Topic: Had 165k ETH stolen last night. - page 2. (Read 605 times)

This is the first Web3 App I have used in a very long time, and I used connected to it on July 21st for the 1st time. I reached out to them directly to let them know but they blew me off. The only person that has access to my devices is my long time partner who lives with me.

When did you connect your wallet to this MetaWin application? Was it sometimes in the days leading to the hack or long time before that? You could check their social media and official website to see if there are any reports of hacks or vulnerabilities on their side. Regarding your private keys and seeds not being on the device. You are using MetaMask, right? That's a hot (browser) wallet that holds the necessary signing keys, otherwise you wouldn't be able to sign and broadcast transactions.

I'm not a macbook user, are you referring to this app: rewind.ai? How does it work, how to make sure that this app also doesn't stalk your screen then feed it to the server?


Is it your habit to interact with the web3 app with the main wallet? That's another faux pas.

Who are the people around who are allowed to access your device?

It was an unforeseen windfall from a game, and thus nobody could have known about it beforehand, including myself.


Yes, the address is correct. I received 111 ETH from Bitcasino.io. I managed to transfer 28 ETH to a contract address (Kraken), and then the remaining 88 ETH was maliciously taken. The involvement of a smart contract is indeed peculiar, and if anyone has insights into this, I'd be grateful to hear them.


About my wallet safety: I've been vigilant with my wallet, private keys, and funds. With 'Rewind' on my MacBook, I've been able to track all actions. The only notable event was connecting to MetaWin Dapp via Metamask. My private key or secret seed phrase was not stored on my device, adding to the mystification of this event.

What makes this situation even stranger: I had earlier withdrawn 12 ETH, which remained untouched, yet 88 ETH was swiped suddenly after I sent 28 ETH to Kraken. Moreover, the hacker took the minuscule MATIC I had, followed by a confusing sequence of events involving ACS on the Solana chain. The entire series of transactions has left me bewildered.

Why I don't think it's a sweeper bot: I've even tested depositing a small amount of ETH (as suggested on Reddit), and none of that was taken.

The lingering questions: I'm grappling with how this could have happened. The fact that the funds haven't been moved from the thiefs address and that 12 ETH was left untouched nearly all day that day has me questioning my sanity.

The links to the transactions are:

ETH withdrawal
MATIC transfer
Solana block explorer

I appreciate everyone's understanding and continued assistance. If anyone has insights into this matter, I would greatly value your input.

Best Regards,

What was the Ethereum wallet software used? Scammers cannot steal your coins unless they already have your private key or seed.

Also I saw on Reddit how a hacker who stole ETH was "frontran" by a bot and lost the coins to it, and someone explained to be that frontrunning is just when you take a high-value transaction and change the receiving address to your own and sign the transaction with your own keys - that still doesn't make much sense to me but I think that's what happened in your case. TBH I have no idea how an ETH hard wallet is supposed to protect you from that since it seems to be a network feature.

CertiK's Skytrace is a blockchain exploration tool that might be helpful in tracking your stolen funds. Using a hardware wallet wouldn't have been helpful if you already interacted with a malicious smart contract and hadn't yet revoked it's permissions. Your wallet has thousands of transactions. With that level of activity you are bound to lose track of what contracts you've approved and what sites you interacted with. Scammers are clever and will disguise their scam to look legitimate enough so that you will overlook it amongst all your other activity.

But there was another withdrawal on 26.8381 ETH, which you don't mention, which at that time was $50 thousand dollars. And this transaction was carried out 5 minutes earlier than the amount of 88 ETH was stolen. Maybe someone saw how you made the first withdrawal from the wallet?

It's quite possible. Sometimes it's those closest to us that we forget to look into or don't suspect initially. I would like to ask OP who else close to him/her has access to the computer/phone they were using? Who knew about the money they had and were expecting to receive in the wallet that got emptied?

I think that if the hacker had prior access to the wallet, he would have emptied it when he saw the $7k in it. Unless, of course, the person knew it's only a matter of time before something more vulnerable gets deposited there. The question OP needs to ask themselves is how could they have known, and who knew of the upcoming transaction?

This doesn't look like a case of some clipboard malware as the OP described that the large transfer reached his software wallet, only to find it being swiped 8 minutes later.

OK, the OP lacks to provide some very basic case details  (e.g. which wallet he used), how and with what he interacted with his wallet in the past (some gross mistakes like connecting your metamask to some shady website and granting ridiculous access rights or similar stupid stuff). Who knows, too much room for speculation open.

On the other hand you're very right that much better effort to secure such amounts is mandatory. I mean the user still appears quite composed regarding such a loss, but anyway, no judgement. Even Ledger hardware crap could've prevented this very likely and as OP said, it sat unused in his desk. No further words...

This is exactly what I wanted to say.
If the hacker had previous access to his wallet, why he didn't steal those $7k? It doesn't make sense. The only explanation is that the hacker didn't have access to the wallet at that moment.
Saying that he was expecting such large deposit doesn't make sense, unless it's someone clise to OP who knew he will receive this large amount if money and was waiting for the right moment to empty the wallet. This is why we need more information from OP to understand what've happened.

Sorry for your loss. So after reading the story I realized that someone targeted you because he didn't transfer the funds even after looking into your $7k wallet. He knew that you have a large amount of funds and that you will use this wallet again to make transactions. It is also possible that your computer was already under the control of the hacker, so that he could see all your activities.

Now if this hacker takes this fund in any centralized exchange, then you can trace him and complain to that exchange and the fund can be held with the help of the exchange. But hackers don't seem to send funds to a centralized exchange.

I am sure that this fraudster will not transfer the stolen ETH to a centralized exchange, as he is too smart for this to allow such an oversight. In addition, it can be assumed that this is not the first theft of other people's coins for him and he has already developed an appropriate algorithm of actions. And do not forget that he can make the exchange he is interested in on one of the many decentralized exchanges.

For someone who does not understand the basics, even a hardware wallet will not help, because even such wallets are vulnerable when it comes to clipboard malware. It may be a sophisticated attack, but it is very likely that you have a compromised computer with a possible RAT (remote access trojan) installed.

For such a large sum, I would have definitely made a much better effort and checked everything at least ten times, but obviously everyone has their own standards when it comes to such things. The problem is that these standards sometimes come back like a boomerang and hit an inconvenient place, and then we find ourselves in a big problem.

Such services exist for Bitcoin. If the coins get sent to an address that is a known exchange address, the sites will tag them as such. But here we are talking about Ethereum and I don't know if anyone is running a similar wallet explorer analysis service.

These are the ones I know of:
https://oxt.me/
https://www.bitcoinwhoswho.com/
https://www.walletexplorer.com/

The only one that supports altcoins I have heard of is https://www.breadcrumbs.app/.

If your wallet was compromised, your coins would most probably have been stolen by now. You can't have such a service of tracing who logs in and from where without infringing on your privacy. Serious wallet developers will never consider something like that. Tracking logins is something you have on centralized exchanges, and that's not where you should keep your crypto.

If you look at the comments section of the receiving address on etherscan.io, you can see it's already full of bullshit-scammers looking to make or steal more BTC from anyone who's been robbed ...

Sad story OP. Sorry for the loss. The consequences of contract-interaction are still pretty weak. What the heck were you using anyhow, metamask, .... or??

He have another topic in which he talks about the same story here https://bitcointalksearch.org/topic/m.62616437 And really,
The date shown on Reddit is 29 and here is 28, so I don't know if the problem is in formatting the dates, or is it the same user.

I don't know what the details of the story are, but with the loss of such an amount and without disclosing legal data, no one will be able to help him, whatever it is. Details we give him here.

If you're talking self-control addresses, if that address has output transactions that aren't from your activity, its definitely compromised.

Technically your address is active all the time and can be exported to other wallet platforms by some key derivation method, so there is no log detection and no point in requesting such a feature.

Well, at least reply for what people has asked to offer you some help.

After searching the address in google, i found this reddit thread^[1], OP is much more active there responding every reply, only if the OP here is the same person on that reddit thread.

[1] https://www.reddit.com/r/ethereum/comments/15cc1la/lost_165k_in_eth_straight_talk_about_crypto_safety/

That's a good question that is worth an answer, for a hacker if they have malware in your machine will move that amount right away because $7k can be considered a big amount but it seems it waited for that huge amount to move in so he can do, it can be considered a targeted operation if the hacker knows there's an incoming huge amount or the malware can only read amount that is higher than $7k so it remains untouched until the big amount move in and sent the notification to the hacker to move the funds.

Since it mentioned that there is an interaction to a smart contract address can you give us the name of the platform where you interact, that could be the culprit, this is a lesson here, do not put a huge amount on the wallet that has an interaction with any platform, use a new address on a new wallet.

Ledger cannot do anything than compromising the whole privacy and security measures in place, don't even think of ledger in this, but you can make use of Trezor or any other hardware wallet, but before then, let's hear the complete part of the story, i think it's getting more interesting.


Have you been careless with the way you handled the wallet or what could have caused this, also, one of the reasons why there's no more trust confided with ledger is in such scenario of data breach they do behind your permission to spy and steal your crypto asset unknowing to you