A victim who fell prey to a sophisticated ‘address poisoning’ attack has successfully recovered almost all of the stolen funds, amounting to a staggering $71 million.
The incident involved the victim mistakenly sending wrapped Bitcoin tokens (WBTC) to an attacker who cleverly mimicked their wallet address.
However, thanks to the efforts of blockchain cybersecurity firm Match Systems and the exchange Cryptex, the victim’s losses have been largely mitigated.
What is Address Poisoning?
Address poisoning, also known as dusting attacks, occurs when an attacker inundates the wallet of a high net worth individual with transactions from a wallet that closely resembles the victim’s address.
If the victim carelessly copies and pastes a wallet address from one of these spam transactions, a simple mistake can result in the transfer of millions of dollars into the attacker’s hands.
Unfortunately, this is precisely what transpired in this case.
Although the recovered funds currently amount to approximately $66.8 million in U.S. dollars, the slight depreciation in value can be attributed to the attacker’s conversion of most of the stolen WBTC tokens into ether following the theft.
Match Systems’ CEO, Andrei Kutin, and Cryptex played pivotal roles in facilitating negotiations with the attacker, ultimately leading to the successful recovery of the funds, according to a press release.
“At the moment, the victim has no complaints against the attacker,” the press release reads.
Blockchain messaging data reveals that the victim initially attempted to contact the attacker, even offering a 10% bounty as an incentive, but received no response.
However, just two days ago, the attacker unexpectedly reached out to establish contact with the victim.
Detailed information regarding the recovery negotiations and the reasons behind the initial rejection of the bounty remains scarce.
While multi-million dollar exploits in the crypto space remain commonplace, there are indications that illicit activities may be on the decline.
Security firm CertiK recently reported that April recorded the lowest amount of funds lost to scams since March 2021.
It is possible that attackers have become more cautious, especially in light of the conviction of Avraham Eisenberg on fraud charges related to the Mango Markets exploit.
Eisenberg returned some of the looted funds but still faced legal consequences.
April Records Lowest Crypto Hack Losses
The cryptocurrency industry experienced a major downturn in combined losses from hacks and scams in April.
The month saw the lowest combined losses from crypto-related hacks and scams since 2021, with approximately $25.7 million lost to exploits, hacks, and scams.
More specifically, only $25.7 million was lost in attacks throughout the month, marking the lowest amount since CertiK began tracking such data in 2021.
Flash loan attacks accounted for $129,000 in losses, with the largest incident causing $55,000 in damages.
This marked the lowest incidence of flash loan attacks since February 2022, and $4.3 million was lost to exit scams.
As reported, the first quarter of this year has seen $336 million lost to Web3 hackers and fraud, with nearly half of the capital stolen in January alone.
Nonetheless, the number represents a 23% decrease compared to the first quarter of 2023.
It is also worth noting that $73,885,000 has been recovered from stolen Web3 capital in 7 specific situations.
Read the full article here