Hacked: MetaMask User Lost US$81,000 In ETH by@z3nch4n

Hacked: MetaMask User Lost US$81,000 In ETH

Read on Terminal Reader
Open TLDR
react to story with heart
react to story with light
react to story with boat
react to story with money
Jonny Reid shared his experience of stealing encrypted assets in his MetaMask wallet on Twitter. Reid found that 41 ETH in MetaMask were transferred from MetaMask on 18th May. Reid believes that he has a “high level of security awareness’s” But with the help of friends working in cybersecurity, he is still unable to find the hack. The only thing he could do is strengthen security measures since then. Reid also pointed to a previously reported scam, in which scam groups monitor the content of all posts through the Twitter API. Reid said he privately messaged everyone not to click on the link.
image
Zen Chan HackerNoon profile picture

Zen Chan

Interested in Infosec & Biohacking. Security Architect by profession. Love reading and running.

linkedin social icontwitter social icon

But He Still Doesn’t Know the Reason for The Hack

Crypto investor Jonny Reid shared his experience of stealing encrypted assets in his MetaMask wallet on . Learning from his review of the incident, he believes that he has a “high level of security awareness.”

However, with the help of friends working in cybersecurity, he is still unable to find the hack. So what cybersecurity loopholes did the attacker get access from. The only thing he could do is strengthen security measures since then.

Jonny Reid found that He emphasized that although he has no hardware wallet, he has been using MEW, MetaMask, and other wallets since 2016, with a high-security awareness. Also, he is very cautious about phishing links, Discord, Telegram, etc., but still not sure why.

The Possible Reason

1# The Web Refresh Apps

Since Reid needs to re-apply for a passport to prepare for the upcoming trip, to apply online on the official website of the British government, he needs to refresh the page to use first constantly, so on 5/16, he downloaded two Chrome extensions to refresh the page automatically. However, he didn’t like the extension very much, so he deleted it and downloaded another.

image

2# The Web Refresh Apps 2

The second is “Easy auto-refresh.” It took him about 14 hours, and the anti-virus software did not detect any anomaly, no alert window popped up, and everything went smoothly.

image

Since then, until the hack on 5/18, because Reid was busy with his marriage, he had not used his wallet for more than three days. Afterward, he explored the reasons, including:

  • whether the MetaMask wallet was logged in?
  • Has he clicked on a strange link?

The Hack

Reid’s MetaMask had about eight wallets totaling nearly $130,000, and the hackers dumped about $83,000 (41 ETH).

Reid and his friends had never heard of the “FIXED FLOAT” exchange, and he actively communicated with the exchange’s customer service, but the other party could not provide any details.

Post-event Cybersecurity Analysis

Reid brought in a security friend to check his computer, but neither the laptop nor the personal computer was abnormal. After thinking hard, Reid found some traces after changing all his passwords.

His Gmail notifications were showing suspicious activity on his Google account. After digging deeper, he discovered that Gmail had been logged into a device in Czech before the hack.

He still doesn’t understand why Gmail was hacked (he had 2FA set up) and found that the first webpage refresh software he downloaded was updated on the day of the hack on 5/18, and he was using the old version on 2021/04/11, but this may just be a coincidence.

Final Words: Strengthening Cybersecurity

After the hack, Reid bought a hardware wallet (Ledger Nano X), a laptop dedicated to cryptocurrencies, and reset two old computers. While the exact reason for the hack is still unknown, the crypto community responded to his tweet.

Either out of pity or a desire to help, it has got a lot of backlashes, primarily if it’s only determined that the Google account has been hacked, which hackers can use to control the MetaMask takes everyone by surprise.

Reid also pointed to a previously reported scam, in which scam groups monitor the content of all posts through the Twitter API. As long as the post contains the words support, help, or assistance asking for help, and crypto-wallets like MetaMask, Phantom, Yoroi, or Trust Wallet, the post will receive a reply from the scam bot within seconds of posting.

Reid said that he has been flagged or privately messaged similar scams on Twitter since he posted and urged everyone not to click on the link.

If you want to learn more about how to protect your crypto assets, you can read my previous article. Thanks!

Protect Your Crypto Wallets With InfoSec - The Three-Tier Wallet System and Crypto-Hygiene

Thank you for reading. May InfoSec be with you🖖.

react to story with heart
react to story with light
react to story with boat
react to story with money
L O A D I N G
. . . comments & more!