Bitcoin hacker who took $72m returns funds in exchange for $7.2m as ‘bounty’

Bitcoin hacker who took $72m returns funds in exchange for $7.2m as ‘bounty’
wBTC hacker has begun to return funds taken from a victim in early May. Credit: Darren Joseph
  • wBTC hacker has begun to return funds taken from a victim in early May.
  • The hacker initially got away with $72 million worth of wBTC.

Last week, someone took a staggering $72 million in wrapped Bitcoin tokens — Bitcoin on the Ethereum blockchain — from a victim but both parties have agreed to a deal that will see 90% of the funds returned to the original owner.

The hacker, meanwhile, will keep the remaining 10% ― which amounts to $7.2 million ― as a “bounty,” after negotiating with the victim.

The attacker has already begun to return the funds, with almost half of the original loot transferred back to the victim thus far, according to onchain data.

Both parties negotiated the deal via onchain messaging and Telegram chats with the victim providing his online identity on the latter platform as “Bui Duy Phong.”

Bitcoin hacker negotiates with victim

“You’ve won, brother. You can keep 10% and return the 90%. We can act like nothing happened,” the victim communicated to the hacker via onchain messaging on May 4. “We both know $7 million is enough to live very comfortably, but $70 million will keep you up at night.”

The hacker drained Phong’s assets last week using a phishing attack that used address poisoning to trick the victim.

Address poisoning is a type of attack where the hacker creates a wallet address that matches the victim’s.

In last week’s attack, the first four and six digits of both addresses were the same.

Join the community to get our latest stories and updates

The hacker then spammed the victim with transactions sent using the poisoned address to trick them into sending funds to the wrong destination wallet.

$1.7 billion in crypto thefts

Crypto thefts amounted to $1.7 billion last year, a more than 50% drop from the figures recorded in 2022.

Phishing attacks accounted for about 17% of the stolen funds with victims losing over $300 million last year, according to onchain fraud detector Scam Sniffer.

Most phishing attacks were due to large wallet drainers like MS Drainer, Pink, Monkey, and Inferno Drainer.

Wallet drainers automate the phishing process by populating blockchain networks with malware transactions designed to syphon funds from victim wallets.

One victim even lost $24 million to a phishing attack last year.

Offering hackers a 10% bounty has become the go-to strategy for recovering stolen crypto funds.

The bounty offer is often given in exchange for not filing a complaint with law enforcement.

The infamous Euler exploiter who stole $197 million in crypto from the DeFi protocol last year initially did not respond to similar offer but later returned the funds.

Osato Avan-Nomayo is our Nigeria-based DeFi correspondent. He covers DeFi and tech. To share tips or information about stories, please contact him at

Related Topics