‘I want to give the money back,’ says hacker who stole $24m in staked Ether last year

‘I want to give the money back,’ says hacker who stole $24m in staked Ether last year
DeFiPeople & culture
An attacker has returned $10 million out of the $24 million stolen from the victim. Credit: Darren Joseph
By
Osato Avan-Nomayo
  • A hacker contacted their victim to offer to return the stolen funds almost a year after the incident.
  • Less than half of the stolen funds have been refunded.
  • Phishing attacks are still a major concern for crypto owners.

A hacker has contacted their victim to offer to return stolen cryptocurrencies almost a year after the attack.

Last September, the investor suffered a loss of $24 million after falling victim to a phishing attack, where the hacker tricks their target into approving a malicious smart contract designed to syphon funds.

In a surprising twist, the victim heard from the hacker on July 6.

“Hello, I am the guy who took your money,” the hacker said in an onchain message to the victim.

Onchain communication allows crypto users to send messages as transactions using their wallets and can be viewed using explorers like Etherscan.

onchain message

Onchain message sent by the attacker on July 6 (Etherscan)

“I want to give the money back, waiting for your reply,” the hacker said.

The hacker contacted the victim using a wallet address different from those flagged during last year’s hack.

On Monday, the victim confirmed receipt of some of the stolen funds.

Join the community to get our latest stories and updates

“Acknowledging that 10.3 million DAI has already been returned to this address,” the victim said in an onchain message.

Onchain data from Etherscan shows the hacker began the refund process last week and sent three transactions totaling $10.3 million in DAI stablecoin.

“Thank you for wanting to give the money back. Please send the remainder back to this address.”

The victim is still waiting for the remainder of the stolen funds as of the reporting time.

Last year’s theft saw $24 million in stETH and rETH stolen from the victim.

StETH and rETH are liquid staking tokens offered by Lido and RocketPool, respectively. Both providers give the tokens in exchange for a user staking their Ether tokens on the respective protocols.

Following the attack, the hacker routed multiple $100,000 transactions via FixedFloat, a crypto exchange often used by hackers and exploiters to move syphoned funds.

Phishing attacks

Phishing attacks were a major headache for crypto owners last year.

Onchain fraud detector Scam Sniffer reported that $300 million in crypto was lost to phishing attacks in 2024 ― 17% of last year’s crypto theft total.

Large-scale wallet drainers like MS Drainer, Inferno Drainer, and Pink Monkey were the major culprits.

In another major crypto phishing attack this year, the victim lost $72 million in wrapped Bitcoin tokens ­― Bitcoin on the Ethereum network.

The attacker returned all the funds despite an agreement to keep a 10% bounty.

Osato Avan-Nomayo is our Nigeria-based DeFi correspondent. He covers DeFi and tech. To share tips or information about stories, please contact him at osato@dlnews.com.

Related Topics
HACKS AND EXPLOITS
Related articles
CoinStats says $2.2m stolen in June attack, Lazarus Group likely culprit
People & culture
Mike Millard
DeFi needs to solve its security woes. Here’s how that could happen
DeFi
Tim Craig
Inside the crypto war room: How a whitehat hacker helped recover $450 million
People & cultureDeFi
Tim Craig
Crypto losses to hacks and exploits double in first half to $1.4bn, researchers say
People & culture
Mike Millard