- Scammers have returned roughly 80% of stolen funds to a victim
- The scammers kept 20% of the funds as bounty
- The malicious actors used wallet-draining service Inferno Drainer
Less than a day after a victim lost close to $7 million in ETH in a phishing attack, the victim has recovered most of the funds after the scammers returned 80% of the funds. The malicious actors used Inferno Drainer, a crypto wallet-draining service that announced it was shutting down six months ago. The refund is a very rare occurrence in the blockchain world and comes when another wallet-draining service, Pink Drainer, advised scammers to “take a step back from the grind.”
Just Careless with their Funds?
According to blockchain analytics firm SlowMist’s co-founder Yu Xian, the malicious actors “used the permit offline authorization signature” to siphon 1,807 ETH worth roughly $7 million at the time of writing.
Hours later, Scam Sniffer reported that the scammers had returned 1,445 ETH worth around $5.6 million back to the victim. The malicious actors seemingly kept 362 ETH or 20% of the funds as a bounty.
✨⏳looks like the victim recovered 80% (1445 ETH) of stolen funds by paying a 20% (362 ETH) bounty. https://t.co/lv8dhYgwOb pic.twitter.com/jcXUynyCJV
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 27, 2024
According to on-chain sleuth ZachXBT, this isn’t the first time the victim has been scammed. Last year, they lost $638K in a phishing attack. ZachXBT wasn’t sympathetic with the victim saying that they were “just careless with their funds.”
How do you get phished last year for $638K and then again this year for $6.9M.
Some people are just careless with their assets.
— ZachXBT (@zachxbt) May 26, 2024
Scammers Posing as DeFi Protocol Developers
The permit function used by the malicious actors is a genuine blockchain feature found on the Ethereum blockchain that eases connection to smart contracts. The feature has in the past been exploited netting scammers over $60 million in crypto.
In a recent blog post, SlowMist recommended the use of “authorization tools like RevokeCash” to sniff any suspicious authorizations. Apart from using genuine blockchain code, scammers are also posing as DeFi protocol developers and using bit-flip attacks to steal funds.
Although the victim was lucky to get back most of the funds, it’s unclear why the scammers opted to return the funds.