Bitfinex wallet hacker returns most of the $20 million back to US gov


The malicious actor who drained a US government wallet of approximately $20 million on Oct. 24 — containing seized funds from the 2016 Bitfinex hack — returned $19.3 million to the government wallet less than 24 hours later.

According to Arkham Intelligence, several wallets controlled by the hacker returned the funds to the US government wallet beginning with the characters “0xc9E.” At the time of this writing, roughly 88% of the funds have been returned.

Onchain data shows the hacker returned approximately 2,412 Ether (ETH), 7,200 Circle-USD (USDC), and $13.2 million in Aave-staked USDC (aUSDC). Blockchain sleuth ZackXBT noted that the returned funds do not include the approximately $700,000 the hacker sent to instant exchanges.

The identity of the hacker and the motivation behind the attack are not currently known, but the incident reflects a growing trend of hacks and exploits in the third quarter of 2024.

The US government wallet containing the seized funds from the 2016 Bitfinex hack. Source: Arkham Intelligence

Related: US government crypto wallets hacked for $20M — Arkham Intelligence

October hacks and malicious attacks

On Oct. 16, Radiant Capital — a cross-chain lending protocol — was exploited and drained of $50 million. The hacker compromised Radiant Capital contracts on the BNB Chain and Arbitrum networks by obtaining the private keys required to sign transactions from Radiant Capital’s multisignature wallet.

Approximately one week after the exploit, the hacker shifted $52 million in funds to the Ethereum network — making the stolen funds much harder to recover.

The following day, decentralized trading protocol Ambient Finance suffered a front-end attack on its website. According to the Ambient Finance team, a hacker compromised the website domain in an isolated incident that did not affect the protocol. Ambient Finance later regained control of the domain and restored the website service for users.

Restaking service Eigenlayer was the victim of a similar hack on Oct. 18, when a threat actor gained control of Eigenlayer’s X social media account and spread malicious airdrop links to unsuspecting users. The fraudulent airdrop link was only live for a few minutes before it was deleted, and the account is currently functioning normally.

Magazine: Backlash as WazirX ‘socializes’ $235M loss, $10B metaverse plan for shut-ins: Asia Express