In a significant development in the world of cybersecurity, a victim of a hack worth 90 Ether (ETH) has successfully managed to get the attacker’s Tether (USDT) address blacklisted. With the help of law enforcement agencies and cyber authorities, this victim, who goes by the name L3yum on X (formerly Twitter), took a step towards justice after their hot wallet was compromised on March 16th. This article explores the details of the hack, the stolen assets, the blacklisting of the USDT address, and the potential for reimbursement.
Victim’s hot wallet compromised
The unfortunate incident occurred on March 16 when the hacker managed to get a hold of L3yum’s hot wallet seed phrase, granting them access to drain the victim’s wallet. The details of how the hacker obtained the seed phrase remain unknown. This breach allowed the attacker to carry out their malicious actions, resulting in significant losses for the victim.
Stolen assets
As a consequence of the hack, several high-value nonfungible tokens (NFTs) related to Yuga Labs, as well as cryptocurrencies and other NFTs from smaller projects, were stolen from L3yum’s wallet. The attacker promptly sold or exchanged these stolen assets, further compounding the victims’ losses.
USDT address blacklisted
The victim took to X on August 11 to highlight a major breakthrough in their fight against the hacker. L3yum revealed that the attacker’s Ethereum-based USDT address had been successfully blacklisted. By blacklisting the address, it effectively blocks any further activity related to that specific address, making it more challenging for the hacker to exploit their ill-gotten gains.
Value and Reimbursement
The hacked wallet contained an estimated 90 ETH, which, at the time of writing, is equivalent to roughly $166,000. Additionally, the blacklisted USDT address was found to be holding around $107,306 worth of USDT. The question of whether the victim will be reimbursed for their losses remains uncertain at this point.
Previous reimbursement cases
Fortunately, in previous instances where a USDT address has been blacklisted under similar circumstances, victims have been reimbursed. Tether, the issuer of USDT, has taken steps to burn the blacklisted USDT and reissue equal amounts of the asset to the original owner. However, it is worth noting that Tether typically takes such actions after a court order has been issued, ensuring legal grounds for the reimbursement.
Reimbursement status
When questioned about the reimbursement prospects in the comments, L3yum indicated that the likely path forward involves a court order, though it has not been confirmed yet. This suggests that the victim’s case is progressing in a positive direction, with the potential for reclaiming the stolen assets.
Methods of Seed Phrase Compromise
As investigators dig deeper into this case, the exact method by which the hacker obtained the seed phrase back in March remains uncertain. Establishing how this breach occurred is crucial not only for the victim but also for enacting effective preventive measures within the cryptocurrency ecosystem.
The successful blacklisting of the attacker’s USDT address marks a significant milestone in the victim’s quest for justice and recovery. With the aid of law enforcement agencies and cyber authorities, L3yum has taken concrete steps to ensure that the attacker’s activities are curtailed. While the stolen assets, including NFTs, have not yet been fully recovered, there is hope for reimbursement through Tether’s process of burning blacklisted USDT addresses. As the investigation into the method of seed phrase compromise continues, it underscores the ongoing need for heightened security measures within the cryptocurrency space to safeguard users from such hacks and breaches.