Phishing Scammer Returns $9.3M DAI After 10 Months

Dai stablecoin Read CoinChapter.com on Google News

LUCKNOW (CoinChapter.com) — A phishing scammer has abruptly returned nearly $9.3 million to a victim, ten months after orchestrating a $24 million theft. Blockchain security firm Scam Sniffer reported this first on July 13. The scammer utilized the Dai (DAI) stablecoin to return the funds across two separate transactions last week.

Etherscan data reveals that the scammer executed the first transfer on July 8, amounting to $5.23 million. He then transferred again $4.04 million on July 13.

Transfers from the scammer to the victim’s wallet address. Source: Etherscan Victim Had Lost $24.2 Million in Phishing Scam

All this began on September 6, 2023, when the victim fell prey to a sophisticated phishing scam. This resulted in a loss of $24.2 million in cryptocurrencies. The stolen assets comprised 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool (rETH) tokens. The scammer exploited a vulnerability by tricking the victim into enabling token approvals through “Increase Allowance” transactions. 

Source: X

The ERC-20 token feature known as “Allowance” permits third parties to spend tokens belonging to the owner. Industry players have flagged this loophole, warning that malicious actors can exploit it to deploy harmful smart contracts and scam users.

You Might Also Like: Floki Inu Issues Scam Warning Amid Price Volatility and Ecosystem Growth

The recent $9.3 million return equates to a 38.4% refund of the original stolen amount, based on September 6 prices. However, it’s crucial to note that the value of 14,429 staked-Ether is $47.5 million at current market rates.

Etherscan Data Tracks $9.3 Million Return Through Railgun Relay

Onchain data reveals that the Dai tokens were routed through an address labeled as Railgun Relay — an intermediary for a privacy protocol — shortly before being transferred to the victim.

Scam Sniffer pointed to an onchain message from the hacker reaching out to the victim via a different wallet address on July 6. The message read, “Hello, I am the guy who took your money. I want to give the moneyback.”

Hacker Messaged victim. Source: Etherscan

Following the $9 million transfer, Etherscan data shows that the scammer’s wallet address now holds slightly over $3 million in funds. Interestingly, nearly 99% of these remaining funds comprise the METAGALAXY LAND (MEGALAND) token from the BNB Chain.

According to Scam Sniffer’s 2023 Wallet Drainers Report, phishing scammers pilfered almost $300 million worth of crypto from 324,000 victims in 2023 alone.

Post You May Like: Binance Combats Address Poisoning Scams After $68M Loss

Last year, Inferno Drainer and MS Drainer emerged as the two most notorious phishing scammers, stealing $81 million and $59 million, respectively. The trend continued into 2024, with Pink Drainer becoming one of the most prominent phishing scammers, amassing over $85 million before ceasing operations in May.

The post Phishing Scammer Returns $9.3M DAI After 10 Months appeared first on CoinChapter.