wrapped Bitcoin (WBTC) from a trader using a scam called address poisoning. But now, a week after the attack, the hacker has returned some of the stolen funds.

According to data from several on-chain analytics platforms, the hacker returned 4,676 ETH to the victim. The value, according to CoinGecko, corresponds to around US$14.2 million.

The action aroused the interest of the entire community, especially after profiles on X published a message exchange between the hacker and the trader. In messages exchanged in blockchain transactions, the hacker promised to return part of the funds, which happened.

The case raised speculation around a potential agreement between the victim and the hacker, similar to what protocols usually do with hackers. However, neither party confirmed whether a negotiation took place.

Received almost 5,000 ETH

Through the data highlighted by “EmberCN”, there was communication between the trader and the hacker or hackers. In the message described below, it is possible to say that the trader responded “ok” to some previous communication.

Then, the attacker immediately began transferring ETH to the address, highlighting that the two parties could have reached an agreement. Furthermore, the hacker asked the trader to leave his Telegram profile so that he could get in touch.

Previous messages on the network show that the two parties actually used Telegram for negotiations. This communication was not found, but it suggests that the two parties reached an agreement.

Negotiations between hacker and trader. Source: X.

Meanwhile, security company data PeckShield, showed that the amount returned is even higher: 11,446.87 ETH. The amount corresponds to approximately US$34 million, or approximately 50% of the stolen funds.

Address poisoning

As reported by CriptoFácil, the address 0x1E227… was the victim of an address poisoning scheme earlier this month. The trader lost amounts over 1,100 WBTC by inadvertently copying the wrong address and sending the amount.

In fact, the copied address was fake and the trader sent WBTC to the hacker’s account. This type of scam occurs when an attacker modifies some characters, causing a user to make the mistake of entering an address that resembles the original.

This chronicle unfolded, causing repercussions throughout the market. The attack raised fears about the risks of checking just a few characters in addresses and led experts to advise that people always check the full address before making a transaction.

Follow CriptoFacil on
Google News CriptoFacilGoogle News CriptoFacil


Leave a Reply