KEY POINTS
The crypto community was left in shock when a massive $71 million worth of Wrapped Bitcoin (WBTC) vanished into the ether of the internet. The theft, a result of a sophisticated phishing attack, saw a whale investor tricked into transferring their assets to a fraudulent wallet. However, in a surprising twist, the stolen funds have been fully returned to the rightful owner.
How the Drama Unfolded
The drama unfolded on May 3, when the victim, lured by a bait wallet address, sent 1,155 WBTC to the scammer. The attacker crafted a wallet address mirroring the victim’s, differing only in a few characters typically obscured to enhance user interface aesthetics. The victim, conducting a routine check by matching the first and last characters of the address, unwittingly transferred 97% of their holdings to the thief.
Initially, the thief converted the stolen WBTC to Ethereum (ETH), a common tactic to facilitate laundering through privacy protocols. The funds remained dormant for six days before the scammer began dispersing them across over 400 wallets, eventually consolidating into 150, in an attempt to evade detection.
Unexpected Restitution
The return of the funds occurred shortly after blockchain security firms intensified their scrutiny. On-chain investigators, including SlowMist, released reports suggesting the attacker’s potential location in Hong Kong, although the use of VPNs could not be discounted. The mounting pressure and the spotlight on the theft may have prompted the thief to reconsider their actions.
This isn’t the first instance where a significant Web3-related theft has a positive resolution. In February, ZachXBT, a pseudonymous blockchain researcher, reached a significant milestone by successfully reclaiming the majority of funds stolen in a DeGods non-fungible token (NFT) heist. Last December, Stolen Bored Ape and Mutant Ape NFTs, valued at $3 million, were recovered following a 120 ETH ransom demand.