The hacker’s wallet, with over $100,000 worth of USDT, was blacklisted and frozen, while the victim had been drained of almost $170,000 worth of NFTs and other assets.
With the help of police and cyber authorities, a victim of a hack worth 90 Ether (ETH) has gotten the attacker’s Tether (USDT) address blacklisted. As a result, they may be able to get most of their funds back.
[2023/08/11 17:30] USDT blacklisted 0x788bc56b67c289399cd6e2022f0d76484f04724a in block 17893148 https://t.co/WipjkHXFGp
— usdt blacklist (@usdtblacklist) August 11, 2023
The victim, who goes by L3yum on X (formerly Twitter), was initially drained on March 16 after the hacker managed to get a hold of their hot wallet seed phrase. Several Yuga Labs-related nonfungible tokens (NFTs) were stolen, alongside some crypto and other NFTs from smaller projects, before being promptly swapped or sold off.
In an Aug. 11 X thread, L3yum highlighted that the hacker’s Ethereum-based USDT address had been blacklisted: “Today after working with the police and cyber team in my country, I was able to get the stolen funds sitting in USDT frozen and black listed.”
The people I was working with were amazing
The original police officer I dealt with didn’t even know anything about crypto aside from hearing of it, but after a few phone calls just by the way he was talking I knew he was learning and actually cared
— L3yum (@l3yum) August 11, 2023
At the time of writing, 90 ETH is equivalent to roughly $166,000, and the blacklisted wallet has $107,306 worth of USDT locked up, suggesting the victim may not get the total value of their stolen funds back.
It’s not yet known if the victim will be reimbursed. However, in previous instances where a USDT address has been blacklisted under similar circumstances, Tether has burned the blacklisted USDT and re-issued equal amounts of the asset to the original owner.
It is also worth noting that the blacklisting of a USDT address by Tether generally comes after a court order.
When asked if this was the case in the comments, L3yum confirmed this was the likely path forward but suggested it hasn’t been confirmed yet.
“This is the part I’m unsure about but yeah from my understanding this is how it works and the funds that are blacklisted are essentially burnt. Don’t quote me on that though, but that is my understanding!” he wrote.
It is not entirely clear how the hacker got access to the seed phrase in March, however the general thought at that time was that the victim had either been SIM-swapped, mistakenly had their seed phrase backed up on iCloud, or had been using the wallet across several devices.
Another member of our community was compromised yesterday. $70k+ gone.
11 Eth, a Mutant, a Koda, and more. While the exact attack that @l3yum suffered is unclear, we narrowed it down to a few possibilities – and it could have been prevented by one thing
On hardware wallets 1/
— quit (,) (@0xQuit) March 15, 2023