Scammer returns $9.3M DAI to victim 10 months after phishing them

In a surprising turn of events, a phishing scammer has returned a significant portion of funds it stole from a victim last September.

A phishing scammer has unexpectedly returned nearly $9.3 million to a victim after stealing $24 million from them in a phishing attack last September.

This was first noticed by Scam Sniffer on July 13, when the scammer used Dai, a stablecoin, to return the funds across two transactions last week.

The first transfer saw $5.23 million returned on July 8, while another $4.04 million was sent on July 13 at 12:06 pm UTC, according to Etherscan data.

This comes 10 months after the victim fell for a $24.2 million phishing scam on September 6, 2023, losing 9,579 Lido Staked Ether (stETH) and 4,850 Rocket Pool (rETH) tokens.

The victim enabled token approvals to the scammer by signing "Increase Allowance" transactions, as mentioned in Scam Sniffer's post at the time of the incident.

Allowance is an ERC-20 token feature that allows a third party to have the right to spend tokens belonging to that owner.

Crypto market data platform CoinMarketCap and other industry players have highlighted this loophole, pointing out that it could potentially enable anonymous developers to deploy malicious smart contracts to scam users.

There is no known explanation for these transfers. The recent $9.3 million return represents a 38.4% fund return at September 6 prices, although the 14,429 in staked-Ether would have been worth $47.5 million at today's prices.

Onchain data shows that the Dai came through an address labeled as Railgun Relay - an intermediary for the privacy protocol - shortly before being transferred to the victim.

However, there has yet to be any explanation for the sudden transfers. The scammer did not leave an onchain message to the victim in either of the multimillion-dollar transfers.