Bitfinex wallet hacker returns most of the $20 million back to US gov’t

According to security firm CertiK, crypto losses in Q3 2024 are up 9.5%, with more than $750 million in total funds stolen by threat actors.

The malicious actor who drained a United States government wallet of approximately $20 million on Oct. 24 — containing seized funds from the 2016 Bitfinex hack — returned $19.3 million to the government wallet less than 24 hours later.

According to Arkham Intelligence, several wallets controlled by the hacker returned the funds to the US government wallet beginning with the characters “0xc9E.” At the time of this writing, roughly 88% of the funds have been returned.

Onchain data shows the hacker returned approximately 2,412 Etherium, 7,200 Circle-USD USDC, and $13.2 million in Aave-staked USDC (aUSDC). Blockchain sleuth ZackXBT noted that the returned funds do not include the approximately $700,000 the hacker sent to instant exchanges.

The identity of the hacker and the motivation behind the attack are not currently known, but the incident reflects a growing trend of hacks and exploits in the third quarter of 2024.

The US government wallet containing the seized funds from the 2016 Bitfinex hack. Source: Arkham Intelligence

October hacks and malicious attacks

On Oct. 16, Radiant Capital — a cross-chain lending protocol — was exploited and drained of $50 million. The hacker compromised Radiant Capital contracts on the BNB Chain and Arbitrum networks by obtaining the private keys required to sign transactions from Radiant Capital’s multisignature wallet.

Approximately one week after the exploit, the hacker shifted $52 million in funds to the Ethereum network — making the stolen funds much harder to recover.

The following day, decentralized trading protocol Ambient Finance suffered a front-end attack on its website. According to the Ambient Finance team, a hacker compromised the website domain in an isolated incident that did not affect the protocol. Ambient Finance later regained control of the domain and restored the website service for users.

Restaking service Eigenlayer was the victim of a similar hack on Oct. 18, when a threat actor gained control of Eigenlayer’s X social media account and spread malicious airdrop links to unsuspecting users. The fraudulent airdrop link was only live for a few minutes before it was deleted, and the account is currently functioning normally.

Source: cointelegraph.com

Previous articleSEC Ramps up Crypto Oversight With New Examination Priorities for 2025
Next articleTether Spokesperson Blasts WSJ Article, Says Company Is Unaware of U.S. Probe
Technical analyst/Trader/Official FYBIT ambassador/Supporter. I have experience in stock trading and forex, but most of all I am fascinated by crypto. In my trading, I like to rely more on technical analysis. Over the years, I have created a lot of profitable trading strategies, over time I began to develop software for automated trading. Now I provide support to FYBIT users, thereby helping FYBIT platform to develop and improve.