this post was submitted on 25 Nov 2023
1 points (100.0% liked)

Ethereum

5 readers
1 users here now

Resources

founded 1 year ago
MODERATORS
 

I just got hit for a ton of eth 3 meta wallets drained. Anyone heard anything or could help point me in the right direction of what to do? No idea how they accessed my funds.

top 50 comments
sorted by: hot top controversial new old
[–] AlabamaHaole@alien.top 1 points 11 months ago (3 children)

Don’t sign shady smart contracts, enter your private key online, or store it using pictures on the cloud or a password recovery service.

[–] RelapseHS@alien.top 1 points 11 months ago (1 children)

I have no idea what meta mask is but I’m constantly seeing posts like this. What’s making it so easy for people to lose their eth? I only use crypto for gambling so I’m probably just ignorant to whatever meta mask is used for

[–] AlabamaHaole@alien.top 1 points 11 months ago (2 children)

Metamask is a popular wallet you can use to send/receive/store your crypto on their respective blockchains. Metamask isn’t the reason people are losing their funds. It’s because people don’t properly protect their private keys.

[–] CoolioMcCool@alien.top 1 points 11 months ago

Yeah, the reason for all the posts mentioning metamask is simply that it is the most popular with wallet for people who use smart contracts, and using smart contracts can be risky.

[–] zac47812@alien.top 1 points 11 months ago (2 children)

And because they sign shady permissions left and right without thinking and/or revoking them when they are done using the platform.

[–] danarchist@alien.top 1 points 11 months ago (1 children)

And email themselves their seed phrases and their email is still xX360noskoperxX@yahoo.com with pw hunter2

[–] jcpham@alien.top 1 points 11 months ago

pw *******

Were we supposed to be able see a password, I think reddit blocked it out

[–] I_Hate_Reddit_69420@alien.top 1 points 11 months ago

The UX is terrible though. not necessarily the fault of metamask and more EVM related, but you mostly have no idea exactly what you are signing when interacting with contracts. Go tell your mom or grandma to revoke contracts after interacting with them. Is that really the web3 we want? This makes the web experience worse, not better.

[–] mehdital@alien.top 1 points 11 months ago (3 children)

Cloud with 2 factor auth is very safe

[–] AlabamaHaole@alien.top 1 points 11 months ago

Have fun with that buddy.

[–] SnooCalculations1742@alien.top 1 points 11 months ago (3 children)

Sadly no. LastPass was hacked last year, and a lot of people have had their wallets drained. So having your seed online is never truly safe.

[–] Crypto_Cat_34_32@alien.top 1 points 11 months ago (1 children)

What is the likelihood those people had either reused their master password elsewhere or that the password strength was very weak?

[–] mehdital@alien.top 1 points 11 months ago (1 children)

Google will automatically block any sign in from a new device, so even with a compromised password, access is not granted.

[–] Crypto_Cat_34_32@alien.top 1 points 11 months ago (1 children)

Lastpass hack made 2FA completely irrelevant because hacker got access to the password databases directly. They can at their leisure try to bruteforce passwords for all of these accounts.

[–] mehdital@alien.top 1 points 11 months ago

what accounts?

[–] neb_flix@alien.top 1 points 11 months ago

Lol, all you people parroting the LP hack… if any of you read the incident report, there was only very basic metadata like company names, veiling addresses, etc which was not tied to specific users. No encrypted notes or credentials were taken at all. That’s not how PWM’s work.

[–] mehdital@alien.top 1 points 11 months ago (1 children)

How is that? Even if I give you my password for Google you won't be able to sign in to my account.

[–] SnooCalculations1742@alien.top 1 points 11 months ago (1 children)

Yes, but if you have your seed phrase in an online container, and the container gets hacked, the 2FA doesn't do anything. The hacker can recreate your wallet from the seed.

load more comments (1 replies)
[–] seems-unnecessary@alien.top 1 points 11 months ago (1 children)

Im not sure if thats the stupidest thing you saod in your life. But it definitely is the most moronic thing i have heard all month. Cloud with auth? Lol idiot.

[–] mehdital@alien.top 1 points 11 months ago (1 children)

People really have no idea about cyber security these days

load more comments (1 replies)
[–] GulibleFox@alien.top 1 points 11 months ago (12 children)

Are password managers secure?

[–] N_GHTMVRE@alien.top 1 points 11 months ago (10 children)

Depends on the password manager. With something like KeePassXC, only you have the encrypted passwords file and it's not on some server.

load more comments (10 replies)
load more comments (10 replies)
[–] dubski04021@alien.top 1 points 11 months ago

You had to give access. Bummer

[–] Trader0721@alien.top 1 points 11 months ago (1 children)
[–] Character_Limit_4288@alien.top 1 points 11 months ago (1 children)
[–] telejoshi@alien.top 1 points 11 months ago (2 children)

Where do people like OP get so much money from?

[–] benicapo@alien.top 1 points 11 months ago

Is called work

[–] -DvD-@alien.top 1 points 11 months ago

To have the exact sum that OP had you either work or steal from someone else metamask

[–] NewConsideration3210@alien.top 1 points 11 months ago (1 children)

What are the addresses? And where was the ETH sent? If the hacker ever sends the ETH to an exchange, you might have a chance at getting it back. But first, you need to file a police report.

[–] supervylan@alien.top 1 points 11 months ago (2 children)

Here are one of many of the transactions 😭😭😭

0xe5e7266bf6abb1babf4024373957f04f0c7c61eb14670502acf2374a4ed4e8e6

[–] NewConsideration3210@alien.top 1 points 11 months ago (1 children)

Some of the ETH was sent to another address. From there, it was sent to an address which may be associated with an exchange.

https://etherscan.io/address/0x813a690833ccf7e95f19754353a2d507d9cd73f9

[–] resilientboy@alien.top 1 points 11 months ago (1 children)

that exchange might be this one

https://exch.cx/

Looks sketchy and definitely doesn't have kyc.

load more comments (1 replies)
[–] potatobeerguy@alien.top 1 points 11 months ago

Did you give away information about your keys, or signed some strange contract lately?

[–] appletree6529@alien.top 1 points 11 months ago (2 children)

Hot wallets can be hacked at anytime. Always use a hardware wallet

[–] Popo8701@alien.top 1 points 11 months ago

Unfortunately, that won't change anything if you sign a bad smart contract.

[–] CrimsonFox99@alien.top 1 points 11 months ago

This wasn't a hack. This was doing something dumb, just like 99% of when people lose coins.

[–] britishbengali007@alien.top 1 points 11 months ago

You definitely turned on blind signing feature. It's basically like how on every phone you have feature to turn on inorder to install third party apps that'd not from official sources as apks. But the crypto version blind signing

[–] Red5point1@alien.top 1 points 11 months ago

if you had given access to your wallet to apps in the past to take part in their project s then there's potential for them to have the ability to drain your wallet.
There have been some failed projects that resorted to do that.

[–] dericecourcy@alien.top 1 points 11 months ago

The transaction 0xe5e7266bf6abb1babf4024373957f04f0c7c61eb14670502acf2374a4ed4e8e6 was a basic ether send, which means somehow you gave away your private key or signed ~~a message~~ [this transaction when] you should not have

There are a few ways someone can get your private key. Physical access is one, but another is by signing messages with certain overlapping parameters, then some clever crypto math can be done to deduce your private key. https://medium.com/asecuritysite-when-bob-met-alice/cracking-ecdsa-with-a-leak-of-the-random-nonce-d72c67f201cd

[–] blanchedpeas@alien.top 1 points 11 months ago (1 children)

You use metamask sooner or later someone will steal your crypto.

load more comments (1 replies)
[–] KitchenItem@alien.top 1 points 11 months ago (1 children)

Crypto is the future of payments, daily post πŸ˜‚πŸ€£πŸ˜‚πŸ€£

[–] telejoshi@alien.top 1 points 11 months ago (1 children)

To be fair, most of the time these are people who can't even articulate what happened. They'd lose money in fiat, too.

[–] KitchenItem@alien.top 1 points 11 months ago (1 children)

somehow these people were able to buy crypto and get it out of exchange so you need to have some general knowledge

[–] telejoshi@alien.top 1 points 11 months ago (1 children)

It's a step-by-step thing. People learn to operate washing machines, even if it takes 100% of their brain.

[–] KitchenItem@alien.top 1 points 11 months ago

"Quote by a forest ranger at Yosemite National Park on why it is hard to design the perfect garbage bin to keep bears from breaking into it: β€œThere is considerable overlap between the intelligence of the smartest bears and the dumbest tourists.”"

[–] Dull-Fun@alien.top 1 points 11 months ago (6 children)

Metamask has never been hacked. It's always 100% the user making a mistake

load more comments (6 replies)
[–] symonym7@alien.top 1 points 11 months ago (2 children)

Don’t keep all your crypto-eggs in one hot basket.

The wallet(s) with the majority of my assets never touch contracts. I keep small amounts of ETH etc in browser wallets for interactions.

Oh, and my keys are written on paper and stored in a titanium vault 300 meters underground.

load more comments (2 replies)
[–] james2020chris@alien.top 1 points 11 months ago

Op, is the list of smart contracts that you have used a long list?

If you have had that much ether a long time, then I would suspect something more recent.

After that, are there pics on your phone, that are backing up to a cloud?

load more comments
view more: next β€Ί