An anonymous crypto whale lost $68 million worth of wrapped bitcoin (WBTC) in an address poisoning attack on May 3. Now, the victim reportedly has no complaints against the attacker and has recovered the entire sum of tokens that had been stolen.
Match Systems, a cybersecurity firm that specializes in blockchain investigations and Cryptex, a U.K.-based crypto exchange, claimed credit for tracking down the stolen assets and returning them to the victim within a week.
“This incident perfectly demonstrates that promptly contacting specialists in case of theft of crypto assets significantly increases the chances of the crypto fraud victim to get them back,” said Match Systems in a statement.
An address poisoning or “dust” attack refers to situation where malicious actors trick victims into transferring their assets into a fraudulent one that is designed to look similar to their own. To do this, the attacker creates a “vanity address” with a custom set of characters that resembles their intended victim and spams their wallet addresses with transactions.
Since blockchain addresses and their balances are visible to the public on block explorers, it’s fairly simple for a scammer to send spoofed transactions to these addresses.
🚨ALERT🚨Are we mistaken, or has someone truly lost $68M worth of $WBTC? Our system has detected another address falling victim to address poisoning, losing 1155 $WBTC. 😢
Victim: https://t.co/5NKlOFnepJ
Address poisoner: https://t.co/R6fF0QipBH
Poison transaction:… pic.twitter.com/UpG34ZcZvY
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 3, 2024
Blockchain data shows that the victim in question attempted to reach out to the scammer after the attack, offering a 10% bounty in return for the funds to be transferred back.
“We both know there’s no way to clean this [sic] funds. You will be traced,” wrote the victim in a message embedded into a transaction last week.
These messages appear to have been largely ignored by the hacker, who then transferred the stolen funds to another address and began distributing the tokens into several other addresses. However, three days ago, the attacker reached out to the victim saying, “Please leave your telegram and I will contact you.”
Blockchain data shows that the attacker has transferred nearly all the funds back to the victim at the time of writing. Match Systems did not specify details of how they were able to negotiate the recovery with the attackers, or whether they had information about the attacker’s identity.