2 years ago
More than 5,000 Ethereum (ETH) and an undetermined quantity of tokens and NFTs person been stolen crossed aggregate chains successful an ongoing hack since precocious past year, said MetaMask dev @tayvano_.
“I don’t cognize however large it is but since Dec 2022 it’s drained 5000+ ETH and ??? successful tokens / NFTs / coins crossed 11+ chains.“
The dev added that helium has been investigating for the past 2 days but cannot find however the attacker is carrying retired the thefts. Moreover, the victims are each “OGs who are reasonably secure.”
OGs targetted successful blase MetaMask heist
@tayvano_ pointed retired that this is simply a blase onslaught deliberately targeting OGs, reiterating that nary 1 tin enactment retired wherever the exploit lies.
“This is NOT a low-brow phishing tract oregon a random scammer. It has NOT rekt a azygous noob. It ONLY rekts OGs.”
Forensic instrumentality introspection has led obscurity — further stumping investigations into the method utilized to entree the victims’ MetaMask wallet.
The commonalities betwixt cases were the keys were created betwixt 2014 and 2022, and victims are “crypto native,” specified arsenic possessing aggregate addresses and moving wrong the crypto industry.
The hacker volition perpetrate “primary” thefts, with “secondary” thefts pursuing hours aboriginal to cod assets and particulate missed during the archetypal heist — sometimes weeks oregon months later.
In the lawsuit of ample thefts, the attacker volition swap assets into ETH wrong the wallet, past nonstop the tokens to a centralized swapper, including SimpleSwap and ChangeNOW — ever swapping into Bitcoin (BTC).
Sitting connected the swapped BTC for a week, the funds are sent to a mixer for code obfuscation.
Tips connected staying safe
@tayvano_ speculates that the attacker has acquired a information cache from the victims’ device. Using this, they tin abstract the MetaMask keys — but helium stresses that this is “just a guess.”
“My champion conjecture rn is that idiosyncratic has got themselves a fatty cache of information from 1+ yr agone & is methodically draining the keys arsenic they parse them from the treasure trove.“
The dev cautions MetaMask users to debar storing each their integer assets connected a azygous wallet key. Instead, radical should divided their crypto crossed aggregate keys oregon clasp assets connected a hardware wallet.
“PLEASE DON’T KEEP ALL YOUR ASSETS IN A SINGLE KEY OR SECRET PHRASE FOR YEARS. THE END.“
The station Crypto veterans targeted successful mysterious MetaMask heists – 5k ETH stolen appeared archetypal connected CryptoSlate.
English (US) 