Stolen crypto funds tied to a recent $71 million wallet impersonation scam have started moving after six days. On May 3, an investor fell victim to a wallet poisoning scam, sending $71 million worth of Wrapped Bitcoin (WBTC) to a bait wallet address. The scammer created a wallet address with similar alphanumeric characters, tricking the victim into transferring 97% of their assets. Typically, investors validate wallet addresses by matching the first and last few characters, but fail to notice discrepancies in the middle characters that are often hidden on platforms for visual appeal. In this case, the difference would have been noticeable if carefully examined.
Hacker Converts Stolen WBTC to ETH
The hacker behind the scam swiftly converted the stolen WBTC into approximately 23,000 ETH, a common tactic used to make siphoning easier through privacy protocols like Tornado Cash. The converted funds remained dormant in the scammer’s wallet for six days. On May 8, blockchain investigation firm PeckShield observed the movements of the stolen funds. The scammer began splitting the loot into multiple parts and distributing them across several crypto wallets. To reduce traceability, around 400 wallets were used, ultimately leading to over 150 wallets holding the stolen funds. However, at the time of writing, the stolen funds can still be traced back to the unknown scammer.
Throughout history, crypto scammers and hackers have been particularly active during bullish market conditions. It is crucial for investors to educate themselves on secure cryptocurrency storage practices. In another type of scam, bad actors have devised a technique to drain users’ wallets without requiring transaction approval. This particular scam targets tokens that adhere to the ERC-2612 token standard, allowing for “gas-less” transfers or transfers without the need for holding ETH in the wallet. However, to enable approval-less transactions, users must be deceived into signing a message. A recent investigation uncovered a Telegram group featuring a fake version of the Collab.Land Telegram verification system, which orchestrated this scam.
April Records Lowest Crypto Hack Losses
The cryptocurrency industry experienced a major downturn in combined losses from hacks and scams in April. The month saw the lowest combined losses from crypto-related hacks and scams since 2021, with approximately $25.7 million lost to exploits, hacks, and scams. More specifically, only $25.7 million was lost in attacks throughout the month, marking the lowest amount since CertiK began tracking such data in 2021. Flash loan attacks accounted for $129,000 in losses, with the largest incident causing $55,000 in damages. This marked the lowest incidence of flash loan attacks since February 2022, and $4.3 million was lost to exit scams. As reported, the first quarter of this year has seen $336 million lost to Web3 hackers and fraud, with nearly half of the capital stolen in January alone. Nonetheless, the number represents a 23% decrease compared to the first quarter of 2023. It is also worth noting that $73,885,000 has been recovered from stolen Web3 capital in 7 specific situations.