Victim of $71 million 'address poisoning' attack recovers funds following negotiations

Somewhere in the world, a whale is thanking their lucky stars it wasn't Lazarus. The victim of last week's 'address poisoning' attack, who was seemingly tricked into sending wrapped Bitcoin tokens (WBTC) worth $71 million to an attacker who mimicked their address for that purpose, has recovered almost all available funds, blockchain data shows. 

In an 'address poisoning' or 'dusting' attack, an attacker will spam the wallet of a high net worth individual with transactions from a wallet that closely mimics the victim's address. If the victim should carelessly copy and paste a wallet address from a spam transaction, one wrong transaction could see them sending millions right into an attacker's hands, as seemingly happened here. 

While the value in U.S. dollars of the recovered funds stands at only about $66.8 million, since the attacker largely swapped the stolen WBTC tokens to ether following the theft , the loss in value can be attributed to ether's slightly greater decline in price over the past week relative to Bitcoin. 

In a press release, blockchain cybersecurity firm Match Systems' CEO Andrei Kutin claimed credit, along with the exchange Cryptex, for participating in the negotiations with the attacker that led to the full recovery. "At the moment, the victim has no complaints against the attacker," the press release reads .

Blockchain messaging data shows that while early attempts by the victim to reach out to the attacker, even offering a 10% bounty, went unanswered, the attacker reached out two days ago looking to contact the victim. Specific details on the recovery negotiations, and why the attacker may have initially rejected a 10% bounty only to return the full remaining funds, are sparse; Match Systems did not immediately respond to a request for comment. 

While multi-million dollar exploits of various kinds are unfortunately common in crypto, illicit activity may be falling, as security firm CertiK recently noted that April saw the least amount of funds lost to scams of any month since March 2021. Attackers may also be less inclined to accept bounties following the conviction of Avraham Eisenberg for fraud charges related to the Mango Markets exploit, despite his return of some of the looted funds.