The lost 1155 Bitcoin: the real victim may be the Large Investors of the Bored Ape

Original by Frank, PANews

In the dark forest of encryption, hackers are staring at on-chain assets, and among the longest victims of phishing, the whale who was fished for 1155 Bitcoins is ultimately the lucky one.

This “phishing case” has been concerned by the community because of the huge amount of money, and the story starts on May 3, when a whale user was phishing by Hacker at the same number Address and lost 1,155 WBTC, worth about $70 million. Subsequently, the Hacker exchanged all the WBTC for 22,955 ETH and transferred it to dozens of accounts. On May 4, victims began shouting at Hacker through on-chain messages, asking them to leave 10% and return the remaining 90%. In addition, the ETH Address between the two has also become a short for centralized exchanges, and many Address have participated in this coin pursuit. Until May 9, the Hacker replied to the victim and asked him to leave a telegram message saying that he would contact him.

On May 9, the Hacker began returning ETH to victims, eventually returning the entire amount of ETH. Did the Hacker make this move out of pressure or did they have a conscience? PANews has a number of reasons based on on-chain communication.

Bounty hunters deter Hacker

Since May 4, the victim has shouted to the Hacker longest, in addition to saying that he can give 10% to the other party, he also said that he did not post anything on Twitter, and admonished the Hacker: We all know that 7 million will definitely change your life for the better, but 70 million will not make you sleep well.

Unfortunately, after longing shouting, there has been no reply from the Hacker. It seems that the victims lack conclusive evidence to confirm the true identity of the Hacker, including the threat intelligence network of SlowMist, which only located a mobile base station in Hong Kong, and does not include the possibility of a VPN. Therefore, Hacker is also in a state of impunity.

It wasn’t until May 7 that a 0x882c927f0743c8aBC093F7088901457A4b520000 Address sent a message to the victim saying, "Hello, I’m one of the programmers at ChangeNow. I have access to the ChangeNow database. Hacker have used this platform longing. I can divulge all his data, but I ask for a reward of $100,000 in exchange for data such as this as the IP Address and the Address of the Exchange where the funds are sent, I can only provide this information; The rest is up to the police to contact the exchanges and collect his personal data, such as KYC and location related to the Address. If you want to pursue the case, please send a confirmation. ”

Although the victim did not respond to the bounty request for this address, it was after this message that the Hacker suddenly transferred back 51 ETH to the victim with a postscript asking to add the victim’s TG account.

Through on-chain analysis, PANews found that Hacker’s longest linked accounts did interact with the ChangeNow exchanges. And the funds in the Address of the bounty hunter who shouted are also coin by ChangeNow. Perhaps it was this message that poked at the Hacker’s weakness and made him jealous of this unknown whistleblower.

ChangeNow is an exchange that Hackers are very keen on, and it is traditionally used as a coin mixing tool with features such as anonymity and exemption from KYC. According to PANews, Hacker does need KYC if they have used the fiat currency exchange feature on the platform.

But judging from the on-chain information and the information left by the bounty hunter, the identity of the other party cannot be confirmed to be a staff member of ChangeNow. In the end, judging from the on-chain information, it seems that this bounty hunter has not yet received the $100,000 bounty as he wished.

The real victim may be a Large Investors of Bored Ape

On May 5, PAULY, the founder of PEPE and the founder of Pond Coin, may have used this incident to gain popularity and posed on Twitter that she was a victim of lost Tokens. However, an analysis by PANews revealed that PAULY was not a victim of the incident.

According to the TG information left by the victim in the on-chain, it was linked to a @BuiDuPh user on Twitter. The user is introduced as a software engineer in Vietnam. and forwarded the progress of media coverage of the incident longing after the incident. Attempts by PANews to contact the user were unresponsive, and by May 12, the user had logged out of his Twitter accounts and removed all related content. But looking at the user’s previous Twitter feed, the user only retweeted some relevant content after the incident, and maintained a large number of browsing and interacting with other content every day, which does not look like a person who lost $70 million, and the user may also just help Token holders deal with the incident.

According to the on-chain information, PANews found that the real owner of the lost Token is likely to be the user @nobody_vault, nobody_vault is a famous NFT player, and was once the largest holder of Bored Ape NFT. As of now, he still holds 49 Bored Ape NFTs and has previously invested in an Undeads blockchain game project. According to on-chain information, the loss of coin Address has a large number of transactions with the Address of nobody_vault.

The Hackers didn’t stop

According to on-chain information, it can be seen that the Hacker has recently made about 25,000 microtransaction for fishing through two Address 0x8C642c4bB50bCafa0c867e1a8dd7C89203699a52 and 0xDCddc9287e59B5DF08d17148a078bD181313EAcC. So far, it seems that the Hacker has no intention of stopping, and even after returning the 1155 WBTC victims, the Hacker continues to use this method of fishing. In addition to this phishing, according to Slowfog analysis, the Hacker has recently made more than $1.27 million in profits through this method.

Another user 0x09564aC9288eD66bD32E793E76ce4336C1a9eD00 also commented on the on-chain that the Hacker had fished more than 20 Address through this method.

But compared to the victims who lost 1155 WBTC, other users don’t seem to be so lucky. Due to the small amount of money, these small fishing victims do not attract the attention of the public. And the Hacker also seems to be exempt from all legal responsibility after returning the funds. Not only continue to get away with it, but also continue to get back to the old business.

For ordinary users, this incident also reminds everyone to carefully confirm their Address before making a transfer.