Return funds to those individuals who were affected by the webhook bot in the Dev-Announcements channel on 25th, March

Proposal Summary:
Propose return funds to those individuals who were affected by the webhook bot in the Dev-Announcements channel on 25th, March

Background:
On 25th, March in the Arbitrum Discord dev-announcements channel, a robot with an admin’s name dropped a link to fake arbitrum foundation website. Some of people entered that site where they could connect wallets. Once anyone connected his wallet, his Arbitrum tokens, USDC and other tokens would be transfered to a hacker’s wallet. Many people lost all of their $ARB, USDC and other tokens by clicking to the link.

Reason to propose:
The scam link appeared in Official Arbitrum Discord dev-announcements channel, which caused people believe in the link and clicked into it. The victims shouldn’t bear the loss by themselves.

Steps to Implement:
1, Download the CSV of sacmmer’s address and check the hacked amount of each wallet address
2, Refund these addresses with lost tokens or same valued USDC or $ARB.

Timeline
The arbitrum foundation should evaluate this proposal and help make a proposal for voting asap.

Thanks to the Arbitrum foundation.

In my opinion people should got refund.

That was their mistake so refund will be fine.

How would you go about with identifying hacked wallets? Like, assuming I was hacked, how can I in a trustless way say: “that’s my wallet and this is my new wallet”, since just sending anything to the same wallets would just give the hacker more funds.

Also, do you have the hacker’s wallet? or a tx hash of a hacked wallet? I did see the webhook on that discord channel but didn’t see the website, and an article about the situation showed a website with just a text in it (link bellow). I personally haven’t heard from anyone loosing funds because of it, so I’d like to see it for myself.

Edit to link the article: Arbitrum Discord hacker shares phishing announcement amid airdrop hype

Yes I have address of hacker wallet but I don’t posted it here cause bot could ban this proposal. On explorer we can see list of wallets that have connected with website. It was transfer transaction scammer don’t got wallet seed or access to our wallet.

Don’t think your post would be deleted if you post the address, since it’s totally relevant to the proposal.

I have created 2 proposals before with wallet address and it has been deleted. I can send you later his wallet address.

agree, the people who affected should be refunded.

agree with hairaa people should get refunded

Refund assets would be good for these people.

Agree with that, they should be refund

it makes sense to refund them.

Sound good, it was their mistake so return assets is good.

I can agree with that.

refund should be good for them

Edit: I accidentally edited a post instead of replying. What I basically wrote that people should always double-check before the interact with any links, just as I should’ve check that I didn’t edit the wrong post.

It is right that individuals should double check before their click any link. But, the scam link is appeared in official discord announcement channel, so, it makes individuals believe the link is real. So, personally, I don’t think individual should bear all the lost themselves.

How was a scammer able to post a scam link into the official announcements, can someone post a screenshot of the link/post here for archival and legal purposes? Is anyone pursuing legal action against the criminal?

agree but it was on official discord server so people should got refund.

Can we make it a rule such that these kind of proposals include a dollar figure amount? It’s hard to voice an opinion, not knowing if the back amount is a couple thousand or a couple million.