A perpetrator linked to a $68 million address poisoning scheme has made a gesture of goodwill by giving back $153,000 worth of Ether to the victim.
The address-poisoning scam began with the attacker deceiving a user into sending $68 million worth of Wrapped Bitcoin (WBTC). This narrative has now evolved with the recent compassionate act of returning a portion of the stolen assets.
Attacker Expressed Willingness To Negotiate
The individual, operating under the alias “FakePhishing327990” on Etherscan, sent $153,000 Ether to the victim along with a message expressing a willingness to negotiate and seeking communication via Telegram.
Blockchain data unveils that the victim, identified by their account ending in 8fD5, initiated contact with the attacker. The victim proposed a resolution where the attacker would return 90% of the stolen funds, offering a 10% bounty in return and a pledge to avoid legal action. Emphasizing the traceability of the funds, the victim set a deadline for the decision.
Shortly after, another account controlled by the attacker, ending in 72F1, responded by sending 51 Ether to the victim—a portion of the stolen funds returned as a goodwill gesture. The accompanying message reiterated the attacker’s openness to negotiation and requested the victim’s Telegram username for further communication.
This negotiation unfolds within the context of an address poisoning scam, where the attacker employs a smart contract to deceive the victim into transferring 1,155 WBTC by exploiting similarities between addresses.
Known as an “address poisoning attack,” this sophisticated tactic involves inundating victims with transactions mirroring their own, ultimately leading to costly mistakes. Security experts advise users to meticulously review transaction details, especially the sending address, to mitigate risks associated with such attacks.
Phishing Attacks On Rise
Recently, an NFT trader suffered a significant loss of over $145,000 worth of tokens due to a phishing scam. The victim, identified as “tatis.eth,” was specifically targeted by an attacker known as “PinkDrainer,” who managed to pilfer three valuable BAYC NFTs from the victim’s wallet.
BAYC, or Bored Ape Yacht Club, denotes a collection of highly esteemed Ethereum-based NFTs, showcasing distinctive cartoon ape designs. The stolen NFTs were swiftly transferred to a phishing address and subsequently sold for 48.5 ETH.
This occurrence aligns with a broader trend of phishing scams plaguing cryptocurrency users, with notable instances of financial loss emerging within the initial months of 2024.
Data from Scam Sniffer underscores the severity of the situation, revealing that over $104 million worth of cryptocurrencies has been siphoned off by phishing attacks during this period, with a notable portion stemming from the Ethereum ecosystem.