- Recently, an Ethereum user accidentally sent $71 million worth of Wrapped Bitcoin (WBTC) to the wrong address, falling victim to an “address poisoning” scam.
- The victim has been communicating with the scammer via blockchain transactions, and has so far been partially refunded with 52 ETH ($156,000).
- The scammer used a technique called “address poisoning” or “wallet contamination”, where they sent a zero-value transaction from an address that closely resembled one the victim regularly interacts with.
An Ethereum user who fell victim to an “address poisoning” scam and mistakenly sent $71 million in Wrapped Bitcoin to the wrong address may be on the verge of getting some of their money back.
The Incident: A $71 Million Mistake
On May 3, the victim, identified by address 0x1E227, sent 1,155 Wrapped Bitcoin (WBTC)—approximately $71 million—to a scammer’s crypto address. The victim was tricked into believing the recipient’s address was one of their own. Following the loss, the victim initiated a dialogue with the scammer over the blockchain, which resulted in a partial refund of 52 ETH ($156,000) on Thursday.
The Scam: Address Poisoning
The scammer executed the theft using a method known as “address poisoning” or “wallet contamination”. This involves the scammer sending a zero-value transaction to the victim’s wallet from a crypto address deliberately chosen to resemble one the victim regularly interacts with. The scammer’s goal is to trick the victim into copying the fake address from their transaction history when they next intend to send money to themselves, thereby intercepting the transfer.
The Aftermath: Negotiations and Threats
After losing the funds, the victim messaged the thief, conceding their victory but asking for 90% of the money back, offering to let the scammer keep 10% as a reward. The scammer responded with a demand that the victim send the remaining $1.6 million in DAI stablecoin at the wallet address, or they wouldn’t consider the offer. The victim countered with threats to track down the hacker based on their transaction history if they didn’t accept the initial 90/10 offer.
Conclusion
This incident serves as a stark reminder of the risks inherent in cryptocurrency transactions and the importance of vigilance in ensuring the accuracy of recipient addresses. It also highlights the potential for negotiation and recovery, even in seemingly dire situations. However, the final outcome of this case remains to be seen.