Propose return funds to those individuals who were affected by the webhook bot in the Dev-Announcements channel on 25th, March
On 25th, March in the Arbitrum Discord dev-announcements channel, a robot with an admin’s name dropped a link to fake arbitrum foundation website. Some of people entered that site where they could connect wallets. Once anyone connected his wallet, his Arbitrum tokens, USDC and other tokens would be transfered to a hacker’s wallet. Many people lost all of their $ARB, USDC and other tokens by clicking to the link.
Reason to propose:
The scam link appeared in Official Arbitrum Discord dev-announcements channel, which caused people believe in the link and clicked into it. The victims shouldn’t bear the loss by themselves.
Steps to Implement:
1, Download the CSV of sacmmer’s address and check the hacked amount of each wallet address
2, Refund these addresses with lost tokens or same valued USDC or $ARB.
The arbitrum foundation should evaluate this proposal and help make a proposal for voting asap.
How would you go about with identifying hacked wallets? Like, assuming I was hacked, how can I in a trustless way say: “that’s my wallet and this is my new wallet”, since just sending anything to the same wallets would just give the hacker more funds.
Also, do you have the hacker’s wallet? or a tx hash of a hacked wallet? I did see the webhook on that discord channel but didn’t see the website, and an article about the situation showed a website with just a text in it (link bellow). I personally haven’t heard from anyone loosing funds because of it, so I’d like to see it for myself.
Yes I have address of hacker wallet but I don’t posted it here cause bot could ban this proposal. On explorer we can see list of wallets that have connected with website. It was transfer transaction scammer don’t got wallet seed or access to our wallet.
Edit: I accidentally edited a post instead of replying. What I basically wrote that people should always double-check before the interact with any links, just as I should’ve check that I didn’t edit the wrong post.
It is right that individuals should double check before their click any link. But, the scam link is appeared in official discord announcement channel, so, it makes individuals believe the link is real. So, personally, I don’t think individual should bear all the lost themselves.
How was a scammer able to post a scam link into the official announcements, can someone post a screenshot of the link/post here for archival and legal purposes? Is anyone pursuing legal action against the criminal?