Phishing scammer unexpectedly returns $9.3 million to victim

In an unexpected twist, a phishing scammer has returned nearly $9.3/€8.5 million to a victim after stealing $24/€22 million from them last September.

The incident came to light when Scam Sniffer discovered the transactions on July 13, where the scammer used the Dai stablecoin to return the funds in 2 installments.

First refund has already taken place

The first redemption of $5.23/€4.79 million took place on July 8, followed by a second transaction of $4.04/€3.70 million on July 13 at 12:06 UTC, according to data from Etherscan.

The phishing attack took place 10 months ago, on September 6, 2023, with the victim losing 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool (rETH) tokens. The victim had granted approvals for tokens to the scammer by signing “Increase Allowance” transactions, as described in a post by Scam Sniffer following the incident.

The “Allowance” is a feature of ERC-20 tokens that gives third parties the right to issue the owner’s tokens. Crypto market data platform CoinMarketCap and other industry players have since warned that anonymous developers could potentially use malicious smart contracts to scam users.

The $9.3/€8.5 million returned represents a 38.4% return on the stolen funds, based on September 6th prices. However, the 14,429 staked Ether would have been worth $47.5/€43.5 million at current prices.

Crypto Address Labeled as ‘Railgun Relay’

On-chain data shows that the returned Dai came through an address labeled as Railgun Relay, an intermediary for the privacy protocol, shortly before it was handed over to the victim.

Scam Sniffer said the hacker contacted the victim on July 6 using a different wallet address. “Hello, I’m the guy who took your money,” he wrote. “I want to give the money back.”

Etherscan data shows that after the refund, the scammer’s wallet address still contains just over $3 million in funds, nearly 99% of which is the METAGALAXY LAND (MEGALAND) token from the BNB chain.

According to Scam Sniffer’s 2023 Wallet Drainers Report, phishing scammers stole nearly $300 million worth of crypto from 324,000 victims in 2023. Inferno Drainer and MS Drainer were the most notorious scammers, taking $81/€74.3 million and $59/€54 million, respectively. Pink Drainer stole over $85 million before it was shut down in May.