Topic: My wallet has Been Hacked. i need your help guyz. (Read 634 times)

I think this is one of the reasons why wallets can be hacked. but keep in mind that don't connect your wallet to sites that are really unknown like fake airdrop claims, NFTs etc.

Try asking too, maybe a few days ago you connected your wallet to the claim airdrop site or not. What is certain is that the wallet can no longer be used. Let it go.

Regarding your situation, I am sorry to hear that your Trust Wallet has been hacked. It is important to take immediate action and secure your assets.

If the incident has been hacked, you should not use those wallets again. It's important to always double-check the address you're sending funds to, and to make sure you have proper security measures in place, such as two-factor authentication.

I mean, it's always better to be safe than sorry when it comes to protecting your assets.

Specifically, it is Google Drive. I don't know what kind of deal they have with Google that they confidently add it as a backup option, but safe to say nobody should ever use it. zetfex, you should check if you've activated this option in one of your wallets, if that is true you should check if your Google account has been breached or not. Worst case scenario they have more than just your seeds/private key.

In general yes it is risky, especially if you use a connected device since some keylogger might be lurking somewhere. If you use an air-gapped device that has never been connected to the internet you can use it to copy-paste stuff though. That being said, I don't think you should copy-paste your seeds from one device to another, especially if the latter is connected to the internet. CMIIW.

This is debatable since some airdrops require some tasks such as making transactions worth more than $1000 for the last three months or something similar. Maintaining different wallets just for that purpose can be quite costly. Not to mention it add another layer of risk since you have to keep track of different wallets. As an alternative, you can ignore any airdrops links not shared by the official account of a project you're following, and regularly revoke contracts to make sure your wallet is not connected to any malicious websites/contracts.

IDK if other wallets have this but trust wallet now has the option to back up our seed phrases in a cloud storage. For someone who is new in crypto they might likely try this option because they think it was safe or secure because when they lose their other back ups, they can easily recover it via a cloud storage. This was of course risky for us experienced cyptocoiners because we don't know what is running in the mind of those companies. They might be trusted now but there might be a time that they will be tempted and they will sweep the amounts on the wallets of the private keys that they hold.

Copy and paste? I heard copying a private key using our devices (lappy, pc, mobile) is risky. The best method was still to write down our seed phrases manually in a paper, notebook or something that is more sturdy than these two.

Mistakes that newbies make is using their main wallet to connect to any websites for airdrops that will pay them in pennies, and some websites have malicious activities on them, scammers are waiting for airdroppers to come look ing for free coins and tokens, have a separate wallet for airdrops and it send coins and only send coins and tokens you plan to hold for long term into your main wallet.

When storing up something that mainly important specially private keys or seeds then it would really be a suicide if you do make out some storage neither on cloud or on your PC which it could potentially be having those
exploits or exposure once your device gotten some virus or malwares and same goes into those hacking incident specially on cloud storages. This is why its never been that ideal on having those options.
Just on what you do said that better to paste or copy it on a paper and store it out on somewhere it is really that far on other peoples sight or awareness.
If you do have money to spare then Hardware wallets is always that recommended too.

I experienced the same a few days ago, I was trying to use trust wallet to send btc here to remove IP ban because it can send a lower amount.

I sent BTC from Binance to my trust wallet and it was gone immediately the it showed on my trust wallet. There was like two transactions immediately,  inward and outward. At that time I was still waiting for my coins not realizing its already stolen.

After hours of waiting I decide to contact trust wallet support.  They said a bit might have picked up my seed phrase and accessed my wallet that I should create a new wallet.  Thankfully it's only $20.

Note: I have been using trust wallet for months now, just want to use it a few days ago and this happen.  I stored my seed phrase on Google docs and somewhere on telegram chat between my two account. So I think that's why it was compromised.  If you are doing the same abandone the wallet immediately.  Keep your seed phrase off the internet,  it's even better on paper physical.

Sorry for your loss.

From what you're describing, it sounds like the hacker may have set up some sort of automatic script to automatically transfer any funds that are sent to their address to another address.

Unfortunately, once your funds have been sent to the hacker's address, it's unlikely that you'll be able to recover them.

In terms of preventing further loss, one option would be to immediately stop using your compromised wallet and create a new one with a strong password and two-factor authentication.

I think, you should also make sure to never share your private keys or seed phrases with anyone and only use trusted exchanges or services to exchange cryptocurrencies.

As for transferring your valuable tokens to another address, I would suggest doing so through a different wallet that hasn't been compromised. This will help ensure that your funds are safe and not at risk of being automatically transferred to another address.

Remember, it's always important to stay vigilant and cautious when it comes to cryptocurrency transactions.

I think that this script may be in the DApp applications. You can disable this option from the wallet settings, and I believe that the hacker succeeded in that after you used the DApp on the Trust Wallet, which has access to your private key and you gave it permission to do so, It leads to signing transactions from malicious DApps and to allow the transfer of your tokens, I advise you not to use your infected phone because it may have a Trojan, use another phone and download the official Trust Wallet from Google Play and wait at least a month until you see if the hacker managed to transfer Your coins or not and the last thing you do is deposit BNB fees.

Anyone knows where those MF "injected" those scripts and if there's a way to blacklist the wallet address where the assets are redirecting?

I noticed that this script/bot just monitoring transactions with BNB because I have other tokens in my hacked wallet that is still there and I want to get back, but I  can't hold BNB in this wallet to pay the gas to transfer

When our wallet has been successfully hacked there is no way to stop it, it's better to leave the wallet and leave it alone because that's all we can do, with this incident it should be a lesson for you in the future to be more careful and not be careless when dealing with your wallet and never try to link the wallet with unknown DEX exchange sites or other suspicious sites.

Irreversible transactions is one of the best things on why crypto had been supported but also does have its cons which is really something correlated to this.There's no way that you could retrieve once your
funds had been sent out on a different address or the private keys had been exposed which means that its better to move on and dont hope for any recovery because its all gone 100%.
There's no way that you could really get it back this is why its always important to be that serious on following common security measures so that you would able to protect
yourself on possible hacking incident.

If your wallet has been hacked, it is impossible to get it back.
they will never want to return the contents of your wallet.

There are also many victims
Please check again, if I'm not mistaken for sending BNB from TrustWallet to the exchanger, there is always a Memo column that must be filled in.
If you don't fill in the “Memo”, the sending process will continue, but will go to the main BNB “wallet” (the exchanger wallet).

You can check wallet connection in settings, you remove all sites linked to wallet. And you can learn about active sign missage on your wallet. This can be learned through the trust wallet community or trust wallet development.
But it would be better if you no longer use the wallet, because there is a possibility that hackers already have a backup of the wallet phrase.

Nowadays Many many fake token sent a random address for Swap phishing,I think you connect your wallet unsafe website that's why your private key exposed.Just delete your wallet & create a new address.

I think you should read this article and see if you can apply anything from it:
How to Beat an Ethereum Sweeper Script and Recover Your Assets

This is written for Ethereum-based sweepers but I think it is applicable on the BNB blockchain as well.

That's right, Trust wallet only support on phones no desktop version so no PC virus involved here. Don't know how but it looks like OP leaked the private key of the trust wallet, what he can do is create a new wallet and move all remaining tokens to the new wallet and stop using the old wallet in all cases. There will be no way to protect the assets once the private key is exposed, private key changes on trust wallet are not available.

I understand your actual problem now. It seems the tokens stuck unless you are able to send the fees that you need to transfer them. I know scripts can be injected but I have not idea how to remove the injected script.

Obviously his private key was compromised by any how. I was thinking to suggest him to post on Bitcoin Technical Support. There should be a way instead of waiting for the bot to stop working.

Cryptornd, you will have more technically sounds users when you take this discussion to Bitcoin Technical Support board.

I agree with you in one part, but we should not generalize when it comes to security and different devices/operating systems. Although the average user of a desktop computer will pick up a virus/malware much sooner due to the habit of downloading torrents or cracked software, it should be recognized that desktop computers still have some kind of protection, unlike smartphones, where users almost never use AV or a firewall.

In addition, smartphones based on Android are often very quickly left without support in the form of security patches, which opens up a lot of space for attacks through various vulnerabilities. My smartphone, which is only 3 years old and was one of the flagships in its time, received the last update about 10 months ago, and the question is whether it will ever receive any updates again - and I personally consider it a greater risk than Windows 10, which is despite all the flaws still regularly updated.