Topic: lost my punks and a bunch of ETH (Read 267 times)

@ 2 when I've read that there's a bot and link that has been sent and notified him, that's it. Whenever there are groups that you join and there are links that are being pushed for you to visit, don't be too hasty of clicking them. It asked for the seed phrase and that's how he lost it.
Well, he has lost it and as he said probably his mind was in panic on that time knowing that he got million in investment with that wallet so did he entered it. Well, he has a million but forgotten to be careful on that moment.

It's sometimes okay being lazy when you get tired but he should have checked tge site first rather than type out all the seed phrase when you read somewhere that the wallet is compromise when the truth is it didn't happen unless you did intentionally share the seed phrase then don't expect that your funds are still there.

I used to get fake giveaway scams all the time in my Discord DMs until I nuked the link to discord from my website, so yeah. If scammers find you there then either your profile is public or you're in some large bitcoin server.

This makes me think that laziness and relaxation in the crypto world can sometimes do us great harm.
I feel very sorry about this, this will be his hardest day.

I'm sorry for your loss.  One of the downsides of Metamask is that it makes it so easy for sites to interact with your wallet, that there is a security concern there if you aren't familiar with the way it works or failed to catch the warning signs.  With ease of use comes great responsibility.  Metamask seems ripe for phishing attempts by malicious characters/websites and with the NFT craze in full swing, you would be wise to take an overabundance of caution when interacting with it.

Thank you for the reply -- I'm not ready to say that they're scams, but I do think they're walking a very thin line. 

Still, I'm curious to hear from anyone that has worked with them directly.

I do not have any experience with companies promising this but there is no way they can offer a service and take money on it legitimately when there is no way they could get that money back. If you have been scammed I do not think a scammer will suddenly be willing to give you your money back just because a company representing you have asked for it back they would just ignore it. These companies are scammers too.

>if they find that funds have ended up on some crypto exchange they can try to block those funds and initiate a return process.

I agree in theory -- although I think this is quite difficult in practice, for a couple of reasons:

• While it's easy to track Bitcoin from wallet to wallet (assuming the scammer isn't using mixers) it's hard to figure out which addresses are owned by an exchange. You'd need to work with a company like Chainalysis, and I don't have a sense of how expensive that is.
• The exchanges themselves get a lot of support requests, and it isn't clear to me that a civilian would get a timely and serious response if they reported that someone had stolen their funds and cashed them out an an exchange. In fact, I imagine that in most countries exchanges are forbidden from releasing identifiable information on a customer without law enforcement involvement.
• The (only?) way to track down the scammer is once they have moved funds out of an exchange.  That's literally the first time that you might be able to connect an address to an identity.  And, at that point the scammer has removed the funds.  To retrieve some portion of the funds at that point requires an arrest, a court finding, that there be funds left to distribute to victims, potentially a search for other victims -- it's a long-term process.

Am I thinking about this the wrong way?  Are there any exchanges that have gone on public record saying that they will initiate a return of funds without law enforcement involvement?

I wonder if there's an opportunity for a tool that lets people report a crime and pay a bounty for the conviction of the criminal.  The bounty might be broken down into several standardized steps:

• Verify the story of the person reporting the crime
• Report to law enforcement
• Notify other victims*
• Track the funds on the blockchain
• Figure out whether funds have reached an exchange / which exchange
• Distribute balance of bounty on arrest, conviction, etc

*There's a fascinating trick for this in this Youtube video about cracking brain wallets at the 8:34 mark: https://www.youtube.com/watch?v=foil0hzl4Pg&ab_channel=DEFCONConference

Essentially, you send a very small deposit to the public address from which the funds originated using a vanity address.  (For example, the vanity address could be: 1SCAM4SLRHtKNngkdXEeobR76b53LETtpyT). It's not a perfect solution -- although it might help in some cases.

I can’t say anything from personal experience because luckily I never needed such a service. What is a problem is the advance payment, and the uncertain outcome of their rescue attempt, and in my opinion it only makes sense if the amounts are really large and there is no other way.

Furthermore, such investigations can only be successful if the hacker did not use mixing coins and all other available methods to cover up his tracks - because then I don't see how anyone could find out where the stolen funds are. Anyone who is hacked has the ability to try to track transactions, and if they find that funds have ended up on some crypto exchange they can try to block those funds and initiate a return process.

Scams in the crypto space are up -- way up -- this year.  Here's a recent graph from the US Federal Trade Commission:
https://www.ftc.gov/sites/default/files/u52513/cryptocurrency-may-2021.png

We've been researching best practices for people caught up in scams -- which boil down to:

• Don't make it worse
• Write down the details while it's fresh in your mind
• Report it to the relevant regulatory agencies

Does anyone have first-hand experience with the for-profit companies that claim to be able to help recover funds?

• One claims to attempt to track wallet (presumably at an exchange) then work with law enforcement to retrieve funds
• Another essentially says "ask the scammer to refund your money"

I'm very skeptical of these companies -- as I understand they all require payment up-front, and they all require law enforcement involvement to actually recover funds.  Which means that you could potentially have just as high a probability of recovering funds without the for-profit company in the middle.

Anyone have actual experience with them?

Sometimes our mind is boggled with lot of stuff and we loose that sense which limits or stop us to fall prey for such scams and same thing happened with him also.He sees his security compromised and unknowingly enter the seed phrase and giving access to the scammers of his tokens and punk suffering a huge loss.He is developer ane still fall prey for such scam because his mind was not stable at that time.We should always be careful and double check everything before giving anyone access to our wallets because once lost cannot be recovered.Your coins your security.

But yes using hardware wallets like ledger and trezor have security benefits and scammers can't fool you with any security breach.

You probably shouldn't keep your seed phrase under your pillow.
You need to make sure that you have to perform certain actions to get it. For example, turn on another computer that does not have access to the Internet. In the meantime, you will do this, then you will understand that the scammers want to deceive you.

Giving your seed phrase all over the internet doesn't need an approval from someone who is in the crypto space.

Not disclosing your seed phrase to anyone on this planet (unless you are planning to secure your asset to your heirs) should be a hard set rule for people who is in this field whether you are an expert or a newbie. In fact, even before we write our seed phrase on the paper, there is a huge warning that we should keep it secret at all cost.

Before verifying such actions, I would choose to have third party opinion from my crypto colleagues or any legit sources. Hackers and scammers are innovating new ways to fool us.


Coz’ scammers never stop taking advantage of our hard earned funds at all costs. Scammers are everywhere and there’s no way to stop them except if we are extra careful on what we do in our crypto wallets, etc.

i just saw the hacker address and the hacker still doingly active exchange and not try to mixing it
the address have a lot of money sell all eth at the same time make the red candlle fell

why scammer still exist nowaday

This can't happen to everyone, only to people who are careless and obviously have enough money to be able to afford something like this to happen to them. People who have learned the basics of cryptocurrencies and the basics of using the internet will never fall for such a cheap trick - but obviously there are a lot of those who think they are geniuses because they programmed a simple video game - and at the same time some not so ingenious kid takes them $ million without getting up from his chair.

---

It is better to learn from the examples of others than to pay dearly for your mistakes - unfortunately (for them) many first invest in cryptocurrencies and then try to understand what it is about - an approach that usually ends badly for them. Since I became a member of the forum, I have not noticed that anything is improving on this issue - on the contrary, the number of those who become victims of crypto scam is increasing from year to year.

Some people are way too careless with their crypto, they log in to their wallets on online machines, they click on links and popups without thinking twice, they send coin to people they have talked for the first time 20 minutes ago. Scams like this would never work against someone who made it a habit to verify everything when it comes to their crypto holdings. When you see a security alert, the first thing you should do is not rush to click on it and do as it says, but verify genuinity, and read about recommended step from official sources. This is just basic logic. Saying "I was tired" is not an excuse.

I read the full story earlier on and was surprise why a developer who knew about crypto since 2017 fell for such an old scam trick from a stranger from discord 

Having even over $30,000 worth of crypto in an address should be more than enough to make someone paranoid and guard their assets with extra care. How he just kept carelessly playing with his mnemonic phrase containing crypto worth $1M is beyond my understanding. Like, which kind of dev does that?

Very bad judgement by someone who was supposed to know better. From what I can see on the picture on Twitter, that is a private message that he received from that alleged CryptoPunks bot. He clicked on a link from an unknown sender, which obviously leads to a fake site. That's the equivalent of clicking on any links you receive via email as spam. If Cryptopunks organized such an anniversary, the right thing to do is to check it out by visiting the official site or social media channels and reading more about it there.

It is also not recommended to log in to MetaMask after clicking on a link on any website. Unlock your MetaMask in advance before loading the site that needs it. That way you will be alarmed if you are being asked to enter your password, download an update, or enter your seed.

So many things went wrong and were forgotten by the victim in this case. Very expensive lesson.     

As everyone has said, taking any action when your mind is foggy is not wise. But from the story, the guy in question was just casually browsing through, maybe lack of sleep kept them awake, before seeing the pop up with a security threat on their wallet, now that's a message no one can ignore regardless of how under the weather you are. The scammers may have not timed it, but they had a huge help from luck, as they got their victim in a situation they were most vulnerable with a message they could not ignore.

Preventing yourself from coming across such poo ups is one of the best advices;
• Use adblockers,
• Do not have your wallet installed on your phone or computer you use to browse often,
• Seek third party opinions before taking actions you do not trust.

Exactly my thought! I am not yet experienced in crypto, but I know that falling prey to phishing sites is one of the things that has been knocked into my head by the person that introduced me to it. It is quite appalling reading that a developer fell for it.

Nothing says the OP must to anything when tired and stressed out. He could have closed his system and taken a break. That would have saved his mind and money too. Taking a decision when the mind is in distress often lead to bad judgement. Another amusing thing is how the victim willingly behaved like a novice and fell for an old trick of phishing sites.

The whole story is also described here.
https://www.bitcoinlinux.com/2021/08/02/nft-game-founder-loses-1-million-to-scammers-heres-how/

The strange thing is that he seems to be not a newbie, and is a game developer. But the fact that the guy was so naively caught on a phishing site suggests that no one is immune from mistakes.
What is the conclusion here? Banners are evil, remove all presence of banners, pop-up ads, and other shit. You shouldn't click and trust such things. And also, never approach the computer being in a "foggy state", it can probably be attributed to alcohol, if you have a million bucks.  

crypto and security is not the same thing being in crypto for 10 years would not give you any security knowledge outside of what is used in cryptocurrencies which is not a lot when you look at this lapse of judgement.

This is a beginner's mistake, no matter what someone says "I am in crypto from 2017", it does not mean that he has learned at least some basic things. No matter which wallet you use, a backup in the form of a seed or just a private key is something that is not kept at your fingertips so that you can retrieve it at any time.

Amazing story, because watch this - the character is lying in bed, not feeling very well and playing on social media while at the same time having his seed next to him - and that seed is worth as much as $1 million

Yet it’s not something that can happen to me or most on this forum - we don’t have $1 million, and we certainly don’t keep our seed under the pillow...

This is the reason why I'm more confident having accounts on different websites/services that uses metamask and other similar wallets or wallet in browser extensions. Having thoughts that my coins will not disappear just after logging in on those things.

Even a person with much knowledge with security and crypto can still be victim because knowledge is not everything, sometimes you still need to rely on the devices/things you're using.

Ledger and Trezor have a 24-word seed phrase and an additional passphrase can be set. Even if you are very tired and pass 24 words to a scammer, he will not be able to do anything without a passphrase.
In metamask, an empty wallet is first created, and then a hardware wallet is connected. If you pass the seed phrase from the initial wallet to the scammer, nothing will happen.

A seed phrase is not required to connect a hardware wallet to a metamask. The seed phrase from a hardware wallet will only be used after the hardware wallet breaks down and access is restored on another wallet.
Data is entered only on a wallet that is not connected to the Internet.
When using a hardware wallet, you don't need your seed phrase for transactions.

I was wondering why he had to transfer it to his friend's wallet. Doesn't he have another device?

That's true. Hardware or software doesn't matter in this case since it's the seed phrase. It's not the same as connecting wallet to a fake site and authorizing it to spend whatever token you have.

He might've still fallen for it, they still use mnemonics and you have to recover them by putting the mnemonics in.

Nothing beats not doing stuff when you're tired though, especially when you've got a lot of funds (relative to the person) on those keys.

This is the story of a Cofounder of hellohedgie who lost over $ 1 million

https://twitter.com/stazie/status/1421479497493360645

"1/9 I lost my punks and a bunch of ETH ↓
2/9 I was lying in bed yesterday evening, mind was very foggy, casually browsing. Saw this bot in Discord and clicked the link. The site looked like Cryptopunks, and had a popup that looked like Metamask…
3/9 …saying something like the security was compromised, and asking to enter the seed phrase to restore the wallet connection to the site.
4/9 The domain of course is fake, it’s .to instead of .com
The whole thing happened like a bad dream, almost felt like I was hypnotized. There was zero critical thinking, and this is beyond idiotic. The punks and ETH was quickly gone before I could do anything.
5/9 Now MetaMask is displaying the phishing warning on that domain.
6/9 I’m in crypto since 2017 and know to watch out for this. I can only ascribe it to being burnt out, tired and frustrated (personal issues).
7/9 I was able to transfer WETH out, and spent the night transferring artworks one by one to my friend’s wallet. He sent me some ETH to pay for gas.
8/9 This is the scammer’s account: https://larvalabs.com/cryptopunks/accountinfo?account=0x7a1e345061f170463af6252a613e854cbb164a75
9/9 This is extremely painful and embarrassing. Not posting about it, feels even worse. "

This is a common phishing attack that sent the user to a fake site, where the user was prompted for a seed phrase that gives access to the wallet.
Further, all coins and tokens were stolen.

If the user was using a hardware wallet, he would not have given the user access to his wallet.

Conserve your funds and use hardware wallets.