 | On August 20th 2024 Reddit user u/VtheCryptoEng lost his life savings ($207,300 USDT) in a social engineering / phishing scam. He reached out to me about a year ago looking for help while at the same time trying to work with law enforcement in his jurisdiction to track down the scammers responsible. Here's a breakdown of the wallets affected. Theft Wallets
The stolen funds were distributed into the below two wallets before eventually finding their way into numerous intermediaries and deposit addresses.
Statement of the theft from victim's POV:
I did a quick lookup on Hacker Wallet 1 and Hacker Wallet 2 and noticed those particular wallets have numerous complaints on places like Chainabuse and X. Additionally, I found a handful of wallets with MILLIONs in what appeared to be stolen funds. An example of another victim connected to the same scammers Looking at the community complaints of the wallets I'm following, it appears this group of scammers is based in UK. They purchase IG, TikTok, and Snap accounts with tens of thousands to hundreds of thousands of fake followers posting stories on social media of expensive vacations, eating at fancy restaurants and wearing luxury watches. It's living that social media illusion to the 10th degree. They DM the real users (victims) offering services that can increase their crypto profits but ONLY if they move their funds out of their exchange into one controlled by the scammers. Once a target is found, the scammers will engage in phone conversations to really build the trust by befriending the victim and making them feel like like they are moments away from multi-millionaire status. It's the classic Financial Scam. Once the funds are gone, so are the scammers. The InvestigationAbout three years ago, I lost most of my own life savings in hack that absolutely devastated me. I know the feeling of watching a six figure wallet get drained real-time to $0. I decided to investigate this scam to see what I could do. Following the funds, I noticed there were a few wallets that seemed to be collecting most of the stolen crypto. These wallets ranged from about 500K - 4M in funds. Additionally, there were numerous shared deposit addresses where these wallets sent funds to. I could make the connection of which wallets belong to who based on the shared interactions. The above is a visual of some of the fund movements. The scammers would frequently move large amounts of crypto to different wallets, presumably to mask their trail. This wallet in particular - 0x0ffcdF3002A3c88c3eC4b579535CE09292CB2D2A showed a lot of activity and was a destination for some of VtheCryptoEng's funds. I was able to trace a large stash of DAI, USDT, and SOL sitting in that wallet. Above is a look inside the inflows of wallet 0x0ff....B2D2a. Funds from numerous victims, including VtheCryptoEng made it into this wallet after about 5 hops. I was made aware of some interesting conversations happening between the victim and this wallet. On-chain TauntingIt's one thing to steal, it's another level of maliciousness to taunt the victim after their life savings is gone. In desperation, many victims will reach out on the blockchain hoping the scammers will return the funds in kindness. This doesn't work 99.9% of the time. It appears this group monitors the blockchain for victim responses and responds with animosity reserved only for the lowest of web3 scammers. Ok, you want to taunt the victim now. Let's see what happens when we go after the one thing you care most about, your (stolen) funds. Getting RevengeIn web3, it's uncommon that victims recover anything after a large theft. You rarely hear about them because the process can take YEARS from the initial theft until funds get returned. In most cases, victims are lucky to get a partial return. I was able to work with LE to get assets in this scammer's wallet frozen and a few others that hit deposit addresses. Tether froze the USDT in wallet 0x0ffc....CB2D2A There's about 164K in the scammer's wallet of 0x0ffcd...CB2D2A that will eventually go back to VtheCryptoEng and other victims. The scammer can't touch it, the funds are frozen. The scammer has since moved the rest of the assets to different wallets. In total, about 540K in crypto assets were frozen in connection to VtheCryptoEng's scam and other victims. Although this is a small victory, the amount stolen across the victims of this scam is in the Millions. I'm hopeful that enough funds will be recovered to make the victims whole though this usually isn't the case unfortunately. Im confident this group will eventually be caught. Only then can justice truly be served. Final ThoughtsI want to close this post by saying I've never been paid for the work I've done in web3 investigations. I don't do this for money but for the sheer joy of hunting down the most malicious of bad actors. There's still A LOT more work that needs to be done. Although the funds are frozen, the legal process needs to run its course. The funds need to be seized and then redistributed to the victims which is a process that can take years depending on the jurisdiction. Lastly, Itβs a long road to get the actual funds back, but watching that $540,000 sit frozen and untouchable is a massive win. Scammers think theyβre invisible on-chain, but this proves that with enough persistence and the right legal channels, we can actually strike back. Stay safe out there! [link] [comments] |
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments