Ethereum users who accidentally sent $71 million worth of wrapped Bitcoin to the wrong address in an apparent “address poisoning” scam last week may be trying to get their money back. Or at least some of it.
On May 3, address 0x1E227 sent 1,155 Wrapped Bitcoins (WBTC), worth approximately $71 million, to the scammer's crypto address, with the recipient being tricked into thinking the address was his. The victim has been communicating with the perpetrators via blockchain ever since, and a portion of the 52 ETH ($156,000) was refunded early Thursday.
“Please leave a Telegram and I will contact you,” the perpetrator wrote inside the blockchain transaction on Thursday.
Attackers initially used a common technique called “address poisoning” or “wallet poisoning” to steal funds. This involves the scammer sending zero-value transactions to the target wallet from a crypto address that is intentionally chosen to look like one the victim communicates with on a regular basis.
In this case, the victim's actual target address and the scammer's address both started with the characters 0xd9A1 and ended with 853a91, making them difficult to tell apart at first glance within most wallet apps.
The scammer's goal is to trick the victim into copying a fake address from their transaction history the next time they send money to themselves, and then intercept the transfer.
After losing the funds last Friday, the victim initially sent the thieves a message acknowledging that they had “won” and asked them to return 90% of the money and keep 10% as a clean reward.
“I know my life would definitely be better with $7 million, but I can't sleep well with $70 million,” the victim wrote.
The scammer asked the victim to transfer the remaining $1.6 million in DAI stablecoins to the wallet address or the offer would not be considered. “If you don't, you won't hear from us again and we won't respond,” the scammer wrote.
The victim continued to threaten to pursue the hacker based on his transaction history if he did not accept the initial 90/10 offer.
“We both know there's no way to clean it.” [these] funds. You will be tracked,” the victim wrote. “We also both understand that the words 'sleep well' are not about your moral or ethical qualities.”
Onlookers joined in the conversation, with some offering to provide IP addresses and other data about the hackers in exchange for $100,000. Others defended the scammer, congratulating the theft, assuring the victim's threats were a bluff, and calling the victim a “stupid, greedy whale.”
Edited by Andrew Hayward
