A victim of a $24 million phishing attack has received a portion of his stolen funds back after the attacker willingly sent it back to him.
According to web3 anti-scam solution Scam Sniffer, the attacker sent back $9.3 million to the victim after stealing over 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool (rETH) tokens in late 2023.
The victim had fallen prey to attack after allowing “Increase Allowance” transactions requested during the phishing process.
This tactic has been flagged as one of the most common strategies employed in phishing scams. Once approved, the requesting party has the right to transfer assets within the wallet.
The issue, specific to ERC-20 tokens, has been criticized by market players who claim that it can allow rouge developers to deploy malicious smart contracts to dupe unsuspecting users.
Ten months after the theft, on July 6, the attacker sent an on-chain message to the victim. The message, recorded on the blockchain, states:
“Hello, I am the guy who took your money [..,] I want to give the money back.”
Subsequently, on July 8, the attacker returned $5.23 million worth of the stablecoin DAI. Another $4.04 million was sent on July 13, totaling $9.3 million, as confirmed by Etherscan data.
The funds were obscured by the attacker using Railgun, a privacy protocol, before being transferred to the victim. The returned funds account for 38.84% of the total funds stolen by the attack.
At the time of publication, the scammer’s sending wallet held over $3 million in various crypto assets.
While quite rare, there have been some instances where attackers have returned stolen funds. Last year, the Euler protocol, which lost $197 million in virtual assets, saw the attacker return almost 90% of the stolen funds.
More recently, in Feb. 2024, the hacker behind the $6.4 million Seneca Protocol hack returned $5.3 million to the project as part of a negotiation with the attacker. The project promised a 20% bounty if 80% of the funds were returned and immunity from legal reprisal.
However, phishing scams have continued to plague the crypto sector, with Scam Sniffer reporting more than $290 million in funds lost in 2023 alone.