A victim of a $24 million phishing attack has received a portion of his stolen funds back after the attacker willingly sent it back to him.

According to web3 anti-scam solution Scam Sniffer, the attacker sent back $9.3 million to the victim after stealing over 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool (rETH) tokens in late 2023.

The victim fell prey to the attack after allowing “Increase Allowance” transactions during the phishing process. This tactic is one of the most common strategies used in phishing scams. Once approved, the requesting party gains the right to transfer assets within the wallet.

This issue, specific to ERC-20 tokens, has been criticized by market players who argue that it can allow rogue developers to deploy malicious smart contracts to deceive unsuspecting users.

Ten months after the theft, on July 6, the attacker sent an on-chain message to the victim, recorded on the blockchain, stating:

“Hello, I am the guy who took your money […] I want to give the money back.”

Subsequently, on July 8, the attacker returned $5.23 million worth of the stablecoin DAI. Another $4.04 million was sent on July 13, totaling $9.3 million, as confirmed by Etherscan data.

The funds were obscured by the attacker using Railgun, a privacy protocol, before being transferred to the victim. The returned funds account for 38.84% of the total funds stolen by the attack.

At the time of publication, the scammer’s sending wallet held over $3 million in various crypto assets.

While rare, there have been instances where attackers have returned stolen funds. Last year, the Euler protocol, which lost $197 million in virtual assets, saw the attacker return almost 90% of the stolen funds. More recently, in Feb. 2024, the hacker behind the $6.4 million Seneca Protocol hack returned $5.3 million to the project as part of a negotiation with the attacker. The project promised a 20% bounty if 80% of the funds were returned and immunity from legal reprisal.

However, phishing scams have continued to plague the crypto sector, with Scam Sniffer reporting more than $290 million in funds lost in 2023 alone.

Stay informed on the latest developments in the crypto world by exploring more news on Global Crypto News.