Introduction:
In an unexpected turn of events, a phishing scammer has returned a large portion of the funds they stole from a victim in September 2023. Initially, the scammer had swindled $24 million in a sophisticated phishing attack. However, in a surprising move, the scammer has now returned nearly $10.3 million to the victim. Scam Sniffer first noticed this development on July 13, 2024, when the scammer used the Dai (DAI) stablecoin to transfer the funds back across two transactions and after that on July 15, 2024, another $1 million dollar was returned. This rare act of restitution in the crypto world highlights the complexities and occasional unpredictability of digital asset theft and recovery.
The Incident:
The initial theft occurred on September 6, 2023, when a victim fell prey to a sophisticated phishing scam, resulting in the loss of 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool Ether (rETH) tokens. The scammer executed the heist by exploiting the ERC-20 token allowance feature, a mechanism that allows token owners to authorize third parties to spend their tokens.
The victim was tricked into signing “Increase Allowance” transactions, unwittingly granting the scammer control over their tokens. This type of transaction, while designed to facilitate legitimate third-party interactions, can be manipulated to authorize malicious actors to access and transfer tokens without the owner’s direct consent.
This exploit highlights a significant vulnerability within the ERC-20 token standard, which has been flagged by various industry players, including CoinMarketCap. The incident underscores the importance of caution and scrutiny when authorizing token transactions, as seemingly benign approvals can lead to substantial financial losses.
The Return of Funds
On July 13, 2024, Scam Sniffer, a fraud detection platform, first noticed the return of funds. The scammer used the Dai (DAI) stablecoin to return the money in two separate transactions. The first transfer of $5.23 million occurred on July 8, followed by a second transfer of $4.04 million on July 13 at 12:06 pm UTC, as confirmed by Etherscan data. After these two transactions On July 16 at 5:29 AM scam sniffer shared another screenshot on their Twitter (X) handle confirming another $1 Million had been returned to the Victim.
This return of funds comes 10 months after the initial phishing scam and equates to a 38.4% return at the prices on September 6, 2023. Notably, the 14,429 staked Ether tokens stolen would now be worth $47.5 million at current prices.
Communication with the phishing scammer
The scammer reached out to the victim via an onchain message from a different wallet address on July 6, stating, “Hello, I am the guy who took your money. I want to give the money back.” The Etherscan data reveals that the scammer’s wallet still holds over $3 million, primarily in Metagalaxy Land (MEGALAND) tokens on the BNB Chain.
Broader Impact and Industry Response to Cryptocurrency Vulnerabilities
The unexpected return of stolen funds by a phishing scammer underscores the persistent vulnerabilities in the cryptocurrency industry. According to Scam Sniffer’s 2023 Wallet Drainers Report, phishing scams resulted in the theft of nearly $300 million worth of cryptocurrency from 324,000 victims in 2023 alone. Among the most infamous scammers were Inferno Drainer and MS Drainer, who stole $81 million and $59 million, respectively.
In 2024, Pink Drainer became a significant threat, managing to steal over $85 million before ceasing operations in May. These alarming figures highlight the urgent need for enhanced security measures and awareness within the crypto community to combat these sophisticated scams. The industry must continue to address these vulnerabilities to protect users from significant financial losses and restore trust in digital asset security.
Conclusion
The return of $10.3 million by a phishing scammer is a rare occurrence that underscores the complexities and challenges of the cryptocurrency ecosystem. As the industry continues to evolve, users must remain vigilant and educated about potential scams to protect their assets. This incident also calls for improved security measures and awareness to prevent such attacks in the future.
Stay vigilant, stay informed, and prioritize your digital security in this ever-evolving landscape of cyber threats. At The Scam Protector, we save people from getting scammed by raising awareness and informing them about prevalent online scams. You can do it too just by joining our tribe on Twitter , Facebook, Quora, Reddit, LinkedIn.
