Author

Topic: [Scam Alert] MetaMask Drained by phishing. (Read 176 times)

legendary
Activity: 1904
Merit: 1563
I am sorry OP for your loss. Everyone who's into airdrop really have to be careful with where you're connecting your wallet. And always check the emails that are sending you that you are eligible for something. If you miss a little detail and you're tired upon doing so, that's the risk that you're taking. Me either, I receive those emails and because I am not into airdrops, I simply delete them and never bother to check it. But for someone who's into airdrops, will really check those emails because they're attractive.
These things that's happening to people participating airdrops are one of some of the reasons that I've been discouraged or stop altogether at participating in airdrops because it's just too risky, sure you can be vigilant at the first time or second time that you've done your airdrop but time will come where you will take it easy and you will get bored and you will slip up and at the end of the day, you get scammed by these people.

I'm not saying that everyone's like that, it's just me and I feel like others might relate to what I feel when it comes to this kind of thing, maybe I'm too busy on other things that's why I say this stuff but if you're into airdrops no matter what, just take the necessary precautions so you don't end up having your funds drained out of your wallet, maybe try to use a dud wallet that's got no other funds besides the dust crypto for fees and the airdrop itself, that way you're not going to lose everything so suddenly for an airdrop.
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
Being the first time I'd heard and read about it, I just concluded it was an entirely new project that could possibly link to the scammer. I think I need to visit the altcoin community more in order to not lack many of these updates. Thanks for pointing me in the right direction.

Don't worry about it. Everyone can't keep track of every new blockchain coming on the market. I wasn't aware of that many layer two blockchains until I started joining the airdrops lately. People who participate in the new airdrops are aware of those new blockchains because they have to work on them. Understandably, you were not aware of the new blockchain.

you must be very careful because if your email is somehow exposed, the scammer knows very well that you will not mind connecting your wallet and giving approval permissions to the malicious contract of the phishing site that he sent through the fake email by enticing you to claim a currency.

That email address is exclusive to airdrops only. So, I am sure one of these platforms is selling their user emails, or they are the scammer themself. I paid for not being serious. I should have double-checked the URL.
legendary
Activity: 1890
Merit: 1537
The Galxe platform is well known, as everyone uses it to participate in airdrop campaigns and the Web3 community to earn Tokens, NFTs, and OATs. However, when it comes to emails related to this platform, you must be very careful because if your email is somehow exposed, the scammer knows very well that you will not mind connecting your wallet and giving approval permissions to the malicious contract of the phishing site that he sent through the fake email by enticing you to claim a currency.

Despite your loss, you are lucky because the ETH on the C-Chain wasn't drained. I hope you succeeded in revoking your wallet for both affected blockchains. Once again, refrain from opening any links through your email, especially if you're connected via your phone. It's best to bookmark these links, whether they're for Galxe or any other platforms.
hero member
Activity: 798
Merit: 702
That contract address belongs to a token called Blast, and it seems they have their own blockchain and make use of their own personal explorer. https://blastexplorer.io
 
Could the scammer also be related to the project owners, or are they entirely the project owners themselves, as there will definitely be a connection between the two?
Bro, I guess you are not aware of the Blast project. Blast is a new ETH layer 2 blockchain. The hacker used the blast blockchain to steal all the money I had on that blockchain. I had more than a hundred dollars worth of ETH on the blast chain. I don't think the hacker is anyone from the blast team. But they have created the contract to drain blast chain wallets.

Not only blast but they drained my Arbitrum wallet as well. They have used phishing on a very popular airdrop farming website galxe.com. Unfortunately, I did not pay attention to the URL which is the reason for this hack.

I've been really lost in here until now. Yesterday was the first time I'd come across the name Blast. Talk more to know that it's a new layer for the ETH blockchain. Immediately, in my search for the contract address, I noticed it belonged to Blast.
 
Being the first time I'd heard and read about it, I just concluded it was an entirely new project that could possibly link to the scammer. I think I need to visit the altcoin community more in order to not lack many of these updates. Thanks for pointing me in the right direction.
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
That contract address belongs to a token called Blast, and it seems they have their own blockchain and make use of their own personal explorer. https://blastexplorer.io
 
Could the scammer also be related to the project owners, or are they entirely the project owners themselves, as there will definitely be a connection between the two?

Bro, I guess you are not aware of the Blast project. Blast is a new ETH layer 2 blockchain. The hacker used the blast blockchain to steal all the money I had on that blockchain. I had more than a hundred dollars worth of ETH on the blast chain. I don't think the hacker is anyone from the blast team. But they have created the contract to drain blast chain wallets.

Not only blast but they drained my Arbitrum wallet as well. They have used phishing on a very popular airdrop farming website galxe.com. Unfortunately, I did not pay attention to the URL which is the reason for this hack.

Sorry about that bad experience, OP.

Just a word of advice. When participating in airdrops, keep the wallet balances as minimal as possible. Probably just enough to cover the transaction fees. That way, when your address is compromised, you will only lose negligible amounts.

To be honest, I suggest the same thing to others. But as you know, sometimes we had to hold some good amount in EVM wallet to farm airdrops. I was farming blast.io points by holding ETH on blast chain.
copper member
Activity: 2128
Merit: 1814
฿itcoin for all, All for ฿itcoin.
Sorry about that bad experience, OP.

Just a word of advice. When participating in airdrops, keep the wallet balances as minimal as possible. Probably just enough to cover the transaction fees. That way, when your address is compromised, you will only lose negligible amounts.

The world of airdrops is so slippery, which hacker use to steal coins from unsuspecting users.
hero member
Activity: 3024
Merit: 745
🌀 Cosmic Casino
I am sorry OP for your loss. Everyone who's into airdrop really have to be careful with where you're connecting your wallet. And always check the emails that are sending you that you are eligible for something. If you miss a little detail and you're tired upon doing so, that's the risk that you're taking. Me either, I receive those emails and because I am not into airdrops, I simply delete them and never bother to check it. But for someone who's into airdrops, will really check those emails because they're attractive.
newbie
Activity: 28
Merit: 25
That contract address belongs to a token called Blast, and it seems they have their own blockchain and make use of their own personal explorer. https://blastexplorer.io

omg please don't interfere.
Seriously, why are mods allowing these kinds of posts? i understand this place has become a place for jeets to try to make a $ or 2 by posting anything but come on, a guy got hacked, he doesn't need simpletons posting stupidities



i read a few of those tweets i linked.
apparently it seems it's a contract approval issue.
that email directed you to the phishing link you posted in your op (the fake galxe site), where you probably approved ETH on the arbitrum chain, probably for an infinite amount.
you're saying your eth also got stolen on blast but i'm guessing those are the same eth from arbitrum that you thought would be deposited to blast.
that's why you don't have to worry about your eth on any other chain or about any other asset in your wallet.
if you're willing to share your addy here or the tx that drained you, it would be easy to confirm. maybe that would ease your mind a little.
also you might wanna revoke that tx you approved with a tool such as revoke.cash. if you're not familiar with that kind of process, just say so, i'll guide you.


p.s :one last thing. when something like this happens to you, you're vulnerable and scammers know it... so i suggest that if anyone dms you to offer his help, you tell him to fuck off.
hero member
Activity: 798
Merit: 702
That contract address belongs to a token called Blast, and it seems they have their own blockchain and make use of their own personal explorer. https://blastexplorer.io
 
Could the scammer also be related to the project owners, or are they entirely the project owners themselves, as there will definitely be a connection between the two?

If not, how can they scam and empty others wallets as you are not the only victim and move out all those funds to a single smart contract that they use for withdrawing and claiming tokens?
newbie
Activity: 28
Merit: 25
the guy's handle is matrix and yes apparently (thanks google translate) he got phished too.

at first, i thought it was your hacker sharing his addy on twitter for an airdrop but nope.


that's your hacker: 0x0000db5c8b030ae20308ac975898e09741e70000 . he created the contract
https://twitter.com/search?q=0x0000db5c8b030ae20308ac975898e09741e70000&src=typed_query

if you're motivated, you might wanna dig into those tweets, maybe someone has a hint of who your guy is.
you might find an address linked to a cex.
then you'll need to file a police report and depending on law enforcement where you are, you may have a chance
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!

I don't know what you mean by welcome to the matrix. I can see a Twitter handle shared this address. Probably their wallet was drained as well. The scammer's address has more than 35K in ETH at this moment, and this amount is only in the Blast ETH chain. I am sure that he has more in other chains' wallets. It is very much possible for them to make more than 100K per month by doing these scams. I just paid for my laziness and nothing else. Usually, I check the address and then block their emails. But last night, I did doubt the email because my email was exclusive to Airdrops farming. I am sure that one of the platforms sold emails to these hackers.
newbie
Activity: 28
Merit: 25

by contract address, you mean the hacker's address?
if so, welcome to the matrix:
https://twitter.com/search?q=0x19e12A113A294Ee5005d9c10bD2f04d2fd04b240&src=typed_query

EDIT: it is indeed a contract
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
Hello community.

As I have posted on several topics, I have been actively farming airdrops lately. I usually work on my desktop and my laptop. It was midnight, and I was in my bed scrolling telegram groups, and suddenly, I received an email from Galxe.com that looked like this,



I was on mobile, and I did not double-check the sender because this email was exclusively created to participate in airdrops. So, I did not doubt it. I clicked the link and even logged in with my metamask without checking the link. Then I noticed that my metamask was sending ETH on Blast chain, and I tried to cancel it. But it was too late already. At first, I wasn't sure about the damage, but later, I checked that the hacker drained the entire amount from the blast and Arbitrum chains. Luckily, the contract did not drain the Main ETH and Avalance-C chains, Where I had more than a hundred dollars. My total damage was around $200.

Scam amount: Around $200
Website: Phishing: https : //l-galxe. community /connects. PHP
Scammers contract Address: 0x19e12a113a294ee5005d9c10bd2f04d2fd04b240
Jump to: