- A white hat hacker retrieved 16,000 in cryptocurrency from a fraudster's clutches.
- The white hat broke into the scammer's database and intercepted the funds.
- Tracing the crypto back to Binance, the hacker returned the crypto to its owner.
A victim of a sophisticated crypto phishing scam has had their stolen crypto returned after a white hat hacker recovered over $16,000 worth of stolen Ethereum (ETH) and Decentr (DEC).
The hacker intercepted the funds after managing to penetrate the database of a crypto phishing scam. And unlike some 350 people that fell victim to the recent Twitter hack and Bitcoin scam, this time, the funds were reunited with their owner. And it's not the first time he has helped people to avoid crypto scams either.
Earlier this month, Harry Denley, director of security at blockchain analytics firm, MyCrypto, stumbled across a particularly sophisticated variant of a phishing scam. The method lulls victims in with phony user interfaces (UI) that imitate popular decentralized finance (DeFi) protocols—in this instance, Uniswap, an ETH-based token exchange, explains Denley in a blog post.
Once hooked, the scam prompts victims into revealing a host of information they really shouldn't divulge, including private keys, a secret alphanumeric password that provides access to stashed crypto funds. The bogus UI then redirects victims to the actual protocol—in an apparent effort to avoid suspicion.
⚠️ We are seeing this becoming more frequent - web3 phishing is asking users for raw secrets by imitating @metamask_io popups (MetaMask won't ask for your key like this)#cryptocurrency #security
cc: @BalancerLabs https://t.co/YtYEpDnHDZ pic.twitter.com/UQxhDdoa4T
— harrydenley.eth ◊ (@sniko_) July 9, 2020
Fortunately for one victim, Denley was on hand to foil the fraudster's plans. And favorably for Denley, the scammer's database security was lax, allowing him to receive the phished details and eventually recover the funds.
Further analysis of the database revealed other malicious UI's masquerading as domain names, such as XMR-wallet.com—a web wallet for the privacy coin Monero—as well as a host of other Uniswap directories.
Tracing the victim's funds back to a Binance.com address, Denley reached out to a contact within the exchange, confirmed the victim, and transferred the funds back to their rightful owner.
Denley is no stranger to tackling crypto fraudsters. In May, he flagged eight phishing scams masquerading as legitimate crypto wallets on the Google Chrome store. Despite Denley's best efforts, Bitcoin podcast host Eric Savic fell foul of one of the scams, losing his entire crypto fortune. Not even Denley could recover it now.