In a surprising turn of events, the person who was scammed out of $24 million was able to get back a big chunk of the funds after the scammer freely returned it.
The scam-fighting group Scam Sniffer on Web3 said that the attacker sent back $9.3 million to the victim. Over 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool (rETH) pieces were among the first things stolen in late 2023.
The target fell for the scam because they agreed to “Increase Allowance” transactions, which is a common way for scammers to get people to give them permission to move money from their wallet.
People have said that this way, which only works with ERC-20 tokens, lets bad developers use fake smart contracts to take advantage of users who don’t know what’s going on.
Victim Receives On-Chain Message
In a letter recorded on the blockchain on July 6, ten months after the theft, the thief said, “Hello, I am the guy who stole your money […] I want to give the money back.” Based on this message, the attacker sent back $5.23 million worth of the stablecoin DAI on July 8 and another $4.04 million on July 13. This was proven by data from Etherscan.
The attacker used Railgun, a privacy protocol, to hide the transfers before giving the funds back. The amount given back is equal to 38.84% of the total amount of funds stolen in the attack. The scammer’s sending wallet still has more than $3 million in different cryptocurrencies as of the most recent changes.
Attackers have sometimes returned stolen funds, but it doesn’t happen very often. Last year, the Euler protocol lost $197 million, but almost all of the illicit funds was returned.
In the same way, the hacker who stole $6.4 million from the Seneca Protocol came back with $5.3 million after talks in which the project offered a 20% reward and protection from legal action if 80% of the funds was returned.
Even with these occasional gains, phishing scams are still a problem in the crypto sector. Scam Sniffer says that over $290 million was lost to these scams in 2023 alone.
