Topic: My wallet has Been Hacked. i need your help guyz. (Read 634 times)

I think this is one of the reasons why wallets can be hacked. but keep in mind that don't connect your wallet to sites that are really unknown like fake airdrop claims, NFTs etc.

Try asking too, maybe a few days ago you connected your wallet to the claim airdrop site or not. What is certain is that the wallet can no longer be used. Let it go.

Regarding your situation, I am sorry to hear that your Trust Wallet has been hacked. It is important to take immediate action and secure your assets.

If the incident has been hacked, you should not use those wallets again. It's important to always double-check the address you're sending funds to, and to make sure you have proper security measures in place, such as two-factor authentication.

I mean, it's always better to be safe than sorry when it comes to protecting your assets.

Specifically, it is Google Drive. I don't know what kind of deal they have with Google that they confidently add it as a backup option, but safe to say nobody should ever use it. zetfex, you should check if you've activated this option in one of your wallets, if that is true you should check if your Google account has been breached or not. Worst case scenario they have more than just your seeds/private key.

In general yes it is risky, especially if you use a connected device since some keylogger might be lurking somewhere. If you use an air-gapped device that has never been connected to the internet you can use it to copy-paste stuff though. That being said, I don't think you should copy-paste your seeds from one device to another, especially if the latter is connected to the internet. CMIIW.

This is debatable since some airdrops require some tasks such as making transactions worth more than $1000 for the last three months or something similar. Maintaining different wallets just for that purpose can be quite costly. Not to mention it add another layer of risk since you have to keep track of different wallets. As an alternative, you can ignore any airdrops links not shared by the official account of a project you're following, and regularly revoke contracts to make sure your wallet is not connected to any malicious websites/contracts.

IDK if other wallets have this but trust wallet now has the option to back up our seed phrases in a cloud storage. For someone who is new in crypto they might likely try this option because they think it was safe or secure because when they lose their other back ups, they can easily recover it via a cloud storage. This was of course risky for us experienced cyptocoiners because we don't know what is running in the mind of those companies. They might be trusted now but there might be a time that they will be tempted and they will sweep the amounts on the wallets of the private keys that they hold.

Copy and paste? I heard copying a private key using our devices (lappy, pc, mobile) is risky. The best method was still to write down our seed phrases manually in a paper, notebook or something that is more sturdy than these two.

Mistakes that newbies make is using their main wallet to connect to any websites for airdrops that will pay them in pennies, and some websites have malicious activities on them, scammers are waiting for airdroppers to come look ing for free coins and tokens, have a separate wallet for airdrops and it send coins and only send coins and tokens you plan to hold for long term into your main wallet.

When storing up something that mainly important specially private keys or seeds then it would really be a suicide if you do make out some storage neither on cloud or on your PC which it could potentially be having those
exploits or exposure once your device gotten some virus or malwares and same goes into those hacking incident specially on cloud storages. This is why its never been that ideal on having those options.
Just on what you do said that better to paste or copy it on a paper and store it out on somewhere it is really that far on other peoples sight or awareness.
If you do have money to spare then Hardware wallets is always that recommended too.

I experienced the same a few days ago, I was trying to use trust wallet to send btc here to remove IP ban because it can send a lower amount.

I sent BTC from Binance to my trust wallet and it was gone immediately the it showed on my trust wallet. There was like two transactions immediately,  inward and outward. At that time I was still waiting for my coins not realizing its already stolen.

After hours of waiting I decide to contact trust wallet support.  They said a bit might have picked up my seed phrase and accessed my wallet that I should create a new wallet.  Thankfully it's only $20.

Note: I have been using trust wallet for months now, just want to use it a few days ago and this happen.  I stored my seed phrase on Google docs and somewhere on telegram chat between my two account. So I think that's why it was compromised.  If you are doing the same abandone the wallet immediately.  Keep your seed phrase off the internet,  it's even better on paper physical.

Sorry for your loss.

From what you're describing, it sounds like the hacker may have set up some sort of automatic script to automatically transfer any funds that are sent to their address to another address.

Unfortunately, once your funds have been sent to the hacker's address, it's unlikely that you'll be able to recover them.

In terms of preventing further loss, one option would be to immediately stop using your compromised wallet and create a new one with a strong password and two-factor authentication.

I think, you should also make sure to never share your private keys or seed phrases with anyone and only use trusted exchanges or services to exchange cryptocurrencies.

As for transferring your valuable tokens to another address, I would suggest doing so through a different wallet that hasn't been compromised. This will help ensure that your funds are safe and not at risk of being automatically transferred to another address.

Remember, it's always important to stay vigilant and cautious when it comes to cryptocurrency transactions.

I think that this script may be in the DApp applications. You can disable this option from the wallet settings, and I believe that the hacker succeeded in that after you used the DApp on the Trust Wallet, which has access to your private key and you gave it permission to do so, It leads to signing transactions from malicious DApps and to allow the transfer of your tokens, I advise you not to use your infected phone because it may have a Trojan, use another phone and download the official Trust Wallet from Google Play and wait at least a month until you see if the hacker managed to transfer Your coins or not and the last thing you do is deposit BNB fees.

Anyone knows where those MF "injected" those scripts and if there's a way to blacklist the wallet address where the assets are redirecting?

I noticed that this script/bot just monitoring transactions with BNB because I have other tokens in my hacked wallet that is still there and I want to get back, but I  can't hold BNB in this wallet to pay the gas to transfer

When our wallet has been successfully hacked there is no way to stop it, it's better to leave the wallet and leave it alone because that's all we can do, with this incident it should be a lesson for you in the future to be more careful and not be careless when dealing with your wallet and never try to link the wallet with unknown DEX exchange sites or other suspicious sites.

Irreversible transactions is one of the best things on why crypto had been supported but also does have its cons which is really something correlated to this.There's no way that you could retrieve once your
funds had been sent out on a different address or the private keys had been exposed which means that its better to move on and dont hope for any recovery because its all gone 100%.
There's no way that you could really get it back this is why its always important to be that serious on following common security measures so that you would able to protect
yourself on possible hacking incident.

If your wallet has been hacked, it is impossible to get it back.
they will never want to return the contents of your wallet.

There are also many victims
Please check again, if I'm not mistaken for sending BNB from TrustWallet to the exchanger, there is always a Memo column that must be filled in.
If you don't fill in the “Memo”, the sending process will continue, but will go to the main BNB “wallet” (the exchanger wallet).

You can check wallet connection in settings, you remove all sites linked to wallet. And you can learn about active sign missage on your wallet. This can be learned through the trust wallet community or trust wallet development.
But it would be better if you no longer use the wallet, because there is a possibility that hackers already have a backup of the wallet phrase.

Nowadays Many many fake token sent a random address for Swap phishing,I think you connect your wallet unsafe website that's why your private key exposed.Just delete your wallet & create a new address.

I think you should read this article and see if you can apply anything from it:
How to Beat an Ethereum Sweeper Script and Recover Your Assets

This is written for Ethereum-based sweepers but I think it is applicable on the BNB blockchain as well.

That's right, Trust wallet only support on phones no desktop version so no PC virus involved here. Don't know how but it looks like OP leaked the private key of the trust wallet, what he can do is create a new wallet and move all remaining tokens to the new wallet and stop using the old wallet in all cases. There will be no way to protect the assets once the private key is exposed, private key changes on trust wallet are not available.

I understand your actual problem now. It seems the tokens stuck unless you are able to send the fees that you need to transfer them. I know scripts can be injected but I have not idea how to remove the injected script.

Obviously his private key was compromised by any how. I was thinking to suggest him to post on Bitcoin Technical Support. There should be a way instead of waiting for the bot to stop working.

Cryptornd, you will have more technically sounds users when you take this discussion to Bitcoin Technical Support board.

I agree with you in one part, but we should not generalize when it comes to security and different devices/operating systems. Although the average user of a desktop computer will pick up a virus/malware much sooner due to the habit of downloading torrents or cracked software, it should be recognized that desktop computers still have some kind of protection, unlike smartphones, where users almost never use AV or a firewall.

In addition, smartphones based on Android are often very quickly left without support in the form of security patches, which opens up a lot of space for attacks through various vulnerabilities. My smartphone, which is only 3 years old and was one of the flagships in its time, received the last update about 10 months ago, and the question is whether it will ever receive any updates again - and I personally consider it a greater risk than Windows 10, which is despite all the flaws still regularly updated.

@OP, please give us more details so we know what's happening exactly and whether the problem is with your wallet (comproized) or with your device (infected).
For example, it would be helpful to tell us if any one else have access to your mobile or if you have downloaded any new apps recently.
But first, can you tell us where are you sending the coins (bnb) from? Is it from the same mobile or you use a different device (pc or laptop)?

Op is using a mobile wallet (trustwallet) so a computer virus is not the thing here. It's either that he downloaded a fake app in the very first place Or use the seed to login on a fake wallet website or fake plugin that cause this incident.

If this is the case restoring the seed in another device is completely useless.

Is there any dumb person are still using their hacked wallet despite how easy it's to create a new wallet?

Privacy and security are different stuff, don't mix it.
Deleting the wallet doesn't solve anything if you get infected with a malware, it doesn't make the malware are completely wiped, you're still not safe. It's better to format your cell phone or PC and then start downloading new wallet in legit sources.

What OP meant: he wants to send bnb to his main wallet (hacked wallet) but after making that transfer, the bnb transferred to the main wallet will immediately be transferred to the hacker's wallet and he wants to ask Is there any way to prevent it.

As far as I know there is no way to prevent that, the only way to ensure that the remaining tokens are not transferred to the hacker's wallet, is to use a new wallet and transfer all tokens to the new wallet. Forget the old wallet, there is no way to reuse them once the private key is exposed.

I think it isn't a clipper malware but rather a sweeper since OP stated that the incoming transaction was hijacked redirecting the deposit to the hacker's address.

The difference between the two is that sweeper needs your recovery passphrase so probably they had OP's mobile spoofed with a use of spoofing attack to collect the needed data such as secret recovery password and when the needed data is collected then a sweeper script is deployed on the mobile intercepting any incoming or outgoing transaction on that wallet.  While the clipper malware or clipboard hacking doesn't need you secret recovery password to be deployed.

If you wanted to learn more about these 3 kinds of hacking attack, you can check this article[1].  It also contains tips on how to secure your wallet.  It is indeed a good read.

@OP you must dispose of that wallet and create a new one.  It is highly possible that the hacker got your secret recovery password or passphrase using a spoofing attack.  You should also check your mobile phone for possible viruses or malware.  Check this article[2] for the steps in removing malware in your android device assuming you are using and android device.  If its PC then you need to check the instruction here[3].

---

[1] https://consensys.net/blog/metamask/spoofing-sweepers-and-clipboard-hacks-how-to-stay-safe-from-scams/
[2] https://clario.co/blog/how-to-remove-malware-from-android/
[3] https://us.norton.com/internetsecurity-malware-how-to-remove-malware.html

Even though Trust wallet is on the smartphone, his computer can still be compromised if he has plugged that smartphone into his computer before. So nope, unless he got a new computer and freshly install Win/OS, he can still be at risk of being infected by the hacker virus. This is why everyone tells him to get a new address on a new computer. Another way to make sure is to prune any device he has connected to each other.

You should do the methods I mentioned below,

The first point is that you never make any transactions with the hacked wallet, and never send and store assets in this hacked wallet.

The second stage should be to create a new wallet with very strong privacy so that your wallet is safe. And save the password or Pharsha code safely. A little additional advice from me is that you should never use the hacked wallet again, you can just delete it.

If you have done the above steps well, I'm sure it's safe, because I've been one of the victims before as you feel.
Later when you want to use the new wallet to keep your wallet safe you should check to disconnect from other sites, for example when you want to swap coins.

Op said he used Trust Wallet. which is a mobile wallet. So why can a computer virus cause a problem here? And I don't think any kind of virus can cause such problem. But if there are constant coin transfers from his wallet and the OP didn't do it himself. Then it can be said it is completely hacked. And he should stop using that wallet immediately.

If it is a computer virus, OP should use Internet security, antivirus software to have better protection.

The best protection is don't do stupid things when surfing on Internet and don't use cracked softwares. It is a first barrier against hackers. The second layer of barrier and protection is software.

The seed phrase could not have been hacked, otherwise malware would've simply swiped all of the tokens to another wallet.

What you are dealing with is a computer virus. Get another computer, and restore the seed phrase on that computer, reinstall the infected computer (because anti-virus is so awful at detecting viruses in the first place that it just kills running programs).

Trust suport team can not help because the user installed wallet on a device that is not controlled by Trust team.

Wallet seed is owned by the user or stolen and co owned by the hacker. Trust team can not help. If Trust support team can help, the wallet is not a non custodial wallet.

Clean the device, and create a new wallet to use. Never should reuse a hacked wallet.

Since it has passed to the control of the hacker. It will be very difficult for you to transfer any good token from here. Because the hacker is more smarter than you. Perhaps he has linked your wallet to a bot  When something is input or output to that wallet.  The hacker gets that notification within moments. And he instantly transfers it to another wallet.
So I argue to you that  You leave this wallet. And open a new wallet and use that wallet carefully. If the wallet is for holding a large amount. In that case you can use a hardware wallet. It will protect you completely.

Note -Stop sending coins to that wallet. and Since your problem is not related about bitcoin . This is a wallet issue and you were holding altcoins in your wallet.  And hackers are constantly taking altcoins from your wallet. you should move your topic to Beginners & Help or Altcoin Discussion

As your wallet has gone under someone else's control that means hacked. You can no longer recover it. Rather, if you send any funds here, it will incur more losses. So you should open a new wallet and of course, to avoid hacking from your mobile device, it is best to scan any unnecessary apps or phishing sites. You should be more careful with your seed phrase.

First, you must see if the coins reach the wallet or not, if they reach the wallet and then are transferred to another address, this means that your wallet has been hacked, or if the coins never reach the wallet but are transferred to another address immediately, this It means that your computer or mobile is infected with the clipboard virus that monitors any encrypted currency address in the clipboard and automatically changes it to the hacker address when it is pasted and thus all coins are transferred to the hacker’s address, in this case you have to download an updated virus program and clean the device or do Make a software for the device.

Stop sending BNB to the compromised wallet address for the time being. The attacker would just drain your wallet till you ran out of BNB. Plus, I assume that the attacker is smart enough to not bother keeping your worthless tokens in tact in the wallet while your BNB is being stolen right after it has been received.

Either you wait for a week or two until the bot stops working, or you move on and make a fresh-new wallet on a formatted device.

yeah i need to transfer those tokens. but when i transfer some bnb for transaction fee, those are send away to another address as soon as they arrived. what shoul i do??

Has your BSC wallet ever been connected to several sites and to several exchanges such as Dex .?
If there are still sites linked to your BSC wallet, try to disconnect them first. Although it won't completely save your wallet, because hackers may already know your wallet's private key, and don't send any more fees to transfer tokens that are still in the wallet unless you're willing to forfeit a very small fee for testing.
Because you said "the funds are automatically sent to another address before entering the wallet". It looks like it was redirected by a hacker who might also own a site that your wallet was linked to.

If you wallent has been hacked then you funds plus token is gone. although I don't know how it works, but I was made to understand that, once you misplaced, lost your seed phrase or forgot your wallet password then your fund is ever last gone. So, if a hacked penetrate to your wallet, that means, he has breaking your password and have access to your wallet and do whatever he likes. so to what extent, are you trying to retrieve your wallet?

Android devices can be infected by the clipboard hijacker malware too: https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/

I believe OP is sending the coins to his trustwallet from a different device and that's the one which might be infected. Afaik, unlike bitcoin, you can't transfer bep coins unless the transaction gets confirmed. So, the sent coins must appear in his wallet before they get stolen if the hacker is using a bot to do so.

As in the previous post this had taken place through some person who have got access to the private key. Trust wallet is highly secure against the rest of the non custodial wallets. It is not secure as hardware wallets, because it is connected to the network. Now OP may request support from the Trust wallet team. You may contact [email protected]

That's pretty bad you can't able to do anything if your BNB is automatically sent to someone's address every time you funded it for transferring your tokens you have nothing to do.
Unless if you are faster than the bot make a transaction right away after you sent bnb to that wallet.

Or better wait for a few weeks and maybe the bot will stop sending them automatically.

Have you exposed your private key to someone or other websites?

There is nothing we can do if someone already has access to your private key and set a bot to automatically send funds to the hacker's address. What you can only do is wait for a few weeks or months until the hacker's bot is stop running.


I never heard someone has been infected with clipboard malware using a phone Android or IOS. So I guess someone already has access to his private key and uses a script to run and automatically send funds to another wallet.

If I am reading this correctly then the problem is not with the trust wallet being hacked, rather the problem is in the device he is using to send coins to the trust wallet.

I believe his device is infected with the clipboard malware which changes the trustwallet address with the hacker's address.
What makes me believe this is him saying "those funds are automatically send away to another address before it comes to wallet"
If his wallet was comproized then the coins should appear at least for a moment before they get transfered again by the hacker or he could see the transactions on the transactions history.

OP, take a look at this thread to know if your device is indeed infected with clipboard malware and how to move your coins safely in such case:
How to lose your Bitcoins with CTRL-C CTRL-V

Of course, all device that has internet access are vulnerable, but androids dont get malware as much and as severe as desktop/laptops.

Phones cannot be infected malware just by carrying it outside — Obviously, we're talking malware vulnerabilities, any device carrying outside is prone to loss and damage.

They are both online wallet and they are both vulnerable, depending on the one you use more for online activities. But mobile wallets are said to be more vulnerable because you take mobile device outdoor and putting it in your pocketbwhich have more chances of being lost, being outside makes it more vulnerable. For malware attack, they can both be protected by your online anti hack or anti malware practice.

I beg to disagree, desktops are more vulnerable than any kind of android phones of this current security patch.. It's just a difference of good practice on how people using their device while doing their crypto stuff.

By the look of it op probably got phished which is more vulnerable in phones if you dont have any idea of what you are downloading.
Always check the sources and its main website before downloading apps especially in crypto.

OP said trust wallet. I thought they had a desktop version but it seems they don't. So it's basically a mobile wallet. For crypto I will never trust a mobile device to have any wallet. Mobile devices are more vulnerable then desktop and laptops.

There are no use to find how it was hacked. If I was in OP's situation I would format the entire device to wipe away everything.

You can't stop it. The hacker probably has a bot set up to detect any incoming transaction into the wallet and then spend the coins as soon as they reach the address, probably in seconds.

Solution?

Stop seeing the BNB to the wallet and move on. Good thing you said the tokens in the address have no value. Also, try to find out how your wallet was hacked.

Stop sending coins to that wallet. It's compromised. The hacker injected some script to forward whatever coins you sent to the wallet. So anything you send to the wallet it will be forwarded to the hackers given address.

Try to move all tokens / coins to a new wallet which is not compromised.

I didn't even understand what exactly happened. You say that when you send funds to that address, they are sent away to yet another address before it comes to the wallet. I don't understand this last part "before it comes to the wallet" What you mean by this? Can you be a bit more specific on how it all happened?

First off, never send funds to a hacked address, the hackers will simply steal your coins (again).
Second, create a new wallet securely. Ideally use a hardware wallet to avoid getting hacked in the future.
Third, scan your device for malware/viruses etc. There's a chance someone has access to your device.

Maybe also avoid using wallet's that have the word "trust" in them. They are probably not as trust-worthy as you think.

My trust wallet  has been  hacked by someone .some of my funds has been sent to hacker's address . when i send funds to that address again ( wallet is trust wallet ) those funds are automatically send away to another address before it comes to wallet .how could it be possible ? any solutions?  i have some valuable tokens in that wallet which has no market value yet. i need to send them to another address .so i tried to send some bnb ( bsc ) to that address and send my rest of tokens to another address . ( all of tokens which i think to transfer are Bep20 ) So i sent some bnb for transaction fee. thats when the problem happened . Help me guyz. How to stop automatic sending to another address