2024-05-09
Recently, there has been movement in the cryptocurrency funds that were stolen in a wallet impersonation scam worth $71 million.
These funds had remained inactive for six days before being transferred.
On May 3, an investor fell victim to a wallet poisoning scam and mistakenly sent $71 million worth of Wrapped Bitcoin (WBTC) to a fraudulent wallet address. The scammer had created a wallet address that closely resembled the legitimate one and made a small transaction to the victim's account.
Like many investors, the victim verified the wallet address by comparing the first and last few characters and transferred 97% of their assets to it. However, there was a slight difference in the middle characters, which are often hidden on platforms for visual appeal, but could have been noticeable.
Typically, hackers convert stolen cryptocurrency to Ether as it allows for easier siphoning through privacy protocols like Tornado Cash. In this case, the hacker followed the same pattern and immediately converted the stolen 1,155 WBTC to approximately 23,000 ETH. The funds remained dormant in the scammer's wallet for six days.
On May 8, PeckShield, a blockchain investigation firm, observed some of the stolen funds being laundered.
The scammer started splitting the loot into multiple parts and sending them to various crypto wallets.
To make the stolen funds harder to trace, the scammer utilized around 400 crypto wallets, eventually distributing the funds across more than 150 wallets. However, currently, all the stolen funds can still be traced back to the unidentified scammer.
Historically, crypto scammers and hackers have been most active during bull markets.
There is a new type of scam that allows malicious actors to drain users' wallets without requiring transaction approval. This scam targets tokens that comply with the ERC-2612 token standard, which enables "gas-less" transfers or transfers without the need for the wallet to hold ETH.
To execute approval-less transactions, the user must be deceived into signing a message. An investigation by Blocksky revealed that the scam was planned by a Telegram group featuring a counterfeit version of the Collab.Land Telegram verification system.
