WBTC address poisoner sends nearly all funds back to victim after negotiations

Avatar

The address poisoning attacker who tricked a user into sending them 1,155 Wrapped Bitcoin (wBTC) (worth $68 million at the time) has returned nearly all of the funds stolen, blockchain data shows. The funds had been swapped for Ether (ETH) during the time period that they were held by the attacker, and the price of ETH had fallen. 

However, the attacker sent back approximately 22,960.07 ETH, worth $65.7 million, which represents over 96% of the US dollar value of the funds t originally stolen.

Address poisoning victim’s wallet shows over 22,000 ETH held within it. Source: Etherscan.

At 8:47 am UTC on May 10, multiple wallets began sending ETH to the account. The first transfer was for 29.999 ETH ($87,199 based on the ETH price at the time). Over the course of the next day, over 225 wallet transactions were made from various accounts to send ETH to the victim’s address. The value of each transaction ranged from 29 to 67 ETH.

Accounts sending ETH to the victim’s address. Source: Etherscan.

By the end of the series of transactions, the wallet had a balance of over 29,000 ETH.

The transfers occurred after a series of messages had been exchanged between the victim and attacker. The victim had at first agreed to allow the attacker to keep 10% of the funds as a bounty. However, this deal appears to no longer be on the table, as the attacker has returned more than 90% at the time of publication.

In a report attributed to blockchain security platform Match Systems and seen by Cointelegraph, the platform claimed to have discovered information that “strengthened” the victim’s negotiating position, implying that security experts were making progress towards identifying who the attacker was.

According to the report, Match Systems “conducted a detailed analysis of the incident and identified several opportunities to strengthen the negotiating position for subsequent communication with the attacker.” As a result, “the hacker returned the entire stolen amount of 22,960 ETH to the victim.” The report stated that the victim “has no complaints against the attacker” at the moment.

Cointelegraph reached out to Match Systems to confirm the report’s authenticity, but did not receive a response by the time of publication.

Address poisoning attacks can cause substantial losses to crypto users. Experts suggest that they can be avoided by carefully inspecting the receiving address before each transaction is sent.

Related: DEA gets duped: Agency loses $55K in address poisoning scam