In a surprise move, the scammer returned $9.3 million to victims after stealing $24 million in September 2023. Scam Sniffer first detected these transactions on July 13, using stablecoin Dai.
On July 13, Scam Sniffer, a well-known security company specializing in blockchain forensics, detected unusual activity related to the scammer's wallet. The scammer, who initially ran away with $24 million, returned approximately $9.3 million to the victim using stablecoin Dai. The return of this amount was carried out in two transactions, with $5.23 million transferred on July 8 and an additional $4.04 million sent on July 13, according to Etherscan data.
The initial incident took place in September 2023 when the victim became the target of a phishing attack, resulting in the loss of 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool Ether (rETH), equivalent to $24 million USD at that time. The attacker tricked the victim into granting token approval permissions by tricking them into signing “Increase Allowance” transactions.
The bounce: The scammer's unexpected move
The recent return of $9.3 million was equivalent to 38.4% of the stolen funds at the time. However, at current market value, the 14,429 Ether tokens staked would be worth $47.5 million. Onchain data reveals that Dai stablecoins are transferred through an address labeled Railgun Relay, an intermediary involved in the privacy protocol, before being transferred to victims.
This surprising return has raised many questions in the cryptocurrency community. On July 6, Scam Sniffer pointed out an onchain message from the hacker sent from another wallet address, in which the scammer expressed his intention to return the stolen funds. “Hello, I'm the one who took your money,” the message read. “I want my money back.”
Data from Etherscan shows that after transferring 9.3 million USD, the attacker's wallet still had more than 3 million USD, mainly in Metagalaxy Land (MEGALAND) tokens on BNB Chain.
According to Scam Sniffer's 2023 Wallet Drainers Report, in 2023 alone, nearly $300 million in cryptocurrency was stolen from 324,000 victims. The report also points out that Inferno Drainer and MS Drainer are the two most active fraud groups in 2023, appropriating 81 million USD and 59 million USD respectively. By 2024, the Pink Drainer emerged as a new force, stealing more than $85 million before disappearing in May.
The incident is a reminder to the user community about the importance of increasing vigilance and equipping security knowledge when participating in the cryptocurrency market. Carefully reviewing transactions, especially token access and approvals, is extremely important to protect your assets.