Victim Gets Money Back After $71 Million Address Poisoning Attack – This Is What Happened
2 minutes reading time
A victim who fell victim to a sophisticated “address poisoning” attack was able to recover almost all of the stolen funds, worth a staggering $71 million.
In the incident, the victim had inadvertently sent wrapped Bitcoin tokens (WBTC) to an attacker who had cleverly mimicked the victim’s wallet address.
However, thanks to the efforts of blockchain cybersecurity firm Match Systems and exchange Cryptex, the victim’s losses were largely mitigated.
What is address poisoning?
Address poisoning, also known as dusting attacks, occurs when an attacker floods a wealthy individual’s wallet with transactions from a wallet that closely resembles the victim’s address.
If the victim carelessly copies and pastes a wallet address from one of these spam transactions, a simple mistake can result in millions of dollars being transferred into the attacker’s hands.
Unfortunately, that’s exactly what happened in this case.
Although the recovered funds currently amount to approximately $66.8 million, the slight loss in value is due to the fact that the attacker converted the majority of the stolen WBTC tokens into Ether after the theft.
Match Systems CEO Andrei Kutin and Cryptex played a crucial role in mediating negotiations with the attacker that ultimately led to the successful recovery of the funds, according to a press release.
“Currently, the victim has no complaints against the attacker,” thepress releasestates.
Blockchain messaging data shows that the victim initially tried to contact the attacker and even offered a 10% reward as an incentive, but received no response.
However, just two days ago, the attacker unexpectedly contacted the victim.
Detailed information on the recovery negotiations and the reasons for the initial rejection of the bounty remain scarce.
While multi-million dollar exploits remain commonplace in the crypto space, there are signs that illegal activity may be declining.
Security firm CertiK recently reported that April saw the lowest funds lost to fraud since March 2021.
It is possible that attackers have become more cautious, especially given the conviction of Avraham Eisenbergfor fraud related to the Mango Markets exploit.
Eisenberg returned some of the stolen funds but still faced legal consequences.
April records lowest losses from crypto hacks
The cryptocurrency industry saw a sharp decline incombinedlosses from hacksand fraud in April.The month recorded the lowest combined losses from crypto hacks and fraud since 2021. About $25.7 million was lost to exploits, hacks, and fraud.
To be more precise, only $25.7 million was lost to attacks during the month, which is the lowest amount since CertiK started collecting such data in 2021.
Flash loan attacks caused $129,000 in losses, with the largest incident causing $55,000 in damages.
This was the lowest incidence of
flash loan attacks since February 2022, and $4.3 million was lost to exit scams. As reported, in the first quarter of this year
$336 million was lost to Web3 hacks and fraud, with almost half of the capital stolen in January alone.Still, the figure represents a 23% decrease compared to Q1 2023.
It is also worth noting that $73,885,000 was recovered from stolen Web3 capital in 7 specific situations.
