Topic: lost my punks and a bunch of ETH - page 2. (Read 267 times)

Exactly my thought! I am not yet experienced in crypto, but I know that falling prey to phishing sites is one of the things that has been knocked into my head by the person that introduced me to it. It is quite appalling reading that a developer fell for it.

Nothing says the OP must to anything when tired and stressed out. He could have closed his system and taken a break. That would have saved his mind and money too. Taking a decision when the mind is in distress often lead to bad judgement. Another amusing thing is how the victim willingly behaved like a novice and fell for an old trick of phishing sites.

The whole story is also described here.
https://www.bitcoinlinux.com/2021/08/02/nft-game-founder-loses-1-million-to-scammers-heres-how/

The strange thing is that he seems to be not a newbie, and is a game developer. But the fact that the guy was so naively caught on a phishing site suggests that no one is immune from mistakes.
What is the conclusion here? Banners are evil, remove all presence of banners, pop-up ads, and other shit. You shouldn't click and trust such things. And also, never approach the computer being in a "foggy state", it can probably be attributed to alcohol, if you have a million bucks.  

crypto and security is not the same thing being in crypto for 10 years would not give you any security knowledge outside of what is used in cryptocurrencies which is not a lot when you look at this lapse of judgement.

This is a beginner's mistake, no matter what someone says "I am in crypto from 2017", it does not mean that he has learned at least some basic things. No matter which wallet you use, a backup in the form of a seed or just a private key is something that is not kept at your fingertips so that you can retrieve it at any time.

Amazing story, because watch this - the character is lying in bed, not feeling very well and playing on social media while at the same time having his seed next to him - and that seed is worth as much as $1 million

Yet it’s not something that can happen to me or most on this forum - we don’t have $1 million, and we certainly don’t keep our seed under the pillow...

This is the reason why I'm more confident having accounts on different websites/services that uses metamask and other similar wallets or wallet in browser extensions. Having thoughts that my coins will not disappear just after logging in on those things.

Even a person with much knowledge with security and crypto can still be victim because knowledge is not everything, sometimes you still need to rely on the devices/things you're using.

Ledger and Trezor have a 24-word seed phrase and an additional passphrase can be set. Even if you are very tired and pass 24 words to a scammer, he will not be able to do anything without a passphrase.
In metamask, an empty wallet is first created, and then a hardware wallet is connected. If you pass the seed phrase from the initial wallet to the scammer, nothing will happen.

A seed phrase is not required to connect a hardware wallet to a metamask. The seed phrase from a hardware wallet will only be used after the hardware wallet breaks down and access is restored on another wallet.
Data is entered only on a wallet that is not connected to the Internet.
When using a hardware wallet, you don't need your seed phrase for transactions.

I was wondering why he had to transfer it to his friend's wallet. Doesn't he have another device?

That's true. Hardware or software doesn't matter in this case since it's the seed phrase. It's not the same as connecting wallet to a fake site and authorizing it to spend whatever token you have.

He might've still fallen for it, they still use mnemonics and you have to recover them by putting the mnemonics in.

Nothing beats not doing stuff when you're tired though, especially when you've got a lot of funds (relative to the person) on those keys.

This is the story of a Cofounder of hellohedgie who lost over $ 1 million

https://twitter.com/stazie/status/1421479497493360645

"1/9 I lost my punks and a bunch of ETH ↓
2/9 I was lying in bed yesterday evening, mind was very foggy, casually browsing. Saw this bot in Discord and clicked the link. The site looked like Cryptopunks, and had a popup that looked like Metamask…
3/9 …saying something like the security was compromised, and asking to enter the seed phrase to restore the wallet connection to the site.
4/9 The domain of course is fake, it’s .to instead of .com
The whole thing happened like a bad dream, almost felt like I was hypnotized. There was zero critical thinking, and this is beyond idiotic. The punks and ETH was quickly gone before I could do anything.
5/9 Now MetaMask is displaying the phishing warning on that domain.
6/9 I’m in crypto since 2017 and know to watch out for this. I can only ascribe it to being burnt out, tired and frustrated (personal issues).
7/9 I was able to transfer WETH out, and spent the night transferring artworks one by one to my friend’s wallet. He sent me some ETH to pay for gas.
8/9 This is the scammer’s account: https://larvalabs.com/cryptopunks/accountinfo?account=0x7a1e345061f170463af6252a613e854cbb164a75
9/9 This is extremely painful and embarrassing. Not posting about it, feels even worse. "

This is a common phishing attack that sent the user to a fake site, where the user was prompted for a seed phrase that gives access to the wallet.
Further, all coins and tokens were stolen.

If the user was using a hardware wallet, he would not have given the user access to his wallet.

Conserve your funds and use hardware wallets.