A victim of a $24 million phishing attack has received a partial refund after the perpetrator voluntarily returned some of the stolen funds.
According to Scam Sniffer, a web3 anti-scam solution, the attacker sent back $9.3 million to the victim. The theft occurred in late 2023, involving 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool (rETH) tokens.
💰 The scammer returned $9.27M in DAI to the victim.
(credits: @bax1337) https://t.co/xwSASQOUis pic.twitter.com/T5vF1Ak3wo
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) July 13, 2024
The victim fell prey to the attack by approving “Increase Allowance” transactions during the phishing incident, a common tactic used to gain control over assets within a wallet.
This vulnerability, particularly with ERC-20 tokens, allows bad actors to exploit users through malicious smart contracts. The attacker, using the Railgun privacy protocol, obscured the returned funds, totaling 38.84% of the stolen amount.
Despite rare instances of funds being returned by attackers, phishing scams remain a significant issue in the crypto industry, with losses exceeding $290 million reported by Scam Sniffer in 2023 alone.
BingX, a cryptocurrency exchange, has alerted users to a possible security breach involving its hot wallet, leading to the activation of emergency protocols.
In the next five years, government prosecutors and tax agencies are expected to utilize artificial intelligence to analyze blockchain data for crime detection, according to Chainalysis CEO Michael Gronager.
Germany has shut down 47 cryptocurrency exchanges, accusing them of enabling cybercriminals to launder money by ignoring anti-money laundering regulations.
In the wake of the $230 million hack at Indian crypto exchange WazirX, the attackers have moved another $12 million worth of Ethereum.