As a researcher, I’ve been closely monitoring the cryptocurrency space for scams and fraudulent activities. The recent $71 million wallet phishing attack is a stark reminder of the sophisticated tactics used by bad actors to deceive unsuspecting investors.


An individual linked to the recent $71 million wallet scam has commenced moving the funds to fresh accounts.

For the past six days, the wallet of the swindler has shown no signs of activity following the conversion of the pilfered 1,155 WBTC into approximately 23,000 ETH.

Scammer Transfers Stolen Crypto

As a security analyst, I’d rephrase it this way: On May 3, a malicious actor manipulately created a WBTC wallet address that closely mimicked the victim’s, leading me to suspect an “address poisoning” scam. This deceitful address shared similar alphanumeric characters and initiated a small, seemingly harmless transaction towards the victim’s account.

As an analyst, I’ve noticed that many investors, including myself, often validate the authenticity of a wallet address by checking the matching first and last few characters. However, we frequently overlook the importance of examining the middle characters. These characters are sometimes concealed on platforms for aesthetic reasons, making it easy for us to overlook potential discrepancies.

On May 8, PeckShield, a blockchain investigation firm, detected suspicious transactions involving stolen cryptocurrencies. The crook divided the pilfered assets into smaller units and moved them to multiple crypto wallets. This maneuver aimed to weaken the value of the stolen funds and make their origin harder to trace.

As a crypto investor, I’ve received an alert from PeckShield about the recent poisoning scam that led to the theft of approximately $71 million worth of wrapped Bitcoin ($WBTC). Disconcertingly, the crook has laundered the ill-gotten gains by dispersing around 23,000 Ethereum ($ETH) across numerous wallets.
— PeckShieldAlert (@PeckShieldAlert) May 8, 2024

Around 400 crypto wallets were used by a scammer to transfer funds to approximately 150 other wallets. Despite the complex masking techniques employed to conceal the origin of the stolen assets, PeckShield’s investigation has managed to trace all the redirected funds back to the unknown scammer at present.

Crypto Scams Declined in April

In the FBI’s 2023 Internet crime report, there was a troubling increase in cryptocurrency swindles, leading to a grand total of $3.94 billion in investor losses last year. This substantial sum accounted for more than three-quarters of all monetary losses from investment frauds during that timeframe.

As a crypto investor, I’m pleased to note that April saw a significant improvement in terms of minimized losses due to hacks and scams in the cryptocurrency market. The damages caused by such incidents reached an all-time low for this month, with a reported $25.7 million lost – a figure not seen since 2021.

The report identifies the main reason for the significant 141% drop in losses as the lack of private key breaches. In March, there were eleven instances of hacking attempts focusing on private keys, while in April, this number decreased to just three occurrences.

Approximately $21 million out of the $25.7 million in total reported losses for April resulted from exploits. Among these exploit incidents, merely three exceeded $1 million in damage each. Flash loan assaults were responsible for approximately $129,000 in damages throughout the month. The most significant flash loan attack led to a loss of around $55,000 – the smallest such occurrence since February 2022.

Read More

2024-05-08 21:42