In an unexpected twist, an anonymous hacker returned $71M in stolen crypto to a victim of a wallet-poisoning scam. This incident took place on May 3 when the victim transferred Wrapped Bitcoin (WBTC) to a phony wallet address that looked like his own.
Blockchain security firms reacted promptly, performing thorough investigations into the event. Lookonchain detailed the return event on May 13, after SlowMist identified the attacker's likely IP addresses in Hong Kong, implying they may have used VPNs. This analysis appears to have put pressure on the attacker, resulting in the restoration of cash.
Initially, the attacker converted the stolen WBTC to ETH and distributed it around over 400 wallets, confounding the trail. Yet, on May 12, all funds were inexplicably restored to the original owner.
This incident is part of a larger pattern of phishing attempts related to WBTC, which saw over 20,000 minor phishing transactions between late April and early May. Despite this return, the potential of such scams remains a major concern in the crypto industry.
