Address Poisoning Exploiters Returns $153,000 ETH of Stolen Funds

Address Poisoning Exploiters Returns $153,000 ETH of Stolen Funds

Following the crypto market boom, criminals are intensifying their activities in the digital sector to steal customers’ funds. In a recent report, a crypto investor complained of losing a substantial amount of crypto to the address-poisoning exploiter.

The famous blockchain security company CertiK brought the incident to light on how the crypto user fell for the address-poisoning attacker trap. The CertiK team noted that the attackers deceived the victim into sending them $68 million of wrapped Bitcoin (WBTC).

Crypto Exploiters Agrees to Negotiate with Victim

After receiving the amount, the attackers agreed to return $153,000 of Ethereum to the affected customer. The address poisoning exploit captivated the interest of leading blockchain security firms, including Cyvers and ZackXBT, to probe the matter.

In the ongoing investigation, the blockchain sleuths noted that address poisoning attacks are a unique technique used by criminals to deceive customers into sending them funds to the wrong wallet address.

The process involves compromising the characters of the original wallet to trick the user into sending legitimate transactions to the wrong address.  According to Etherscan, the attacker account ….8fD5 had sent three consecutive messages to the victim account ….dA6D.

Afterwards, the affected customer received funds from account 72F1, “fakephishing327990,” through multiple third parties. The probing team noted that the attackers controlled the account 72F1 and other addresses.

Address Poisoning Attackers Returns 0.255% of Stolen Funds

The amount sent to the customer represented 0.255% of the stolen funds. Even though it’s still unclear whether the attacker will return the stolen funds the CertiK team decribed the 0.05 Ether  transaction as an approach used by the attackers to show good faith.

The probing team claimed that the returned assets demonstrated that the attacker had good intentions in returning the stolen funds. In the subsequent message, the attackers requested that the customer share his Telegram username for further negotiations.

Hackers Promise to Return Stolen Funds

Responding to the message, the victim was willing to offer a 10% bounty to the attackers if they agreed to return the stolen funds. The victim also agreed to avoid prosecuting the attackers if they returned 90% of the stolen assets.

He urged the attackers to return 90% of the funds within 24 hours and shared his Telegram username. The Etherscan report stated that the criminals honored the customer’s request and sent 51 Ether valued at $153,000 of the stolen funds.

Also, the blockchain sleuths noted that on May 3, the attackers used a smart contract to steal 0.05 from the customer’s account. The Etherscan report shows that the token transferred by the attacker was labeled as an ERC-20 coin. The probing team noted that the transaction was illegal since the user had not consented.

All trademarks, logos, and images displayed on this site belong to their respective owners and have been utilized under the Fair Use Act. The materials on this site should not be interpreted as financial advice. When we incorporate content from other sites, we ensure each author receives proper attribution by providing a link to the original content. This site might maintain financial affiliations with a selection of the brands and firms mentioned herein. As a result, we may receive compensation if our readers opt to click on these links within our content and subsequently register for the products or services on offer. However, we neither represent nor endorse these services, brands, or companies. Therefore, any disputes that may arise with the mentioned brands or companies need to be directly addressed with the respective parties involved. We urge our readers to exercise their own judgement when clicking on links within our content and ultimately signing up for any products or services. The responsibility lies solely with them. Please read our full disclaimer and terms of use policy here.

Leave a Reply

Your email address will not be published. Required fields are marked *