In an astonishing turn of events, a phishing scammer has unexpectedly returned nearly $9.3 million to a victim, almost a year after pilfering $24 million in a phishing assault last September. The restitution was first flagged by Scam Sniffer on July 13, revealing the scammer utilized the Dai (DAI) stablecoin to reimburse the funds across two transactions.

Detailed Transactions

The initial transfer occurred on July 8, amounting to $5.23 million. Subsequently, another $4.04 million was transferred on July 13 at 12:06 pm UTC, as per Etherscan data. This surprising act of restitution follows the victim’s loss of 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool (rETH) tokens during the phishing scam on September 6, 2023.

Read more: Blockchain Scams Exposed: Stories from Victims and Lessons Learned

Scam Mechanics

The victim had inadvertently enabled token approvals to the scammer by signing “Increase Allowance” transactions, as detailed by Scam Sniffer’s post at the time of the incident. This allowance, an ERC-20 token feature, permits third parties to spend tokens owned by the approver, a vulnerability flagged by CoinMarketCap and other industry players as a potential loophole for deploying malicious smart contracts.

Market Impact and Value Discrepancies

The recent return of $9.3 million constitutes a 38.4% restitution of the funds based on the prices from September 6. However, the 14,429 staked Ether would be worth $47.5 million at today’s prices. Onchain data indicates the Dai was transferred from an address labeled as Railgun Relay, an intermediary for a privacy protocol, shortly before reaching the victim.

Hacker’s Communication

Scam Sniffer directed Cointelegraph to an onchain message from the hacker, who reached out to the victim via a different wallet address on July 6. The message stated, “Hello, I am the guy who took your money. I want to give the money back.” Etherscan data reveals that the scammer’s wallet address retains a little over $3 million after the $9 million transfer, with nearly 99% of those funds comprising the METAGALAXY LAND (MEGALAND) token from the BNB Chain.

Broader Context

Phishing scammers have siphoned nearly $300 million worth of crypto from 324,000 victims in 2023, according to Scam Sniffer’s 2023 Wallet Drainers Report. Among the most notorious phishing scammers of the year were Inferno Drainer and MS Drainer, who stole $81 million and $59 million, respectively. Pink Drainer emerged as one of the most prominent phishing scammers, amassing over $85 million before ceasing operations in May.