A hacker has unexpectedly returned nearly $9.3 million to a victim, having previously stolen $24 million in a phishing incident last September. The return was first reported by Scam Sniffer on July 13th. The scammer utilized the DAI stablecoin in two transactions last week to refund the funds. The initial transfer of $5.23 million occurred on July 8th, followed by another $4.04 million sent on July 13th at 12:06 pm UTC, as per Etherscan data.
 
A Change Of Heart
The victim had fallen prey to a $24.2 million phishing scam on September 6th, 2023, losing 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool (rETH) tokens. During the incident, the victim unwittingly authorized token approvals to the scammer through Increase Allowance transactions, according to Scam Sniffer.
Allowance, an ERC-20 token feature, grants a third party the ability to spend tokens belonging to the owner. Market observers, including CoinMarketCap, have flagged such vulnerabilities, warning about potential exploitation by anonymous developers using malicious smart contracts to deceive users.
 
Still No Explanation
Despite the recent return of $9.3 million, representing a 38.4% reimbursement based on September 6th prices, the staked-Ether tokens would now be valued at $47.5 million. The DAI used in the transactions passed through an address associated with Railgun Relay, an intermediary for a privacy protocol, before reaching the victim.
However, there remains no explanation for the sudden transfers, as the scammer did not include any on-chain message to the victim in either transaction. According to Etherscan data, the scammer now holds slightly over $3 million, primarily in METAGALAXY LAND (MEGALAND) tokens on the BNB Chain, constituting nearly 99% of the remaining funds.