WTC Thief Spreads $71 Million Exploit Across Multiple Crypto Wallets
Stolen crypto funds linked to the recent $71 million wallet impersonation scam are on the move after six days of silence.
On May 3, an investor sent $71 million worth of packaged Bitcoin (WBTC) to a bait wallet address, falling victim to a wallet poisoning scam. The fraudster created a wallet address with the same alphanumeric characters and made small transactions on the victim's account.
Like most investors, the victim verified the wallet address by matching the first and last few characters and transferred 97% of their assets to it. However, the difference was noticeable in the medium characters, often hidden in platforms to improve visual appeal.
Hackers often convert the stolen crypto into Ether (ETH), making it easy to use with privacy protocols like Tornado Cash – and this hacker was no different. 1,155 WBTC was instantly converted to 23,000 ETH and lay in the fraudster's wallet for six days.
On May 8, blockchain investigation firm PeckShield noted that some of the stolen funds were legitimate. The fraudster divides the loot into several parts and starts sending it to multiple crypto wallets.
The fraudster used around 400 crypto wallets to verify the stolen funds and reduce traceability. Ultimately, the funds in question ended up in more than 150 wallets. However, all stolen funds can be traced back to an unknown fraudster at the time of writing.
Crypto fraudsters and hackers have been very active during the historic bull market. Read Cointelegraph's student guide on how to safely store cryptocurrencies.
Related: 4 tips to protect your crypto from hackers in this bull market
A new type of scam allows bad actors to withdraw users' wallets without transaction authorization.
The cheat only works on tokens that meet the ERC-2612 token standard, which allows for “gas-less” transfers or wallet transfers that don't hold ETH.
However, to enable unauthorized transactions, the user must be tricked into signing a message. Cointelegraph's investigation has revealed that Colomb.land is a hoax orchestrated by the Telegram group that provided a fake version of Telegram's authentication system.
Magazine: Meme Coins: Betraying Crypto Ideas… Or Its True Purpose?