Topic: More than 5 WBTC (BTC) was stolen from my Metamask wallet!!! - page 2. (Read 362 times)

I am very sorry for your loss. But you were completely careless about your money.

A seed is considered exposed when you type in a computer with internet acess

How come you mirrored a wallet in two computers using the same seed and send hundreds of thousand dollars to it?

For everyone using cryptocurrencies: study, understand what you are doing before putting your life savings into a wallet.

Don't get met wrong. Metamask is an amazing software. But you used it the wrong way.
You can use metamask with a hardware wallet and it will become a cold wallet.

But you cannot store your life-savings into a wallet where you type your seed in different computers.

---

Personally,  I consider all my devices compromised and I use only hardware wallets.

I have a few bucks in my mobile phone .about 100 usd. That's it.

Sorry for your loss bud. It sucks to get weaseled out of your hard earned funds and more so when you don't know who did it or how it was done with certainty.

It's not a wise choice to have one address spread over different devices. A hardware wallet is definitely the best option, but if you must use a wallet on a device for regular transactions, it's best to install it on the device you use least to access the internet; This was you limit the level of exposure to hack attempts and can also be certain where a breach occured through in the off chance that it happens.

I'm sorry for your loss OP. If anything the best that I can tell you is that you should assume that your devices are compromised and the following should be done:

• Fully analysis on your PC to check for malware/virus. - You mentioned that you've installed some program (not related with crypto) on June 14. May I ask which was it and where did you got it from? There's a slight possibility that it was the vector attack that allowed to have access to private information of yours.
• Verify if you got the real application installed in your iPhone - See who was the developer behind the app and make sure that you've installed the official one. While the Apple store has more quality control in their store than Google's Play Store, it wouldn't be the first time that a fake application related with crypto was available to download on it[1].
• Transfer all your funds to HW wallets - Since the seed words within a HW never "exit" the device, it's the most safest way to have them stored (assuming you don't share the seed words nor loose the device).
• Consider changing the password to every account (or the most essential accounts) that you use - This goes from either bank accounts to e-mail accounts. Again, we don't know how long your information may have been exposed to someone else.
• Activate 2FA on every service that you can - For instance, if you got e-mail confirmation + 2FA activated on Metamask (I don't know if it's possible (?)), the attacker would still have to access to both your e-mail and your 2FA device in order to successfully execute the transfer. In Binance, for instance, I know that some users have to insert a code that is sent to their e-mail plus their 2FA code in order to send money between addresses (friends experience regarding BTC usage).

These were just some ideas that came to my mind while reading your story but I highly advice you that you consider at least some of them so that you can prevent further similar events to happen. It seems that you already use a HW device (which is good by itself), I just hope that this event makes you consider extending the usage of the HW device to all of your (crypto) holdings...

---

[1]https://www.washingtonpost.com/technology/2021/03/30/trezor-scam-bitcoin-1-million/
[2]https://github.com/beemdevelopment/Aegis
[3]https://github.com/andOTP/andOTP

I think, it is not the metamask itself that failed the security here.
The OP mentioned about installing a software application and at the same time expiring his norton security subscription.
So that case, he was very vulnerable to outside attacks. And how did hackers know about his large crypto funds?
It may be someone that knew him from social media channels, and that they knew he is into crypto with good amount of coins.
Because we don't know the whole story, the hackers may know the OP for all we know.
So aside from securing your funds in your own hardware wallet, make sure you don't disclose your crypto activities in social media.

wow.. phishing on real time bro..

one question, windows correctly ?

Beacause in linux u cannot exec command directly on OS. Maybe living on this crypto world as good option try linux or hackintosh,
`impossible` to hack as your example.

i never leave bigger ammounts in hot wallet, trust, fearless etc. All bigger amount is in nanoX with 24 keywords offline from internet and from world.  5/6 years using, no problems so far

Sorry for you loss bro, i tried track something, but used decentralized exchanges ,impossible to track.

As a Advice,

 use hardware wallet always with bigger amounts, backp phrase paper, with your familiar wife, or son.

Sorry for what happened to you lately man. I know how you feel because my Metamask and Trust Wallet accounts were hacked last April 20th of this year. Even though $12,000 might not be big to you, but it is to me because I am living in a 3rd world country. The hacker have successfully penetrated my mind by acting like he is the CEO of a P2E company (stupid of me for not doing my own diligence) pretending to be interested to have a collaboration with me on Youtube.

He asked me to download the ZIP file with a password. When I opened it, I saw a bunch of document files along with the fake PDF that I have clicked which turned out to be a malware. That time, I also didn't renew my Avast antivirus. No matter how much I tried avoiding myself to get hacked, but the hacker is finding new ways and they are not stopping until they finally get what they want.

Now I am doing my own diligence must not be in a rush for some things for the sake of opportunities.

That's a lot and sorry for your loss.

It's not really a good storage to keep your money on a metamask. A small amount would do but having that sums of money, it should have been into a hardware wallet. You should have swapped it into actual btc and not wrapped so that you'll be forced to keep it onto a hardware wallet.

The cause might be that software you've downloaded prior to the hack and whether you use mac os or windows, there has been a lot of hijackers in different app marketplaces.

Im very sorry for you loss   the worst part is that now the hackers have 100k USD more to fund their hacking operation and they will for shure advance more with their stealing. So everyone be careful and never store more than you need in that exact moment on a hot wallet!

Very sorry to hear this bad news.
I hope you can get the money back as soon as possible through the success of your investments.

Two things can be learned from your story:
First, hot wallets cannot in any way be suitable for long-term storage or be used to store large amounts of money. Using a hardware wallet is the best solution, and there are no other solutions that compare to it.
Secondly, altcoins never represent a real alternative to Bitcoin, and nothing guarantees that it will not collapse overnight. I find it very risky that a huge amount exceeding $100,000 at the current price of Bitcoin will be put into token on the Ethereum network.

5 WBTC is a huge sum to be lost.  But however I am pretty sure those new softwares downloaded without a proper internet security most have led in virus into your desktop which gave room for your metamask  wallet to be wipe out. And secondly, who else knows you have such money in your metamask wallet? Because these days you can't trust anyone again, but am still convince the lickage most have come as a result of the newly downloaded softwares because Metamask is an encrypted wallet that can only be unlocked with the use of a password or seed phrase

advice to all.

never have more then a few weeks salary(reasonable amount to lose without causing life changing loss) on a hot wallet (easy access wallet that is used daily and spends too easily)

I have been storing some crypto in Metamask wallet since early 2021. Last week, I opened my wallet and saw it empty. First I thought it was an error, but after reviewing the transactions, I realized my wallet has been drained out. About 5.6 WBTC (equivalent to 5.6 BTC) was sent out to some unknown address without my knowledge on June 15, 2022. 

Here's the history of my Metamask wallet: I installed the wallet on a desktop in early 2021 and transferred some fund into it. Shortly after, I installed Metamask wallet on my laptop using the same seed. So, I have the same wallet on two PC mirroring each other. A few months ago (around April) I installed the wallet on my iPhone with the same seed, so basically all three devices had the same wallet. Up to that point I had about 126K USD Coin in the wallet. On June 14 I swapped all the USDC for WBTC, with amounted to about 5.6 WBTC. All transactions were done through iPhone. A few days later I opened the wallet on my iPhone and was shocked to see that the wallet was empty. Some transactions were made on June 15, sending all the WBTC and ETH out without my knowledge.

Needless to say, it was a trauma for me. I was scrambling to find out how it happened. Did I download a rogue version of Metamask, or one of my devices was compromised? For the PC, I downloaded it from metamask.io. For the iPhone, I used Apple store. Here's a few things that may give clues to how the attack came through:

1) The fund has been in my wallet for months so if the attackers wanted to take it they could have done so earlier. It must be something I have done lately. One June 13 I downloaded some software and installed it on my desktop. The software was not related to crypto. At the same time, my Norton Security subscription just expired and I didn't renew it right away. So there's lapse of security on my desktop around the time of the attack. The desktop is used on daily basis and it is on most of the time during my work hours. 

2) All the latest transactions was done through iPhone, so I wonder if the attack could be on my iPhone? One thing I notice is that while all the latest activities are shown on my iPhone Metamask wallet, they are not shown on my desktop nor laptop wallet. All the transactions I made on June 14 (to swap USDC to WBTC), and the unauthorized transaction of sending WBTC out, are shown on iPhone, but not on desktop or laptop. Looks like someone has erased the transactions to hide them from me. Though I can view them on Etherscan.

3) I did not turn on the laptop in the week leading up to June 15, the date of the unauthorized transaction. I actually barely used my laptop to access Metamask.

Here's my wallet activities on Etherscan:
https://etherscan.io/address/0xbf0a095f3479847c8bf677e33046a5e7b5dcce94

I learned that I can store my BTC in hardware Tresor wallet and trade through Metamask, instead of storing the coin in Metamask itself. I wish I knew that sooner. I take my consolation in the fact that this is not all the BTC I have. I still have some BTC stored in Tresor wallet. If anyone is storing your coin in Metamask, I urge you to use Tresor instead. Use Metamask to trade only, not to store the key.