The hacker who drained approximately $20 million from a US government wallet on Oct. 24 has returned $19.3 million less than 24 hours later. The funds in the wallet originated from the 2016 Bitfinex hack and had been seized by the government.
According to Arkham Intelligence, multiple wallets controlled by the hacker transferred the funds back to the government wallet, identified by the prefix “0xc9E.” At the time of this report, around 88% of the stolen funds have been returned.
Onchain data shows that the hacker returned approximately 2,412 Ether (ETH), 7,200 Circle-USD (USDC), and $13.2 million in Aave-staked USDC (aUSDC). However, blockchain investigator ZackXBT pointed out that the hacker did not return about $700,000, which had already been transferred to instant exchanges.
The identity of the hacker and the motive behind the attack remain unknown. This incident adds to a series of recent cyberattacks targeting the cryptocurrency space, which has seen a spike in hacks and exploits during the third quarter of 2024.
In mid-October, Radiant Capital, a cross-chain lending protocol, fell victim to a $50 million exploit. The attacker managed to compromise Radiant’s contracts on both the BNB Chain and Arbitrum networks by accessing the private keys from the protocol’s multisignature wallet. A week later, the hacker transferred $52 million to the Ethereum network, further complicating recovery efforts.
Additionally, on Oct. 17, the decentralized trading platform Ambient Finance experienced a front-end attack on its website. The hacker temporarily compromised the website’s domain, though the attack did not impact the underlying protocol. Ambient Finance quickly regained control and restored the website’s functionality.
A similar incident occurred with restaking service Eigenlayer on Oct. 18, when a hacker gained control of its X social media account to spread fraudulent airdrop links. The malicious link was quickly removed, and the account has since returned to normal operations.