About a month ago, I woke up and saw many transactions related to my air addresses on the phone screen.
I immediately realized this was a hack, and the funds were lost. I must say, it was about 30% of my funds in crypto.
The worst thing at that moment was to see how a hacker takes everything from wallets right in front of your eyes, but this cannot be stopped.
I have been analyzing the causes and ways to avoid this all this time.
I have a post with error analysis.
How was I hacked?In fact, the hack was made possible by three factors:
- My inattention when I saved and forgot the MetaMask seed in Evernote
- My security ignorance when I allowed myself to enter data in an insecure network and did not have 2FA
- The insecurity of Evernote, which could not protect me from unknown input in any way
But first things first.
I was hacked into my Evernote note manager. I did not have 2FA on it because when I tried, It had evil UX (now its OK, but it's too late for me)
So, after getting access using a bot, the hacker checked the whole account, found a seed phrase in a note I created five years ago, and completely forgot about it. I myself had already forgotten and did not know that she was there.
The good news is they didn't take any NFTs.
How did he/she get access to my Evernote? - I still do not fully understand. Priority Version - I entered my account information while on an insecure network. The second version is a hack of Evernote itself, as evidenced by the strange behavior of their system. But I didn't find it on the news network.
It’s interesting how Evernote’s protection worked - on the night of the incident, I received a letter from them that “Your account has been logged in suspiciously. If this is you, click on the button in the email.” I did not press the button, but they still got access. Of course, I also checked the mail against hacking, but there were no unfamiliar logs.
Later, Evernote told me that no one pressed the button, *access was gained later via a login attempt that didn't meet the criteria to generate a notification to your email address* - that is, they entered so that the notification did not come to my mail. How this could happen, the company refused to tell.
The letter arrived at 3:46. The first operation on the wallet took place at 4:43
During this time, hackers entered the notes, scanned them, and hacked MM.
That is done quickly and with understanding.
But further, they forgot to withdraw NFT, which I took advantage of. They discovered this movement and brought out a useless NFT from Coinlist.
How to protect yourself?- Understand that the public network is a danger,
- that an unpassworded network can be bogus
- An insecure connection is no longer just a danger, but a critical risk
- Do not click on obscure links, do not participate in suspicious freebies, etc.
Therefore, it is necessary.- Install a reliable antivirus;
- Don't store anything significant in the clouds
- Enable 2FA authentication everywhere
- Additionally, you can ensure hardware 2FA like YubiKey (for example, to protect your Google account, to which all 2FAs are linked)
- Install a plugin that encrypts all connections using the HTTPS protocol (Kaspersky Lab recommends HTTPS Everywhere);
- Disable automatic connection to Wi-Fi networks (at least unfamiliar ones);
- Do not connect to networks without encryption ("insecure network");
- Use a VPN to encrypt data on a public network
- It is better to enter any critical data in a public place in general through a mobile network (personal hotspot);
- Use a password manager - it allows you to generate complex passwords and store them securely*
- Notepad only for notes, what is stored where in some encrypted form
- Don't use apps like Metamask that store all addresses under one seed. If a hacker gains access to the seed phrase, he will have access to all funds at once.
- Do not store seed from Metamask - store private keys of addresses.
- An even better option is to use apps that link wallets to different seed phrases (1inch Wallet or Zerion**).
*they are also being hacked -
LastPass data was leaked not so long ago. I chose the Keepr manager based on a combination of iOS and Chrome app reviews.
What to do if Metamask has been hacked?If we are talking about Metamask, withdraw all those linked wallets from which the hackers did not withdraw (well, what if). Naturally, this should be a wallet that is not tied to this MM. This is the only thing that can be done during the hack.
Further, to calm the soul, you can notify the support of Metamask, MEW, etherscan, and exchanges about the hacker's wallet, but these measures are unlikely to bring results.
I did not find any (de)centralized service for reporting on hackers' wallets.
You can also write a statement to the police - after all, the hacker will somehow have to withdraw money, and when withdrawing, he will expose his identity. But I'm not sure that someone will actively engage in this.
Well, then start a new wallet, taking into account errors.
Friends, if you can somehow supplement my post or just l