Another day, another victim loses 350K in Phishing Scam. Funds can still be returned!

Victim

0x7453275ad8cacf3a44d19bd10e5b6a2832b05fc3

A look inside the Victim’s wallet of 0x7453275ad8cacf3a44d19bd10e5b6a2832b05fc3. The victim lost $348,710 in Lido Staked ETH.

Hacker wallets

0x1a42605d92c210e4be47a6363046c591659ab444 – Scammer 1 0x000000093E55f433Fb57a32AA5d5Fe717B3f7AB1 – Scammer 2 0x50c47a3b581bf242e908335eec081f0fe6ceeaa9 – Scammer 3 0x76cf09ab182c6bd47b980f7d6dacbda1d6705f37 [Intermediary Wallet]

This hack happened hours ago. I noticed Scam Sniffer tweeted about it so I decided to do a quick investigation.

https://preview.redd.it/hejoump5267c1.png?width=1094&format=png&auto=webp&s=f83a448d9119025a44d2561f1d6bf928749a27ea

Looking at the interactions of 0x1A42605D92C210E4bE47A6363046c591659ab444 – Scammer 1 I can see a few outgoing txns to – 0x075e8370eAdA21803b909b73D5438c07197abA8a

That wallet was funded by 0x43b1c949123b3FD644Fc39Ff04F0624826D64E16 which was funded by 0x009515EfabCcdBAfA485f3919d94C85Ff23Ba75D. Below is a better visual.

– 0x075e8370eAdA21803b909b73D5438c07197abA8a — 0x43b1c949123b3FD644Fc39Ff04F0624826D64E16 [funded above]

—0x009515EfabCcdBAfA485f3919d94C85Ff23Ba75D [funded above]

0x009515EfabCcdBAfA485f3919d94C85Ff23Ba75D is a known hacker/scammer wallet connected to this hack. The below scam literally took place two days ago.

https://preview.redd.it/jdyq881w467c1.png?width=1118&format=png&auto=webp&s=d40ed9b5affa6430f291512341b6b938b01db5fe

Arkham has a label of Lazarus Group, but I think that needs more investigation to confirm

I did notice a COBO deposit address connected to the hacker group 0x9EC6f0a0265d015453a334EE07F0f4E2dC199268 with 543K in assets sitting in it. I HOPE this deposit address is already frozen, there’s a chance these assets can be recovered!

543K in stolen assets still inside this Cobo.com Deposit Address of 0x9EC6f0a0265d015453a334EE07F0f4E2dC199268!

Inside the Cobo Deposit Address of 0x9EC6f0a0265d015453a334EE07F0f4E2dC199268. 0x43b1c949123b3FD644Fc39Ff04F0624826D64E16 has sent most of the transactions here.

0x000000093E55f433Fb57a32AA5d5Fe717B3f7AB1 – Scammer 2 has mutliple interactions with a couple of TradeOgre Deposit address.

0x674d4fcBEE75d9D64F30d23D27F9238aCd22E3Ac 0x7c6c95578D7DAFc9e2E0C8AbC9a669E51e064768

0x76cf09ab182c6bd47b980f7d6dacbda1d6705f37 [Intermediary Wallet] was funded by 0x53BD30522DDF7D565e81F1f1a5d821Dc2c9Ce011 3 months ago.

0x53BD30522DDF7D565e81F1f1a5d821Dc2c9Ce011 is showing 8 deposits to a Kraken Deposit address of 0xE7b2D82b4007eDe7CAFA4D0d0f58812362778402

Inside Kraken Deposit Address of 0xE7b2D82b4007eDe7CAFA4D0d0f58812362778402. Another 5k in stolen assets is sitting here.

I’ll update as more information comes in but this is one of those rare cases where funds can still be frozen at the exchange level as I write this.

submitted by /u/jbtravel84
[link] [comments]