[hacked wallet] how is this even possible

GxSTxV

hero member

Activity: 784

Merit: 618

Quote from: Gladitorcomeback on September 18, 2023, 10:24:54 AM

I wonder to see that why you again send 0.0095 bnb to compromised wallet, just for checking?
you should only send 0.1$ from other wallet to check. Now it's time to totally skip this wallet and use new one because there is no possible solution. you are lucky that your. wallet had not any big fund.

I sent an 0.1 BNB instead of a smaller amount because I didn't have any BNB elsewhere, so I had to exchange some from Binance, and their minimum withdrawal amount is 0.01 BNB.

And I did that after revoking all token approvals from my wallet and any connected dApps. Because simply I believed it was due to a smart contract sweeping my tokens and never thought about the possibility of my PK were stolen by the hacker, but later I realized that my wallet had been compromised and lost control of it. I explained in previous post that I discovered some malicious programs on my computer which means it’s the reason of getting hacked this way. The wallet now is useless and I forgot about it.

Quote from: mr_jk on September 17, 2023, 04:18:32 PM

Am also affected by this wallet
My wallet 0xFF66C760B1A583716de7F763F2A19b4398ff5ca2
Sorry this is my address

I believe you accidentally copied my wallet before editing your post and because of that i
i was accused of having alt accounts lol. However after checking your wallet address transactions, I discovered that it was indeed the same hacker who stole my tokens.
In your case with different tokens (BSC-USD) and (MBET). The hacker sent some BNB to your wallet to cover transactions gas fees. So the conclusion is that the hacker indeed have access to your private keys as well.

the hacker sending BNB to your wallet: https://bscscan.com/tx/0x268ffee2d4dc89474e4bdd3ed4b11c71e80accd352ef39a41fc24f4c6f94e0a8
The hacker withdraw your tokens: https://bscscan.com/tx/0x82412379fbf635f95bd12aca6b8421427960816fbb69425a202a286cbed69be3

Tim1996

member

Activity: 181

Merit: 30

Strange thing... I will be more cautious after seeing this thread.

Gladitorcomeback

hero member

Activity: 644

Merit: 591

#SWGT CERTIK Audited

Quote from: mr_jk on September 17, 2023, 04:18:32 PM

Am also affected by this wallet
My wallet 0xFE55bD59Ec268D211e8cE1DA9DE785946EE4Fe65

Your wallet has been compromised and hacker used auto bot for automatic transfer your bnb. Your wallet history show that this wallet has been compromised 12 days ago because for 179 days payment was still in your wallet but then hacker sent all bnb. I wonder to see that why you again send 0.0095 bnb to compromised wallet, just for checking?
you should only send 0.1$ from other wallet to check. Now it's time to totally skip this wallet and use new one because there is no possible solution. you are lucky that your. wallet had not any big fund.

Quote from: virasog on September 10, 2023, 06:43:00 AM

Quote from: Gladitorcomeback on September 09, 2023, 09:01:35 PM

My wallet is also compromised in that way and I lost more than 1k$ and so far I didn't found any solution.

Why didn't you created a new wallet as soon as you knew that something wrong is going on with your wallet and your private key is compromised and save your remaining assets Huh

.

I created new one and at the time of hacking hacker stole 300$ but This was my main wallet i used for airdrop. later My arb airdrop worth 1200$ claimed by hackers and i tried my best to recover but not successful.

mr_jk

newbie

Activity: 106

Merit: 0

Am also affected by this wallet
My wallet 0xFF66C760B1A583716de7F763F2A19b4398ff5ca2
Sorry this is my address

robelneo

legendary

Activity: 3192

Merit: 1198

Bons.io Telegram Casino

Quote from: virasog on September 10, 2023, 06:43:00 AM

Quote from: Gladitorcomeback on September 09, 2023, 09:01:35 PM

My wallet is also compromised in that way and I lost more than 1k$ and so far I didn't found any solution.

Why didn't you created a new wallet as soon as you knew that something wrong is going on with your wallet and your private key is compromised and save your remaining assets Huh

.

Quote

Since there is no way to change the private key of a wallet, the only option is creating a new wallet without wasting any time and immediately transfer left over funds in that other new wallet. These things need to be done quickly as the hackers can empty the compromised wallets any time.

Since this is a sweeper bot in action he cannot do that to transfer his remaining tokens, There is really no solution but to bring on a bot to fight a bot as stated in this article
Fighting back against sweeper bots

Quote

Because this is all automated via code and actions are taken almost simultaneously with the funds being transferred to the account, it might happen faster than the time it takes to refresh the block explorer. You certainly won’t be able to manually transfer assets out of your account faster than a bot.

virasog

legendary

Activity: 2954

Merit: 1159

Quote from: Gladitorcomeback on September 09, 2023, 09:01:35 PM

My wallet is also compromised in that way and I lost more than 1k$ and so far I didn't found any solution.

Why didn't you created a new wallet as soon as you knew that something wrong is going on with your wallet and your private key is compromised and save your remaining assets Huh

.

Since there is no way to change the private key of a wallet, the only option is creating a new wallet without wasting any time and immediately transfer left over funds in that other new wallet. These things need to be done quickly as the hackers can empty the compromised wallets any time.

GxSTxV

hero member

Activity: 784

Merit: 618

Quote from: Gladitorcomeback on September 09, 2023, 09:01:35 PM

I will recommend to use mobile wallet when you create new wallet and don't store cloudy, only save in hard copy. This is much better because possibility of risk is low in mobile.

Fortunately for me I didn’t send any big amount to the wallet and I’m very sorry for your loss, it’s so annoying and upsetting to lose in a such way you don’t have any chance to recover your assets. After looking everywhere for the exact reason my wallet keys were stolen I think before I stopped using it on my computer I downloaded a program called tool kit windows to activate office package. It’s not a certain thing but somehow the hack happened on my PC as it’s impossible to happen on a mobile device that I use only for surfing.
I read that article you shared and even Metamask shared a similar article on how to beat these sweepers for people that have assets and tokens other than the main coins BTC,BNB,ETH….., for me I don’t have any tokens in my wallet so I don’t need to do these steps which are possible for people that want to withdraw their tokens but the sweeper eats instantly the gas fees they need to use for withdrawal.
Best thing to do is to avoid opening any wallet on a computer device that is attached to internet that much and used for things. As you said you will be always an easy fish for hackers.

Gladitorcomeback

hero member

Activity: 644

Merit: 591

#SWGT CERTIK Audited

Quote from: GxSTxV on September 06, 2023, 08:28:47 AM

I’m trying to understand how it’s possible for my Metamask wallet to get hacked or interact with a smart contracts that withdraw instantly any BNB or tokens i receive knowing that:

Your private key has been compromised and hacker now using automatic send tool which do automatic bnb transfer im second whenever you send bnb to address. This tool is called sweeper. My wallet is also compromised in that way and I lost more than 1k$ and so far I didn't found any solution. You can learn full about sweeper working process in Below article

https://blog.mycrypto.com/how-to-beat-an-ethereum-based-sweeper-and-recover-your-assets

If you used your wallet in PC then I am pretty sure that all problem happened there because pc security is very low and installing any unknown publisher app/game will enter malware your pc. These malware leak your personal data ,keyboard key and copy text. Once hackers get your secret key than he use sweepers and we cannot send our tokens or do any action because gas fee automatically transfer to hacker address.

I will recommend to use mobile wallet when you create new wallet and don't store cloudy, only save in hard copy. This is much better because possibility of risk is low in mobile.

GxSTxV

hero member

Activity: 784

Merit: 618

As many of you here suggested I already abandoned that wallet unfortunately because apparently there’s nothing much I can do about it, what made me create this topic is the fact that I know when someone lose his PK and that can happen while downloading some malicious programs on computer and even android. If you all could see that my last transaction on my BNB address is 150 days long, and it’s the last time maybe even before i logged in to that Metamask wallet using a computer or android device since then i was using it on my IPAD device and not doing anything with it as i don’t receive or send funds with it. And all that time I’m sure i wasn’t hacked or however the funds get moved out from it just like a sweeper.
The only thing I can think of is if it’s possible to get hacked on an IOS device and get your wallet Private keys stolen?

Quote from: NotATether on September 07, 2023, 05:45:40 AM

Can you get a copy of the smart contract inside any of the BNB transactions and paste it here?

I don’t think that’s possible to get the transaction smart contract, it’s appears as a transfer transaction

tabas

hero member

Activity: 2954

Merit: 725

Top Crypto Casino

Revisit the activities that you've made for the past several months and this hacker is likely just waiting for the victims to do deposits and start sweeping it. It's best to just abandon that wallet of yours and never do any deposits again there and just leave it for good. If it's not the private keys of yours was compromised then for sure that there were like some websites that you've voluntarily approved and got tricked by the hacker to connect your wallet on it. Check yourself, browsing histories, downloaded files, etc.

CryptSafe

sr. member

Activity: 728

Merit: 421

I am sure there must have been a but programmed to do that upon your wallet Connecting or interacting with a smart contract and you approving the connection. It might have access your wallet through that process and possibly withdrawal must have been made by the bit as was programmed for such function.

So sorry about your experience. I will advise you do away with that wallet and if you can, run a scan on your device to know the level at which your gadget was corrupted by such attack and begin the process of formatting your gadget. Do well to not grant third party Dex wallet or app to be gaining access to your wallet or device to ensure the safety of your assets.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

I have no clue how you got hacked to be honest, but Ethereum-type networks are pretty complex, so I was disdained to read inside the metamask article on this thread how you could get a sweeper bot attached to your wallet (and allegedly according to other sources, may not even need your PK if it is a frontrunning bot).

Can you get a copy of the smart contract inside any of the BNB transactions and paste it here?

rat03gopoh

hero member

Activity: 2002

Merit: 633

Your keys, your responsibility

Quote from: decodx on September 06, 2023, 01:32:25 PM

I don't understand these transactions; could someone explain? On the Bscscan explorer, it says that the value is "777 wei," but in regular transactions, this should be the amount of BNB transferred.

If you convert in bnb, it is 0.000000000000000777 bnb (777 wei / 10^18). It's just a bscscan feature to save space and be easy for readers to recognize. wei is the smallest unit of BNB, as sat is the smallest unit of bitcoin.

owlcatz

legendary

Activity: 3570

Merit: 1959

The last comments on this address on bscscan.com indicate it was used to scam (at least?) 2 months ago as well:

https://bscscan.com/address/0x777777776Ae22446A6D46B2FeC86088ad553C0e1#comments

Blacklist time?... Tongue

albon

legendary

Activity: 1680

Merit: 1343

Quote from: khaled0111 on September 06, 2023, 07:13:53 PM

It seems you are not the only victim of this hack. The hacker's address has thousands of incoming transactions!
I even found this complaint on trustwallet forum from a member complaining about his coins being instantly swept to the same address you mentioned: https://community.trustwallet.com/t/i-don-t-have-access-to-my-wallet/817171

Yes, you are right, Khaled. The scammer has hundreds of transactions containing the value of 777 wei, and this indicates that the scammer managed to inject his malicious bot into the victims' wallets, and he succeeded in this by stealing and accessing the private key/recovery phrases. Sad to lose GxSTxV, but lucky that he only deposited $2 of BNB from Binance and discovered this transaction; it's good that he didn't deposit hundreds of dollars; they would have been transferred directly to the scammer's wallet.

Quote from: khaled0111 on September 06, 2023, 07:13:53 PM

It's clear your wallet is being cleared by a sweeper bot, as other members suggested, but the real question that only you can answer:is how your device got infected / seed exposed?

This is an excellent question, and the OP should look into the main reason that led to his wallet security information being exposed, as computer cracks, torrent programs, fake browser extensions, and cracked mobile applications and interactions with Dapps are among the common reasons.

khaled0111

legendary

Activity: 2520

Merit: 2853

Top Crypto Casino

It seems you are not the only victim of this hack. The hacker's address has thousands of incoming transactions!
I even found this complaint on trustwallet forum from a member complaining about his coins being instantly swept to the same address you mentioned: https://community.trustwallet.com/t/i-don-t-have-access-to-my-wallet/817171

It's clear your wallet is being cleared by a sweeper bot, as other members suggested, but the real question that only you can answer:is how your device got infected / seed exposed?

Zaguru12

hero member

Activity: 672

Merit: 855

Quote from: GxSTxV on September 06, 2023, 08:28:47 AM

I sent some more BNB from binance after checking that my wallet is only connected to my IPAD device and revoked all apps and still there’s a smart contract interaction and moving the token to the hacker address almost instantly.
Transaction ID: https://bscscan.com/tx/0xec0183ddffe7379cbc971bdd44a2b28c8579d6f75fcce4c96f44f6845feedcc0

I need your help to understand how is it possible and how can i regain my wallet?

I have read about a similar situation before on this forum before particularly Metamask was also the wallet that was affected. If the wallet is usually drained once you make a transfer into it, then it is a case of Sweeper bot which is like a script assigned to your wallet and this code automatically transfers the coins on a certain blockchain that is affected, in this case it could be the BNB blockchain.

MetaMask has recently provided a guide on how to Fighting back against sweeper bots, read through it maybe it could help solve your problem

Quote from: GxSTxV on September 06, 2023, 08:28:47 AM

- I didn’t access, login or leave my wallet in any place that has internet until last week to participate in ZenLand review Campaign.
- That address where my BNB were sent to is no more than two months old and when last time I logged and used my wallet is mire than three months and that time my wallet wasn’t infected.
- I don’t have any walletconnect attached to my wallet or token approval which i always revoke.

I just went to search out the thread that I saw a similar post and when I found it, your reply there actually means that you have one way or the other actually connect your wallet before to a DApps maybe not the metamask but another wallet and probably you though disconnecting the Web3 DApps and moving to another wallet (from trustwallet to metamask) will solve the issue and as it is now it is still that same bot on that BNB blockchain that is still affecting you. The best thing is to forget that wallet and create an entire new one with a different keys and seeds and also read about the sweeper bots from the link provided up

Nwada001

hero member

Activity: 574

Merit: 627

I have seen cases of this kind in this forum where the Op claims that they have been hacked and the hacker is only targeting their Native tokens, either on Bsc, Eth, polygon or which ever place that they have something that could be used as transaction/gas fee and 4/5 of those cases where a situation where the Op was a victims of some form of scam airdrop and it happens that they connected their wallet to the scammers web3 which automatically gave the scammers access to their wallet, and they installed and activated a bot on the wallet which detects every deposit made to the wallet in almost in an instant and move it out to a specific wallet leaving other alt coins which are in that same wallet untouched and the owner of the wallet stagnates as they can't be a ale to withdraw out their money.

I believe this is the same case that you are into, and for you to withdraw whatever you have in there, you will need some extra skill and a bot that can defeat the already installed bot in your wallet. If you don't have anything valuable in there, it will be in your best interest to abandon the wallet.

348Judah

hero member

Activity: 714

Merit: 521

There are mistakes we made and count them as normal thing and overlooked them, but this are expensive ones in which if care is not taken, we may render ourselves totally vulnerable to attack we are less conscious about, as long as your wallet is compromised then it's a clear picture that shows something is definitely wrong somewhere, this may have to do with where you keep your device which someone may probably have access to, or maybe you make use of an OTG external drive device on it to transfer some files and things got compromised there, i will advise you check within first, also take a look on how you save your private keys as well.

decodx

hero member

Activity: 1428

Merit: 931

🇺🇦 Glory to Ukraine!

I don't understand these transactions; could someone explain? On the Bscscan explorer, it says that the value is "777 wei," but in regular transactions, this should be the amount of BNB transferred.
Furthermore, the transaction fee appears to be the exact amount of BNB that the hacker took from the OP. What's the advantage for the thief if they spend the entire amount on the transaction fee?

@OP, I don't think you can recover your address anymore. It's better to create a new wallet. Fortunately, the stolen amount isn't that big.

Yogee

sr. member

Activity: 1526

Merit: 412

You must have downloaded something that compromised your device as zwei said. Were you not aware that there was already a transfer out from your personal wallet to the supposed hacker's address 2 hours prior to your deposit from Binance?

Zwei

hero member

Activity: 487

Merit: 536

All I need's a win.

Quote from: GxSTxV on September 06, 2023, 08:28:47 AM

- I didn’t access, login or leave my wallet in any place that has internet until last week to participate in ZenLand review Campaign.

Most likely is that your PK got compromised somehow.

Quote from: GxSTxV on September 06, 2023, 08:28:47 AM

- I don’t have any walletconnect attached to my wallet or token approval which i always revoke.

This can't stop funds from being moved if your PK was compromised.

Quote from: GxSTxV on September 06, 2023, 08:28:47 AM

I sent some more BNB from binance after checking that my wallet is only connected to my IPAD device and revoked all apps and still there’s a smart contract interaction and moving the token to the hacker address almost instantly.
Transaction ID: https://bscscan.com/tx/0xec0183ddffe7379cbc971bdd44a2b28c8579d6f75fcce4c96f44f6845feedcc0

This proves that your PK was indeed compromised.
It could be malware on the device you had it on.

Quote from: GxSTxV on September 06, 2023, 08:28:47 AM

I need your help to understand how is it possible and how can i regain my wallet?

You should forget about this wallet, since the hacker has your PK any future coins sent there are his to take, that's why he is using a smart contract so he can move the coins instantly.
Best thig to do is nuke the OS of the device that the wallet was on, change accounts passwords, and if you had any other wallet on that device I would move those coins to a new wallet.

GxSTxV

hero member

Activity: 784

Merit: 618

I’m trying to understand how it’s possible for my Metamask wallet to get hacked or interact with a smart contracts that withdraw instantly any BNB or tokens i receive knowing that:
- I didn’t access, login or leave my wallet in any place that has internet until last week to participate in ZenLand review Campaign.
- That address where my BNB were sent to is no more than two months old and when last time I logged and used my wallet is mire than three months and that time my wallet wasn’t infected.
- I don’t have any walletconnect attached to my wallet or token approval which i always revoke.

Here is wallet address : 0xFE55bD59Ec268D211e8cE1DA9DE785946EE4Fe65
Hacker address: 0x777777776Ae22446A6D46B2FeC86088ad553C0e1

I sent some more BNB from binance after checking that my wallet is only connected to my IPAD device and revoked all apps and still there’s a smart contract interaction and moving the token to the hacker address almost instantly.
Transaction ID: https://bscscan.com/tx/0xec0183ddffe7379cbc971bdd44a2b28c8579d6f75fcce4c96f44f6845feedcc0

I need your help to understand how is it possible and how can i regain my wallet?

Topic: [hacked wallet] how is this even possible (Read 349 times)