Hacker Launders $9 Million of $246 Million From Parity Multisig Hack
A threat actor recently laundered $9 million from the loot they exfiltrated from Parity Multisig.
Parity Multisig Lost 150k ETH
In 2017, researchers discovered a serious vulnerability in the wallet version 1.5+. This defect allowed a hacker to steal over 150K ETH, which was approximately 30M USD at the time.
However, this incident marked a significant chapter in the history of cryptocurrency theft. What’s more, the hacker behind this theft demonstrated remarkable patience in their strategy.
On May 13, the same threat actor initiated the laundering of 3,050K ETH, which is equivalent to $9M USD, through the exchange platform. To carry out this process, the hacker utilized multiple consolidated Ethereum addresses.
It is also important to note that the hacker still controls a staggering 83017K ETH, which amounts to a whopping $246.6M USD.
Additionally, this amount remains in the primary address. This situation is concerning and highlights the need for robust security measures and constant vigilance in the world of cryptocurrency.
Wallet Poisoning Scam Looting $71 Million
Recently, an actor stole over $71 million using a wallet-poisoning technique. The scammer sent the victim a plate number, 51 ETH, along with a message requesting contact information through Telegram.
Interestingly, the attacker contacted the victim twice to acquire their Telegram details before transferring approximately $151,600. The attack was executed on the Ethereum blockchain through an input data message (IDM), a type of peer-to-peer messaging.
On-chain data provided by Etherscan reveals that the scammer contacted the victim twice and asked for their Telegram details. This happened after the victim demanded the return of 90% of the stolen funds on May 5. The plate number 51 ETH, returned by the scammer, represents about 4.2% of the requested amount.
The victim also responded to the scammer through an IDM. The victim warned the scammer about the traceability of the stolen funds and demanded a return of 90%. They set a deadline of May 6, 2024, at 10:00 am UTC, for the remaining amount to be returned.
The poisoning attack occurred when the scammer moved 1,155 WBTC, worth $71 million, to their address. In wallet poisoning attacks, fraudsters attempt to deceive the victim into repeating their address instead of their own.