Topic: 08/15/2024 hacker hacked all cryptocurrencies ($70,000) from my Metamask account (Read 347 times)

It depends on where the funds came to the OP's metamask wallet. If, for example, they came from one of the DEX or no-kyc exchanges, even if a "hacker" was doxed in some way, he can always claim that it was his wallet because he had private keys. It can be very difficult to prove ownership of coins.

I gave him the 6 numbers of the Google Verification Code from Google email.

Yes, I think you've used the back up feature of Google Authenticator and saved your 2FA keys in the same Google account as the one being hacked, otherwise it would mean that Kraken support gave themselves the access of your account to the attacker actually, because it's written here

https://support.kraken.com/hc/fr/articles/201889308-I-can-t-sign-in-to-my-account-
meaning customer support has the power to give a 2FA-bypass access to your account or at least a new 2FA key I guess.

Anyway I didn't really understand how they've managed to hack your Google account and the one of the guy in the video precisely. When you talk about Google Verification Code, you talk about this one? Because in the video the guy says that they named one number and he just confirmed it.

That's what I think.  Kraken helped me to delete the Google 2FA and set up the Yubikey with my Kraken account.  I have to buy 2 Yubikeys one for primary and one for backup.  I will change all of the other accounts with the Yubikey.  Or I have to change the email to Proton Mail so the email not link with the Google 2FA.

What do you mean by "Kraken said that Google email links to 2FA so the hacker can bypass 2FA of my Kraken account" precisely? AFAIK there are 2 different 2FA locks with 2 different keys to be passed in order to be able to make a withdrawal on Kraken. One 2FA security feature for logging and another one for withdrawing any fund. So I don't think he has been able to reset or to bypass them all together through your email box. IMO you are using Google Authenticator, and you've activated the cloud back up option of your 2FA towards this Google account. If it's true, it means the attacker currently owns all your 2FA keys from all the platforms you are using. You should change them quickly if you have some funds or critical informations there.

I feel very sad for you because you lost a lot of money. What were the approximate losses, it seems to be around $100,000 (not $70,000).

Clearly you do not want to hear these words but at least you now know what happened to you and it really was an expensive lesson regardless of the circumstances you are going through. The chances of you getting anything returned are virtually zero therefore I hope you recover from this episode and manage to store a small fortune again soon.

https://www.youtube.com/watch?v=B9OoxUpGSmU

Thank you for Nikolay sharing this video in Youtube.  This video is exactly what happens to me.  
On 08/08/2024 about 1:00 pm PST a man spoke perfect English pretending a Google Technical Support.  
I asked him where is he and he said that he is in California.  
I talked with him for a few minutes and I gave him the Google Verification Code.  
I save my bitcoin website in Google Doc with username and password.  
08/08/2024 The hacker withdrew 2 transactions: 2795.34942 UNI at 2:09 pm PST and 624.31748 UNI at 2:14 pm PST.  
I saw the UNI is withdrawing from my Kraken app and I am panic.
I chatted right way with Kraken and Kraken froze and locked the account and gave a ticket number.
After week of waiting, Kraken has a person called me to ask my case with the ticket number.
I talked with Kraken custom support hours on the phone and Kraken can not refund $20K to me because of my fault and they close the case.
Kraken said that Google email links to 2FA so the hacker can bypass 2FA of my Kraken account.
I lost a total 3419.6669 UNI x $6.29/UNI = $21509.70
On the same day 08/08/2024 about 2:15 pm the hacker tried to withdraw bitcoin from my Coinbase account but failed.  
Maybe I added the whitelist to withdraw bitcoin from Coinbase so the hacker can not withdraw it.
About 2:00 pm a man pretending Coinbase customer support called me and I hang up the phone right away.
I should transfer all of my cryptos from my Metamask wallet right away but I didn't.
Until 08/15/2024 the hacker wiped out all of my cryptos about 70K in my Metamask account.
Now sitting down and thinking back and biting to myself I should not answer the phone call.
I was not naive to give the Google Verification Code so I would not lost the money.
I am stupid to know that Google Customer Support or Coinbase Customer Support never call you.
I should switch to use Proton Mail instead of Google email, buy Trezor hardware wallet, YubiKey.
I think there are a thousand ways hacker try to steal bitcoin, cryptos if they know you own cryptos.
This is an expensive lesson for me after this circumstance going through my life.

----------------------------------------------------------------   
Re: 08/15/2024 hacker hacked all cryptocurrencies ($70,000) from my Metamask account
Today at 12:43:34 AM
Reply with quote  +Merit  #18
Quote from: greentech2 on September 26, 2024, 12:47:32 PM
Here is my wallet address
0xdC6c86Dc862FdaB7c029655485B8Bb38eeDC67D9

That would make this the hacker's address:

0x2ac9537e0ef43dadceed10007f6eba905ee9f832

This address was mentioned in this article/podcast:

https://www.buzzsprout.com/2211482/episodes/15759176-i-lost-79k-in-a-crypto-scam-lesson-learned
https://www.youtube.com/watch?v=B9OoxUpGSmU

So it would appear you were indeed hacked.

Pro tip: don't use any type of "crypto recovery service" - especially when it comes to Metamask - they are all scams.

If you have $13,500 that was inaccessible by the hacker that you are in a position to unstake and move to a different address, is it possible to run an anti-malware program first because it seems you still do not know how the hack took place and you must avoid becoming a victim again. If it was carried out remotely you need to ensure it does not happen again otherwise any remaining crypto you have could possibly be stolen too.

I am not sure the hacker converted many types of cryptos in my Metamask wallet to ETH then he/she transferred out.  I still have about $13,500 in staking that the hacker could not wipe out.  When I unstake them then I will transfer them to the different wallet address.  There are many different type of cryptos in this wallet.  I lost 70K because I use the number dollar of the day before hacking and subtract the number dollar the day after hacking.

-------------------------------------------------------------------------------
   
Re: 08/15/2024 hacker hacked all cryptocurrencies ($70,000) from my Metamask account
September 26, 2024, 11:16:14 PM
Merited by d5000 (1)
Reply with quote  +Merit  #16
Quote from: greentech2 on September 26, 2024, 12:47:32 PM
Here is my wallet address
0xdC6c86Dc862FdaB7c029655485B8Bb38eeDC67D9
not sure why you shared this but I checked the outgoing transactions that have the "08/15/2024" date on them and the amount of money that was withdrawn from the account during that time doesn't total to $70k. also, your wallet has incoming transactions during "08/15/2024" so I am curious, which of the transactions on your wallet was done by the hacker?

This is the expensive lesson for me to think about it for the rest of my life.
For the the millionaires 70K is not a lot of money for them but for me 70K is a very large amount of money that I have saved.
I will not touch crypto until I understand hardware wallet, YubiKey and all the security measures to prevent the hacking in the crypto world.

That would make this the hacker's address:

0x2ac9537e0ef43dadceed10007f6eba905ee9f832

This address was mentioned in this article/podcast:

https://www.buzzsprout.com/2211482/episodes/15759176-i-lost-79k-in-a-crypto-scam-lesson-learned
https://www.youtube.com/watch?v=B9OoxUpGSmU

So it would appear you were indeed hacked.

Pro tip: don't use any type of "crypto recovery service" - especially when it comes to Metamask - they are all scams.

Sorry about the loss of your funds, but one thing for sure is that Metamask is not responsible for your private keys, seeds, passwords. Everything is self-custodial. That's the whole point of cryptocurrencies. You are responsible for your own funds.
They even warn you about this in the terms of service plus tutorial right before you create a wallet with Metamask. I don't know if you took time to read that.

That being said. Your chances of recovering the funds are pretty slim, let alone knowing the person who transferred the funds. Consider it a lesson, albeit very expensive.

not sure why you shared this but I checked the outgoing transactions that have the "08/15/2024" date on them and the amount of money that was withdrawn from the account during that time doesn't total to $70k. also, your wallet has incoming transactions during "08/15/2024" so I am curious, which of the transactions on your wallet was done by the hacker?

most common way to drain wallets is by clicking  some link in some website  and sign a message that drain the whole balance  like for example clicking a fake  airdrop  claim link or something like that ... there is no need to hack a private key or  anything its just the same owner that sign a fake signature that drain his wallet

i advice the user to stay away from crypto since he knows nothing .... Metamask have noting to do with your wallet or funds its you who own the keys and you who signed some scam signature  
 there nobody who can help you ...

---

most common is  fake airdrop claims in twitter he probably clicked some link and signed a message that drained his wallet

he knows nothing ... there nobody who can help him even Satoshi nakamoto or metalik will  not be able to help Him

bye bye to that funds and dont sign any message or connect your wallet to any random sites next time or simply stay away from crypto

I feel sorry for you. I do not understand why you would keep that much money in Metamask when you had other options that were not browser based but you should accept the funds are probably never going to be returned and you have move forward with your life you cannot be thinking about it all the time. Also, you have to use this event as a learning process therefore try to go through the events leading up to the hack, maybe you will discover how the funds were stolen.

The first thing you have to consider is using anti-malware software with deep clean and analysing then study the results because your device could still potentially be compromised.

This has to be good advice, I hope the OP manages to accept this had to be some form of security lapse or failure on his part and once he ascertains what happened he will not repeat the same mistake.

I don't know if this applies to you, but did you connect your wallet to any sites? I don't really like connecting a wallet to deposit to a site, but that seems to be a fad these days. Feel like I remember someone getting scammed like this.

Here is my wallet address
0xdC6c86Dc862FdaB7c029655485B8Bb38eeDC67D9

Expect that to happen since Metamask cannot do anything to return your money. That's why you need to be responsible on each action you do. The only thing they could do is to guide you on right authorities  that can possibly help your case.

Metamask is self costudial wallet that means they don't have the access of each users wallet. If the case they have full control of the wallets well start to get scared with that situation since the risk to get scam is so high.

Also I guess you are been compromised by malware that's why this incident happened to you. Metamask has a guide towards this matter so that their user could avoid any possible hacking issue. Please refer that information in this article https://support.metamask.io/privacy-and-security/ive-been-hacked-scammed-unauthorized-transactions-on-my-account/

Unfortunately I don't have any help to render in your situation but I have created so many topics on this forum about why it is important to invest in a non custodial hardware wallet, every hackers need your hardware wallet to pass a transaction.

70k in a metamask is way too much, I bought my first offline hardware wallet when my portfolio starts moving up to 8k in total value, you took a big risk using a mobile wallet like metamask to store massive amount of assets, I hope you learn from it, also others that are saying hardware wallet isn't necessary.

Do not blame metamask for this, they are not responsible for the safety of your recovery seed, by the way how do you keep those? Cloud? Or may be you took screenshot of your recovery seed? I need to ask these questions since you appear to be a newbie.

Once again, sorry for your loss.

The best they can do for you is to help you track your transactions and if your country has laws regarding cryptocurrencies you may be able to file a police report and try to freeze the cryptocurrencies if they are on a centralized platform and therefore your chances are very low.

Sorry for your loss but if you have any extra balance or important information it is better to reformat your operating system after knowing how hackers managed to steal your money, did you download applications from an unknown source or visit random sites?

So sorry for your loss.
You stating cryptocurrencies, can you be more specific on which.
And more information Would help in making things easier to offer assistance.
Like how was your wallet accessed  
How secure was your seedphrase?
I think metamask deals with Ethereum blockchain mostly, you can use etherscan to check where the ETH were transferred to.

One of the most overlooked part of any business is the customer care.
No matter how good the product is,il if the customer service is poor then it's nothing.
Make a post on their X account maybe it would bring some attention to your plight.

Edit

Metamask updated their support yesterday on attending to scams
https://support.metamask.io/privacy-and-security/how-to-report-a-scam/


In a nutshell they are not responsible since you in control of your seedphrase but gave recommendations.

Something happened and it is not a Houdini type of Hacker that came out of thin air, stole your Cryptocurrencies and then vanished back to thin air.  It is either a mistake of yours or somebody close to you did it.  A ton of people would betray their friends or family even for a few hundred Dollars, let alone this much Money.

Where did you store your Seed?  Is it still there or is it gone or tampered with?  Did you hold all of it on your daily drive Computer or was it a Computer of yours that you particularly set up to store Cryptocurrencies safely?  Around that time and particularly around the day of the theft, did you have any visitors who may have tampered with your Seed or with the Computer containing the Meta Mask Wallet?

Is the Meta Mask plugin legitimate or could it be a fake?  Did you authorise any Third Party Apps with your Wallet or did you sign Smart Contracts with unknown Cryptocurrencies and platforms?

If you have any Cryptocurrency left in any Wallet of yours, I would advise to move it all to a new, Secure place.  If you do not know how to properly store Cryptocurrencies safely, purchase a Hardware Wallet and move all your Coins over there.  It is the quickest, safest and easiest solution.  The only other possibility is that somebody accidentally generated the same Seed as yours, which I very much doubt since it is almost impossible.

Looks like your PC has trojan what send your wallet file to hacker, with you password from browser, all over crack made hadhcat.

It's very unprofessional from Metamask to censor you. What are they expecting by doing that? They think people will be less scared to use their wallet?
How did you use Metamask precisely? You were using the plugin version with your browser? I've never trusted it to be honest, because I'm very cautious with plugins, I don't like them at all. That's why I use the smartphone app instead.

I second @apogio's questions.

But your expectations from the crypto forensic team are probably too high. Cryptocurrencies normally are very unlikely to be "returned" if a hacker had access to your private key and was able to transfer the cryptos to another address. Most what they can do is to help the police to investigate.

The most likely case is that one of the devices where you accessed the Metamask account from was infected by malware. While Metamask is not totally decentralized, its wallet is self-custodial afaik, so you are responsible yourself to take care of the keys and the passphrase.

Edit: this deserves a comment:

One of the "points" of cryptocurrency is just that it's a way to transfer values without middlemen. You stored your cryptocurrencies on a self-custodial wallet (Metamask), so you followed this principle. However, I guess you misunderstood Metamask to be some kind of "bank" which has control over your coins. This is not the case, they have no control over your keys and afaik they don't store a backup (like some other services do).

It is of course possible that Metamask distributed a version with a vulnerability which was exploited by the hacker. Then they could have some responsibility. Malware would still be necessary to exploit that, so very likely even in this case one of your devices has been compromised.

Give us more info. What did you do? Did you start telling everyone that you own crypto on metamask? Did you forget your laptop open? Did you give the 12 words to someone?

08/15/2024 The hacker withdrew all cryptos from my Metamask account. The hacker transferred all of the cryptocurrencies (about $70,000) to his/her account. The balance of all of my cryptocurrencies are 0 in Metamask. I contacted the Metamask support team. Metamask refers me to the Cryptoforensic Investigators team through email [email protected].  And Metamask closes this case. Until 09/25/2024 I didn't receive any email from the Crypto forensic team. What can I do to get back my crypto currencies? I feel very frustrated. What is the point of investing in crypto currency then the hacker came in and wiped out my account?

PS. Metamask removed my post in r/Metamask