Experts discovered personal information about the attacker by investigating IP addresses and device data connected to the attack.
The address poisoning attacker who drained $68 million worth of Wrapped Bitcoin (WBTC) was exposed through “digital evidence,” including a “device fingerprint,” according to statements made on May 23 by Match Systems CEO Andrey Kutin. These pieces of digital evidence eventually strengthened the victims’ hand in negotiations and resulted in the return of all the funds, he claimed.
According to the Match Systems CEO, the attacker did not use regulated exchanges compliant with Know Your Customer and Anti-Money Laundering requirements. Therefore, researchers couldn’t prove the person’s identity definitively. However, they discovered “secondary” or “circumstantial” evidence that the person they were investigating had not practiced proper due diligence and that stolen funds had fallen into their hands due to negligence. This is what strengthened their hand in negotiations.
The $68 million address poisoning attack occurred on May 5 against an Ethereum account that begins with “0x1e.” The attacker created a fake transaction that appeared to transfer the victim’s token to themselves. This confused the victim and caused them to believe that the attacker’s address was safe, as it created the appearance that the victim had voluntarily sent funds to this address in the past.