WBTC scammer transfers $71M in loot after poisoning scam

The individual associated with a recent $71 million wallet phishing attack has finally begun transferring the funds to new addresses.

The scammer’s wallet remained inactive for the past six days after converting the stolen 1,155 WBTC into around 23,000 ETH.

The scammer transfers stolen crypto

The bad actor stole Wrapped Bitcoin (WBTC) on May 3 after creating a wallet address very similar to the victim’s in an “address poisoning” scam. The address had similar alphanumeric characters and executed a small transaction on the victim’s account.

Typically, like many investors, the victim validated the authenticity of the wallet address by confirming the first and last characters matched, a common practice. However, the discrepancy in the characters in the middle, often obscured on the platforms to improve visual aesthetics, went unnoticed.

On May 8, blockchain research firm PeckShield observed suspicious activity involving the stolen funds. The scammer began a process of breaking down the looted assets into smaller portions and dispersing them across numerous crypto wallets. This tactic was aimed at diluting the stolen funds and obscuring their traceability.

#PeckShieldAlert #Layers The scammer who took ~$71 million $WBTC through poisoning #scam has laundered the stolen funds (~23K $ETH) by sending and distributing them to a large number of wallets. https://t.co/Blnw5TMT99 pic.twitter.com/CATCb6t1LL

— PeckShieldAlert (@PeckShieldAlert) May 8, 2024

The scammer used approximately 400 crypto wallets to distribute the funds across more than 150 wallets. Despite great effort to obfuscate the origin of the stolen funds, PeckShield’s investigation revealed that all diverted assets can still be traced back to the unidentified scammer as of today.

Crypto scams declined in April

The FBI’s 2023 Internet Crime Report highlighted a worrying rise in cryptocurrency-related scams, which caused investors to lose $3.94 billion last year. This represents more than three-quarters of the total losses from investment scams during the period.

Meanwhile, April saw a significant decrease in crypto losses to hackers and scams. Crypto losses to hackers and scams hit an all-time low for the month, with just $25.7 million lost, the lowest figure since 2021.

The report attributes the 141% decrease in losses primarily to the absence of private key compromises. There were 11 attacks targeting protocols using private key compromises in March, while April witnessed only three such incidents.

Of the 25.7 million in total losses reported for April, 21 million were due to exploits, with only three breaches exceeding $1 million in damage each. Flash loan attacks resulted in $129,000 in losses, with the largest incident causing $55,000 in damage, the lowest incidence of flash loan attacks since February 2022.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

LIMITED OFFER 2024 for CryptoPotato readers on Bybit – Use this link to register and open a $500 BTC-USDT position on Bybit Exchange for free!