WBTC thief spreads $71M loot across multiple crypto wallets

Avatar

Stolen crypto funds linked to a recent $71 million wallet impersonation scam are on the move after six days of silence.

On May 3, an investor sent $71 million worth of Wrapped Bitcoin (WBTC) to a bait wallet address, falling victim to a wallet poisoning scam. The scammer created a wallet address with similar alphanumeric characters and made a small transaction to the victim’s account.

Like most investors, the victim validated the wallet address by matching the first and last few characters and transferred 97% of their total assets to it. However, the difference would have been noticeable in the middle characters, often hidden on platforms to improve visual appeal.

Source: Lookonchain

Hackers often convert stolen crypto to Ether (ETH), which makes it easier to siphon via privacy protocols such as Tornado Cash — and this hacker was no different. The 1,155 WBTC was immediately converted to roughly 23,000 ETH and sat dormant in the scammer’s wallet for six days.

On May 8, blockchain investigation firm PeckShield noticed some of the stolen funds being laundered. The scammer started breaking down the loot into multiple parts and began sending it to multiple crypto wallets in parts.

Source: PeckShield

The scammer used roughly 400 crypto wallets to dilute the stolen funds and reduce traceability. Eventually, the funds in question ended up in over 150 wallets. However, all the stolen funds can still be traced back to the unknown scammer at the time of writing.

Crypto scammers and hackers have historically been found to be most active during bull markets. Read Cointelegraph’s learners’ guide on how to safely store cryptocurrencies.

Related: 4 tips that’ll keep your crypto safe from hackers this bull market

A new type of scam allows bad actors to drain users’ wallets without transaction approval.

The scam only works on tokens that comply with the ERC-2612 token standard, which allows for “gas-less” transfers or transfers by a wallet that does not hold ETH.

However, to enable approval-less transactions, the user must be tricked into signing a message. Cointelegraph’s investigation found that the scam was orchestrated by a Telegram group that featured a fake version of the Collab.Land Telegram verification system.

Magazine: Meme coins: Betrayal of crypto’s ideals… or its true purpose?