A Hacker Returned $17 Million In Stolen Ethereum

An alleged hacker has mystified the cryptocurrency world after inexplicably returning $17 million USD worth of ether—Ethereum’s in-house cryptocurrency—almost a year after it was stolen. The weirdest part? It’s not the mysterious person’s first return payment, and there are millions in stolen virtual dollars still in their address.

In July of last year, a startup called Coindash was planning an Initial Coin Offering, or ICO, a funding round that promised to bring in millions of dollars worth of virtual money for the company. As soon as the sale launched, it went horribly wrong: An alleged attacker hacked Coindash’s website and replaced the legitimate Ethereum address for the ICO with their own, tricking victims into sending them their ether instead of Coindash. Within minutes, the scam had brought in roughly 43,000 ether worth around $7.4 million at the time and approximately $37 million today.

Read More: An Alleged Ethereum Hacker Gave Back $3 Million and Nobody Knows Why

Since then, the alleged hacker has been returning the funds it took from would-be Coindash investors slowly, and to Coindash directly. In September, roughly 10,000 ether were returned to Coindash from the attacker’s address, less than a quarter of the total sum. At the time, the Coindash team seemed utterly bewildered. Last Friday, the alleged attacker outdid themselves, returning 20,000 ether worth $17 million to Coindash.

In a blog post, the company stated it had alerted the Israeli authorities to the return and stated that the action would not affect the planned launch of Coindash’s first product—a portfolio tracker called Blox, which launched on february 27—although it’s unclear how having millions of dollars dropped in your lap is an obstacle to overcome.

“Similar to the hack itself, the hacker’s actions will not prevent us from the realizing our vision, CoinDash product launch will take place next week as originally intended,” Alon Muroch, Coindash CEO, said in the company blog post

Coindash didn’t immediately respond to Motherboard’s request for comment.

The announcement didn’t discuss what Coindash will do with the windfall. It’s worth noting that after the ICO hack in July, Coindash said it would give tokens to anyone who tried to invest in the ICO even if they got scammed. And after the first return of funds in September, the company said that it was square with investors and would keep the returned funds, using them for development.

There’s still 13,000 ether of the stolen 43,000—worth $11 million—in the alleged attacker’s address, which suggests this bizarre drama isn’t over yet.

Get six of our favorite Motherboard stories every day by signing up for our newsletter .