Negotiations began following an incident in which the attacker allegedly
tricked the victim into transferring 1,155 wBTC (equivalent to $68 million at the time) to his account using the “address spoofing” method.
An analysis of blockchain data shows that on the morning of May 3, the attacker used a smart contract to transfer 0.05 tokens from the victim’s account to his own account. On Etherscan, this token did not have a specific name and was designated as “ERC-20”. Typically, attackers cannot transfer tokens without the owner’s permission, but this token had non-standard characteristics that made it possible to transfer it from one account to another without the user’s consent.
Later that same day, the victim apparently mistakenly sent 1,155 wBTC to the address provided. The address may have looked similar to the one the victim typically used to make transfers to the centralized exchange (the start and end of the address were the same), or there was another reason why the address might have looked familiar.
Additionally, the victim could see that they had “already sent 0.05 tokens to this address” in the past and therefore assumed it was safe. However, the 0.05 tokens were sent by the attacker and appear to have only come from the victim.