If several claims have been filed for the same url, we will process those claims on a case by case basis, under the presumption that the claim we received first belongs to the legitimate balance holder.
Can I please request that a very tough CAPTCHA is included on the claim form, so that the legitimate owners at least have a small chance to get their claims in first
before the original attacker?
I can imagine the attacker is crafting the beginnings of a script right now to automate their illegitimate claims.
A simplistic method of scripting this would likely lead to detection.
Depending on how much info they have, I would suspect that the attackers will have chosen the higher valued wallets and will have actual humans lined up to make fraudulent claims from various innocuous IP addresses. Maybe even the legitimate user's normal network if they have the access logs and a decent collection of compromised machines at their disposal.
The CAPTCHA idea is a good one though. Certainly won't hurt anything (though I myself have a bitch of a time with them as often as not.)