Victim of $71 million 'address poisoning' attack recovers funds following negotiations

Quick Take

  • Blockchain data shows that the victim of a $71 million address poisoning attack last week has recovered nearly all available funds when accounting for the changes in crypto prices. 
  • Blockchain cybersecurity firm Match Systems and the Cryptex exchange participated in the recovery negotiations, according to a press release. 

Somewhere in the world, a whale is thanking their lucky stars it wasn't Lazarus. The victim of last week's 'address poisoning' attack, who was seemingly tricked into sending wrapped Bitcoin tokens (WBTC) worth $71 million to an attacker who mimicked their address for that purpose, has recovered almost all available funds, blockchain data shows. 

In an 'address poisoning' or 'dusting' attack, an attacker will spam the wallet of a high net worth individual with transactions from a wallet that closely mimics the victim's address. If the victim should carelessly copy and paste a wallet address from a spam transaction, one wrong transaction could see them sending millions right into an attacker's hands, as seemingly happened here. 

While the value in U.S. dollars of the recovered funds stands at only about $66.8 million, since the attacker largely swapped the stolen WBTC tokens to ether following the theft, the loss in value can be attributed to ether's slightly greater decline in price over the past week relative to Bitcoin. 

In a press release, blockchain cybersecurity firm Match Systems' CEO Andrei Kutin claimed credit, along with the exchange Cryptex, for participating in the negotiations with the attacker that led to the full recovery. "At the moment, the victim has no complaints against the attacker," the press release reads.

Blockchain messaging data shows that while early attempts by the victim to reach out to the attacker, even offering a 10% bounty, went unanswered, the attacker reached out two days ago looking to contact the victim. Specific details on the recovery negotiations, and why the attacker may have initially rejected a 10% bounty only to return the full remaining funds, are sparse; Match Systems did not immediately respond to a request for comment. 

While multi-million dollar exploits of various kinds are unfortunately common in crypto, illicit activity may be falling, as security firm CertiK recently noted that April saw the least amount of funds lost to scams of any month since March 2021. Attackers may also be less inclined to accept bounties following the conviction of Avraham Eisenberg for fraud charges related to the Mango Markets exploit, despite his return of some of the looted funds. 


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Zack Abrams is a writer and editor based in Brooklyn, New York. Before coming to The Block, he was the Head Writer at Coinage, a Web3 media outlet covering the biggest stories in Web3. The story he co-reported on Do Kwon won a 2022 Best in Business Journalism award from SABEW. Other projects included a deep dive into SBF's defense based on exclusive documents and unveiling the identity of the hacker behind one of 2023's biggest crypto hacks — so far. He can be reached via X @zackdabrams or email, [email protected].

WHO WE ARE

The Block is a news provider that strives to be the first and final word on digital assets news, research, and data.

+ Follow us on Google News
Connect with the block on