원저자: Frank, PANews
In the dark forest of encryption, hackers are eyeing on-chain assets and waiting for an opportunity to strike. Among the many victims of phishing, the whale who lost 1,155 bitcoins was ultimately a lucky one.
This phishing case has been followed by the community due to the huge amount of money involved. The story begins on May 3, when a whale user suffered a phishing attack with the same first-number address by a hacker and lost 1,155 WBTC, worth about $70 million. Subsequently, the hacker exchanged all WBTC for 22,955 ETH and transferred them to dozens of accounts. On May 4, the victim began to call out to the hacker through on-chain information, asking the other party to keep 10% and return the remaining 90%. In addition, the ETH addresses of the two have also become a centralized communication space, and many addresses have participated in the tug-of-war in this coin-chasing operation. Until May 9, the hacker replied to the victim, asking him to leave a telegram message, saying that he would take the initiative to contact him.
On May 9, the hacker began to return ETH to the victim, and eventually returned all the ETH. Was the hacker forced to do this or did he make a change of heart? PANews got some information from the communication information on the chain.
Bounty hunters deter hackers
Since May 4, the victim has repeatedly called out to the hacker. In addition to saying that he could give the other party 10%, he also stated that he did not post anything on Twitter and advised the hacker: We all know that 7 million will definitely make your life better, but 70 million will not make you sleep well.
Unfortunately, after calling out many times, there has been no response from the hacker. It seems that the victim lacks solid evidence to confirm the hackers true identity, including the SlowMist threat intelligence network, which only located a mobile base station in Hong Kong and does not include the possibility of VPN. Therefore, the hacker is also in a state of fearlessness.
Until May 7, an address at 0x882c927f0743c8aBC093F7088901457A4b520000 sent a message to the victim saying: Hello, I am one of the programmers of ChangeNow. I have access to the ChangeNow database. Hackers have used this platform many times. I can leak all his data, but I ask for a reward of $100,000 in exchange for data such as the IP address and the address of the exchange where the funds were sent. I can only provide this information; the rest is up to the police to contact the exchange and collect his personal data such as KYC and location associated with the address. If you want to pursue this case, please send a confirmation message.
Although the victim did not respond to the bounty demand of this address, it was after this message that the hacker suddenly transferred 51 ETH back to the victim, with a note asking to add the victims TG account.
PANews found through on-chain analysis that multiple accounts of the hacker did interact with the ChangeNow exchange. The funds in the address of the bounty hunter who called out were also withdrawn from ChangeNow. Perhaps it was this information that hit the hackers soft spot, making him start to fear this unknown informant.
ChangeNow is an exchange that hackers are very keen on. Generally speaking, it is used as a currency mixing tool due to its anonymity and KYC exemption. According to PANews, if hackers have used the fiat currency exchange function on the platform, KYC is indeed required.
However, judging from the bounty hunter鈥檚 on-chain information and the information left behind, the other party鈥檚 identity cannot be confirmed to be a ChangeNow staff member. Finally, judging from the on-chain information, it seems that this bounty hunter has not yet received the $100,000 bounty as he wished.
The real victim may be a big user of Bored Ape.
On May 5, PAULY, the founder of Pond Coin and the whistleblower of PEPE鈥檚 founder, pretended to be a victim of lost tokens on Twitter, perhaps to gain attention from this incident. However, after analysis by PANews, it was found that PAULY was not a victim of this incident.
According to the TG information left by the victim on the chain, a user named @BuiDuPh was linked to him on Twitter. The user was introduced as a Vietnamese software engineer. He repeatedly retweeted media reports on the incident after the incident. PANews tried to contact the user but received no response. On May 12, the user cancelled his Twitter account and deleted all related content. However, browsing the users previous Twitter dynamics, the user only retweeted some related content after the incident, and maintained a large number of browsing and interaction with other content every day. He did not look like a person who lost $70 million. The user may just be helping token holders deal with the incident.
PANews found out through on-chain information tracking that the real owner of the lost tokens is likely to be the user @nobody_vault. Nobody_vault is a well-known NFT player and was once the largest holder of the Bored Ape NFT. As of now, he still holds 49 Bored Ape NFTs and has previously invested in an Undeads blockchain game project. According to on-chain information, the address where the lost tokens were traded with nobody_vaults address in large quantities.
The hackers didn鈥檛 stop
According to the information on the chain, the hacker has recently conducted about 25,000 small transactions for phishing through the two addresses 0x8C642c4bB50bCafa0c867e1a8dd7C89203699a52 and 0xDCddc9287e59B5DF08d17148a078bD181313EAcC. So far, it seems that the hacker has no intention of stopping. After returning 1,155 WBTC to the victim, the hacker is still using this method to fish. In addition to this fishing, according to SlowMist analysis, the hacker has recently made a profit of more than 1.27 million US dollars through this method.
Another user 0x09564aC9288eD66bD32E793E76ce4336C1a9eD00 also left a message on the chain saying that the hacker has phished more than 20 addresses using this method.
But compared to the victims who lost 1,155 WBTC, other users do not seem to be so lucky. Due to the small amount, these small phishing victims did not attract public attention. And the hacker seemed to be exempted from all legal responsibilities after returning the funds. Not only did he continue to be at large, but he also continued his old business.
For ordinary users, this incident also reminds everyone to carefully confirm their address before transferring money.
This article is sourced from the internet: 1155 Bitcoins Lost and Found: The Real Victims May Be Bored Ape Investors
Related: Meme Coin PEPE Sets the Path to New All-Time Highs
In Brief Pepe declined by more than 26% in the last four days and is now testing a crucial support floor. The investors are showing conviction, shifting of 36 trillion SHIB into mid-term holders addresses. Whales are also beginning to collect PEPE after over two weeks, bringing in $26 million in a day. Pepe’s price mirrors the broader market’s corrective phase, finding itself at a critical support threshold. Yet, the narrative from this juncture could take a positive turn, buoyed by investor confidence that remains steadfast. Pepe Investors Hold Steady Despite a 26% drop recently, Pepe’s outlook appears geared towards recovery, driven by investor optimism. This sentiment is captured by the transition of tokens from short-term to mid-term holders, indicating a deeper commitment to holding onto their investments for potential…