Hackernoon logoHere's What I Learned By Losing $80k In The Syscoin Wallet Hack by@zubinmadon

Here's What I Learned By Losing $80k In The Syscoin Wallet Hack

On 2nd March 2021 I was robbed of 199290syscoin tokens from my Syscoin QT 4.1.3 Desktop Wallet while seeking technical help on Discord during a wallet back-up. My stash would have been worth $83,705 today - more than my yearly oilfield wages. The scammer beat me to it by seconds. The tokens were being transferred to a Binance address. I raised a complaint on India’s National Cyber Crime reporting portal, but the form only lists ‘Bitcoin Address’.
image
Zubin Madon Hacker Noon profile picture

Zubin Madon

Engineer, Diver, Climber, Wannabe Cellist, Oilfield Trash.

On 2nd March 2021 I was robbed of 199290 syscoin tokens from my Syscoin QT 4.1.3 Desktop Wallet while seeking technical help on Discord during a wallet back-up. I have been buying and accumulating syscoin since 2017. I added a large amount in April 2020 when the price had dipped to 3 cents. As I type this piece, Coingecko tells me my stash would have been worth $83,705 today. Life-changing money that would’ve gone a long way in funding a family member's AML chemotherapy. More than my yearly oilfield wages.

How Could I be so Stupid?

I have been keeping tokens in various desktop wallets ever since I started investing in crypto back in 2017. Some (like Ardor) are easier to maintain than others. Syscoin’s desktop wallet back-up and upgrades have always felt like rocket science. Every time they released a new version that required a mandatory update, it gave me palpitations. Fortunately the Syscoin community and developers are extremely patient and helpful with the process. 

Back in 2020 one of the foundation devs helped me get through the gymnastics of the 4.1.3 version upgrade, hand holding my limited  via Discord DMs. Fast forward to March 2021, I had just come back from spending nearly a year offshore, stuck on an oil rig due to COVID. 

It seems Syscoin Discord admins had since discouraged people from seeking help via DMs, due to numerous phishing scams by fake profiles. They even have disclaimers to that effect in the ‘scam-warnings’ channel.

When I encountered difficulties while trying to upload my wallet back-up to the QT wallet on my new windows desktop, I asked for directions in the #general Discord channel. A moderator replied and pointed to a thread on an external site. It didn’t help. I replied asking for more specifics. Within a minute I got a DM. Same mod profile picture. Because I’ve known the Syscoin community to be incredibly helpful in the past, I let my guard down. I didn’t check the Discord ‘hash number’ or verified ‘mutual servers’. I was complacent. This fake mod profile took me through the steps and I successfully transferred the wallet back-up from my macbook to my new windows desktop Syscoin application. But at the end of it, on pretext of “checking if I am on the right chain” I inadvertently did a walletdump through the Syscoin wallet console. The elementary amateurish move makes me cringe as I type.

Ironically the enormity of my own doltishness hit me in full force within 5 seconds of completing the move. I clicked on the fake profile and checked his Discord ‘hash number’. It was a number in 8000’s. A relatively recent profile. I didn’t even have to go and check the original moderator’s profile to know what had happened. It hit me like a ton of bricks. I rushed to login to my Cex account and transfer all the tokens from my desktop wallet to an exchange. The scammer beat me to it by seconds.

image

Desperation and Despair

I immediately DM’d a bunch of Syscoin moderators and admins. Every single one of them sprung into action. The tokens were being transferred to a Binance address.

I tried getting Binance’s attention on every social media platform. I raised a ticket on their Chat Support (#3989904). Little did I know that I’d be waiting for 20 days before a human being took over from the chat bot.

Law Enforcement

I raised a complaint on India’s National Cyber Crime reporting portal. They have a special section for cryptocurrencies. But the form only lists ‘Bitcoin Address’. I guess nobody told them that thousands of cryptocurrencies have been spawned since Satoshi wrote the Bitcoin whitepaper. Not that I expected anything from law enforcement. I needed a complaint copy for Binance to act on my case.

The National Cyber Crime Portal transferred my case to the local police station. The local cops were eager to help. But they had vaguely heard of bitcoin and had no idea what a blockchain was, or how cryptocurrencies worked. It took six hours to explain the concept of distributed ledgers, centralised exchanges versus desktop wallets, and private keys. After this exhaustive tutorial I’d finally have my report, albeit in the State’s vernacular language. Or so I thought. Someone higher up the chain of command intervened. It seems as per a new regulation, any cyber fraud involving amounts beyond 200,000 INR (approx. 2660 USD), the complainant had to be sent to a special cyber cell setup to deal with such cases.

So I was sent off to the special cyber cell. The cyber cell was reluctant to file a complaint. The Reserve Bank of India had sent numerous contradictory and confusing directives regarding cryptocurrencies in India. I had a hard time explaining to the officer in-charge that “not legal tender” simply means crypto is not recognized as currency; it does not mean trading it as any other asset is outlawed. Also, if cryptocurrencies were illegal why would the National Cyber Crime Portal have a special section dedicated to report stolen coins? But the cops were unmoved. They weren't willing to risk a cushy government job by making a theft report of an item that the Indian government has been threatening to ban and criminalize with a 10 year jail term. 

However they agreed to raise the issue with Binance, and even raised a ‘Law Enforcement Ticket’ with Binance Support (#4943859).

Since then, Binance has closed my ticket, and haven’t responded or handed over any information to law enforcement either.

image



Learning Points:

Despite all the alleged vulnerabilities of centralized exchanges, most newbies and technically inept folks like Your’s Truly, are much better off keeping their crypto on exchange wallets. It will save you from jumping through hoops entailed in upgrades and wallet backups. Or losing all your holdings because your harddrive crashed.

Don’t get tech support via DMs. Ever. If anyone DMs you assume they are trying to scam you. Even if you have been lucky with good samaritans several times as I was. My past experiences caused me to let my guard down. Always assume you are being robbed.

Don’t send any files over the internet to anyone in crypto. Don’t connect your metamask wallet to any site that offers you X or Y. Even when connecting your wallet to a Dex, verify the URL several times. 

Cex Support is Broken during Bull Runs:

I caught onto the heist within seconds, and tried to reach out to Binance even before the scammer’s account was probably credited. Considering that scams and heist rates peak during bull runs, a dedicated hotline and quick action to freeze scammers’ wallets would go a long way in protecting the little folks from losing life changing money. But Exchanges have no incentive to prioritise your problems. Addressing user concerns and resolving tickets does not rake in money.

The quality of Binance’s tech support and their response time is inversely proportional to the price appreciation of BNB and CZ’s frivolous twitter activity. Bittrex is hardly any better. Even with a fraction of Binance’s user base and turnover, it takes them months to address the simplest wallet issues. 

Smaller exchanges such as Hotbit do a much better job responding and resolving support tickets. Even during the bull run they have never taken more than 12 hours to respond.

Law Enforcement Agencies in Developing Countries are Far Behind:

In a country where 60% of the population live on less than $3.10 a day, upgrading the system to tackle high-tech crimes and educating cops on new technologies is not a priority.

“Why can’t you just trade stocks like everyone else?”, a cop at the Cyber Cell questioned. “At least if you lose money in equities, the money will remain within the country”, he reasoned. Dealing in cryptocurrencies was “against the nation’s interest” it seems.

Even the cyber cell sleuths who have heard of bitcoin, don’t quite understand blockchain and cannot trace a transaction by opening block explorer or Etherscan. To them, cryptocurrency is still part of the dark web and used for illicit trade.

If centralized exchanges like Binance wish to compete with TradFi and seek legitimacy from the Establishment, they will have to do more on the Support front, and ensure their platforms are not used to syphon stolen funds.

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.