Hacker returns $25 million after their IP address is exposed

Hacker returns $25 million after their IP address is exposed - Blog post from Nordic IT Security Forum 2020

Hacker returns $25 million after their IP address is exposed

Yesterday, Hackread.com reported how a Chinese lending platform named Lendf.me using a lending protocol by dForce was hacked resulting in a loss of $24.36 million worth of Ethereum, Bitcoin and USD Stablecoins. Now, in a shocking twist of events, the entire sum has been returned back by the hacker.

The money was returned over the course of 2 days. On 20 April, $2.79 million was returned whereas today on the 21st of April, the remaining $22 million has been returned. This revelation comes as a result of examining the flow of transactions on the blockchain.

How these events unfolded is no mystery.

After the attack, a series of transactions occurred, in which a “threatening-tease” reply was issued in return by Lendf.me stating “Contact us, for your better future.”

Shortly afterward, it can be seen in the image below that the funds were returned due to obvious reasons by the hacker.

According to Sergej Kunz who is the CEO of 1inch.exchange.com which was used by the hacker to exchange a certain proportion of the funds, the hacker left behind important metadata giving away crucial information such as his IP address and the fact that they were using a MAC with the system language set to US English.

Further, the exchange was using its content delivery network (CDN) which helped the investigator’s even further.

Reporting the incident to The Block, he states:

“We got a request from Singapore police and we were helping dForce. Based on the request, we delivered to the police the IP addresses and sensitive meta information, which the hacker speeded by using our CDN….the The idea was to make pressure as much possible to the hacker.”

However, the value of these funds has gone down a bit to $24.3 million due to the money lost to transaction costs when the hacker was converting them.

To conclude, this is definitely something of a rare incident in the cybersecurity community and would send out a precautionary message to other criminals out there. Cryptocurrency exchanges have been a long-standing target of cyberattacks due to the high riches associated with them.

Nonetheless, administrators should take strong security measures such as trying to place the largest amount possible in cold wallets disconnected from the internet. These could greatly mitigate the potential impacts of such attacks.

Related Posts

New phishing Alert!

New phishing Alert!

New phishing Alert! New campaigns are made for Office 365 users who are returning to the workplace with Coronavirus...

read more