In a surprising twist, a phishing scammer has returned nearly $9.3 million to a victim, months after stealing $24 million from them in a phishing attack last September.
Unexpected Fund Return
The unexpected return of funds was first noticed by Scam Sniffer on July 13. The scammer used Dai stablecoin to transfer the money back across two transactions last week. The first transfer of $5.23 million occurred on July 8, followed by another $4.04 million on July 13 at 12:06 PM UTC, according to Etherscan data.
Details of the Phishing Scam
The victim had fallen prey to a $24.2 million phishing scam on September 6, 2023, losing 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool (rETH) tokens. The scammer exploited the victim by getting them to sign “Increase Allowance” transactions, which enabled token approvals to the scammer’s wallet. This ERC-20 token feature allows a third party to spend tokens owned by the victim, a loophole that has been flagged by platforms like CoinMarketCap for its potential misuse in deploying malicious smart contracts.
Also Read: Crypto Scammers Hijack 7News YouTube Channel
The return of the $9.3 million, equating to 38.4% of the stolen funds at September 6 prices, remains unexplained. At today’s prices, the 14,429 staked-Ether would be worth $47.5 million. The returned Dai funds were transferred through an address labeled as Railgun Relay, an intermediary for a privacy protocol, before reaching the victim.
Lack of Communication
The scammer did not provide any explanation or on-chain message to the victim regarding the return of the funds. Etherscan data shows that after the $9 million transfer, the scammer’s wallet still holds over $3 million, primarily in METAGALAXY LAND (MEGALAND) tokens from the BNB Chain.
Phishing scams have been a significant problem in the crypto space. According to Scam Sniffer’s 2023 Wallet Drainers Report, phishing scammers stole nearly $300 million worth of crypto from 324,000 victims in 2023. The most notorious scammers were Inferno Drainer and MS Drainer, who stole $81 million and $59 million, respectively. Pink Drainer also made headlines this year by stealing over $85 million before shutting down in May.
