Crypto Scam Update: Stolen $71M WBTC Loot Distributed Among Multiple Wallets

Ruholamin Haqshanas

Last updated:

May 8, 2024 07:02 EDT | 2 min read

Stolen crypto funds tied to a recent $71 million wallet impersonation scam have started moving after six days.

On May 3, an investor fell victim to a wallet poisoning scam, sending $71 million worth of Wrapped Bitcoin (WBTC) to a bait wallet address

The scammer created a wallet address with similar alphanumeric characters, tricking the victim into transferring 97% of their assets.

Typically, investors validate wallet addresses by matching the first and last few characters, but fail to notice discrepancies in the middle characters that are often hidden on platforms for visual appeal

In this case, the difference would have been noticeable if carefully examined.

Hacker Converts Stolen WBTC to ETH

The hacker behind the scam swiftly converted the stolen WBTC into approximately 23,000 ETH, a common tactic used to make siphoning easier through privacy protocols like Tornado Cash

The converted funds remained dormant in the scammer’s wallet for six days.

On May 8, blockchain investigation firm PeckShield observed the movements of the stolen funds

The scammer began splitting the loot into multiple parts and distributing them across several crypto wallets

#PeckShield #Layering The scammer who grabbed ~$71 million worth of $WBTC via a poisoning #scam has laundered the stolen funds (~23K $ETH) by sending and spreading them across a large number of wallets. pic.twitter.com/CATCb6t1LL

— PeckShield (@PeckShield) May 8, 2024

To reduce traceability, around 400 wallets were used, ultimately leading to over 150 wallets holding the stolen funds

However, at the time of writing, the stolen funds can still be traced back to the unknown scammer

Throughout history, crypto scammers and hackers have been particularly active during bullish market conditions

It is crucial for investors to educate themselves on secure cryptocurrency storage practices. Cointelegraph provides a learners’ guide on how to safely store cryptocurrencies.

In another type of scam, bad actors have devised a technique to drain users’ wallets without requiring transaction approval

This particular scam targets tokens that adhere to the ERC-2612 token standard, allowing for “gas-less” transfers or transfers without the need for holding ETH in the wallet

However, to enable approval-less transactions, users must be deceived into signing a message

A recent investigation uncovered a Telegram group featuring a fake version of the Collab.Land Telegram verification , which orchestrated this scam.

April Records Lowest Crypto Hack Losses

The cryptocurrency industry experienced a major downturn in combined losses from hacks and scams in April.

The month saw the lowest combined losses from crypto-related hacks and scams since 2021, with approximately $25.7 million lost to exploits, hacks, and scams.

More specifically, only $25.7 million was lost in attacks throughout the month, marking the lowest amount since CertiK began tracking such data in 2021.

Flash loan attacks accounted for $129,000 in losses, with the largest incident causing $55,000 in damages

This marked the lowest incidence of flash loan attacks since February 2022, and $4.3 million was lost to exit scams.

As reported, the first quarter of this year has seen $336 million lost to Web3 hackers and fraud, with nearly half of the capital stolen in January alone

Nonetheless, the number represents a 23% decrease compared to the first quarter of 2023.

It is also worth noting that $73,885,000 has been recovered from stolen Web3 capital in 7 specific situations.

Follow Us on Google News