Blockchain security firm Peckshield reported that the attacker had returned 50% of the stolen funds— approximately 11,446.87 ETH worth $34.7 million—to the victim’s address as of press time.

10% bounty

This refund comes shortly after the scammer engaged with the victim through several on-chain messages over the past day.

On May 3, an unnamed crypto trader lost 1,155 WBTC through an address-poisoning phishing scheme. These illicit schemes typically lure individuals into transferring digital assets to fraudulent addresses owned by malicious actors.

Following the theft, the attacker swiftly converted the funds into 22,956 ETH and dispersed the digital assets across “a large number of wallets” to obfuscate the trail.

However, the victim proposed offering the perpetrator a 10% bounty in exchange for returning 90% of the stolen funds, cautioning that laundering the money would prove futile.

“We both know there’s no way to clean this funds. You will be traced. We also both understand the ‘sleep well’ phrase wasn’t about your moral and ethical qualities. Nevertheless, we officially admin your right to the 10%. Send 90% back,” the victim wrote.

On May 9, the attacker sent 51 ETH, worth more than $150,000, to the victim, including a message asking the victim to provide a Telegram username where they could be contacted.

Hacker’s profile

Blockchain security firm Slow Mist suggested that the attacker might be involved in several other phishing attacks targeting the Tron and Ethereum blockchains.

The firm said it “observed that from April 19 to May 3, [an address associated with the hacker] initiated over twenty thousand small transactions, distributing small amounts of ETH to various addresses for phishing purposes.”

Slow Mist furthered that several IPs suspected to be used by the hacker originated from mobile stations in Hong Kong

Mentioned in this article