With the help of police and cyber authorities, a victim of a hack worth 90 Ether (ETH) has gotten the attacker’s Tether (USDT) address blacklisted. As a result, they may be able to get most of their funds back.
[2023/08/11 17:30] USDT blacklisted 0x788bc56b67c289399cd6e2022f0d76484f04724a in block 17893148 https://t.co/WipjkHXFGp
— usdt blacklist (@usdtblacklist) August 11, 2023
The victim, who goes by @l3yum on X (Twitter), was initially drained on March 16 after the hacker managed to get a hold of their hot wallet seed phrase. Several Yuga Labs-related NFTs were stolen, alongside some crypto and other NFTs from smaller projects, and then promptly swapped or sold off.
In an Aug. 11 X thread, L3yum highlighted that the hacker’s Ethereum-based USDT address had been blacklisted, as he noted that: “Today after working with the police and cyber team in my country, I was able to get the stolen funds sitting in USDT frozen and black listed.”
The people I was working with were amazing
The original police officer I dealt with didn’t even know anything about crypto aside from hearing of it, but after a few phone calls just by the way he was talking I knew he was learning and actually cared
Very grateful— L3yum (@l3yum) August 11, 2023
At the time of writing, 90 ETH is equivalent to roughly $166,000 and the blacklisted wallet has $107,306 worth of USDT locked up in it, suggesting the victim may not get the full value of their stolen funds back.
While it is also not yet 100% certain if the victim will be reimbursed, in previous instances in which a USDT address has been blacklisted under similar circumstances, Tether has burned the blacklisted USDT and re-issued equal amounts of the asset to the original owner.
It is also worth noting that the blacklisting of a USDT address by Tether generally comes after a court order.
Related: How easy is a SIM swap attack? Here’s how to prevent one
When asked if this was the case in the comments, L3yum confirmed this was the likely path forward, but suggested it hasn’t been confirmed yet.
“This is the part I’m unsure about but yeah from my understanding this is how it works and the funds that are blacklisted are essentially burnt. Don’t quote me on that though, but that is my understanding!” he wrote.
It is not entirely clear how the hacker got access to the seed phrase in March, however the general thought at that time was that the victim had either been SIM-swapped, mistakenly had their seed phrase backed up on iCloud, or had been using the wallet across several devices.
Another member of our community was compromised yesterday. $70k+ gone.
11 Eth, a Mutant, a Koda, and more. While the exact attack that @l3yum suffered is unclear, we narrowed it down to a few possibilities – and it could have been prevented by one thing
On hardware wallets 1/— quit (,) (@0xQuit) March 15, 2023
Magazine: NFT Collector: On-chain music sounds off with latest raise, artistic duo Hackatao find their lane