Bitfinex wallet hacker returns most of the $20 million back to US gov’t

October 25, 2024

According to security firm CertiK, crypto losses in Q3 2024 are up 9.5%, with more than $750 million in total funds stolen by threat actors.

The malicious actor who drained a United States government wallet of approximately $20 million on Oct. 24 — containing seized funds from the 2016 Bitfinex hack — returned $19.3 million to the government wallet less than 24 hours later.

According to Arkham Intelligence, several wallets controlled by the hacker returned the funds to the US government wallet beginning with the characters “0xc9E.” At the time of this writing, roughly 88% of the funds have been returned.

Onchain data shows the hacker returned approximately 2,412 Etherium, 7,200 Circle-USD USDC, and $13.2 million in Aave-staked USDC (aUSDC). Blockchain sleuth ZackXBT noted that the returned funds do not include the approximately $700,000 the hacker sent to instant exchanges.

The identity of the hacker and the motivation behind the attack are not currently known, but the incident reflects a growing trend of hacks and exploits in the third quarter of 2024.

The US government wallet containing the seized funds from the 2016 Bitfinex hack. Source: Arkham Intelligence

October hacks and malicious attacks

On Oct. 16, Radiant Capital — a cross-chain lending protocol — was exploited and drained of $50 million. The hacker compromised Radiant Capital contracts on the BNB Chain and Arbitrum networks by obtaining the private keys required to sign transactions from Radiant Capital’s multisignature wallet.

Approximately one week after the exploit, the hacker shifted $52 million in funds to the Ethereum network — making the stolen funds much harder to recover.

The following day, decentralized trading protocol Ambient Finance suffered a front-end attack on its website. According to the Ambient Finance team, a hacker compromised the website domain in an isolated incident that did not affect the protocol. Ambient Finance later regained control of the domain and restored the website service for users.

Restaking service Eigenlayer was the victim of a similar hack on Oct. 18, when a threat actor gained control of Eigenlayer’s X social media account and spread malicious airdrop links to unsuspecting users. The fraudulent airdrop link was only live for a few minutes before it was deleted, and the account is currently functioning normally.

Source: cointelegraph.com

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

October hacks and malicious attacks

RELATED ARTICLESMORE FROM AUTHOR

Tether Spokesperson Blasts WSJ Article, Says Company Is Unaware of U.S. Probe

SEC Ramps up Crypto Oversight With New Examination Priorities for 2025

Bitcoin Will Be Used as Currency by 2030, Predicts CryptoQuant CEO

RELATED ARTICLES MORE FROM AUTHOR