A hacker has contacted their victim to offer to return stolen cryptocurrencies almost a year after the attack.
Last September, the investor suffered a loss of $24 million after falling victim to a phishing attack, where the hacker tricks their target into approving a malicious smart contract designed to syphon funds.
In a surprising twist, the victim heard from the hacker on July 6.
“Hello, I am the guy who took your money,” the hacker said in an onchain message to the victim.
Onchain communication allows crypto users to send messages as transactions using their wallets and can be viewed using explorers like Etherscan.
“I want to give the money back, waiting for your reply,” the hacker said.
The hacker contacted the victim using a wallet address different from those flagged during last year’s hack.
On Monday, the victim confirmed receipt of some of the stolen funds.
“Acknowledging that 10.3 million DAI has already been returned to this address,” the victim said in an onchain message.
Onchain data from Etherscan shows the hacker began the refund process last week and sent three transactions totaling $10.3 million in DAI stablecoin.
“Thank you for wanting to give the money back. Please send the remainder back to this address.”
The victim is still waiting for the remainder of the stolen funds as of the reporting time.
Last year’s theft saw $24 million in stETH and rETH stolen from the victim.
StETH and rETH are liquid staking tokens offered by Lido and RocketPool, respectively. Both providers give the tokens in exchange for a user staking their Ether tokens on the respective protocols.
Following the attack, the hacker routed multiple $100,000 transactions via FixedFloat, a crypto exchange often used by hackers and exploiters to move syphoned funds.
Phishing attacks
Phishing attacks were a major headache for crypto owners last year.
Onchain fraud detector Scam Sniffer reported that $300 million in crypto was lost to phishing attacks in 2024 ― 17% of last year’s crypto theft total.
Large-scale wallet drainers like MS Drainer, Inferno Drainer, and Pink Monkey were the major culprits.
In another major crypto phishing attack this year, the victim lost $72 million in wrapped Bitcoin tokens ― Bitcoin on the Ethereum network.
The attacker returned all the funds despite an agreement to keep a 10% bounty.
Osato Avan-Nomayo is our Nigeria-based DeFi correspondent. He covers DeFi and tech. To share tips or information about stories, please contact him at osato@dlnews.com.