Just after Christmas I discovered a large crypto scam that is currently ongoing.
The hack is sophisticated and we now believe that access to thousands of Metamask wallets was gained by Hackers purchasing Ads on Google and tricking people into downloading a fake version of Metamask.
This was an extremely successful phishing scam that was engineered over several months. At first we suspected a large application had been compromised, but after thorough investigation the victims we were able to contact didn’t have any applications in common.
It is worth noting that the first 5 all had saved their passwords electronically either in a notepad or sending it to themselves in an email which opened up the possibility that existing Apple and Windows hacks could have been used, but the scope of the hack meant that sifting through passwords for people that used Metamask and then gaining access to Metamask was unlikely.
What we Know
For the past month the hacker has been converting victim’s tokens to ETH and passing them through several wallets before winding up at a wallet hosted by Changenow.io the address is 0x8f54972F4Ca40bD3ffC8b085f6Ece1739C40c65f.
As transactions are coming in the hacker sends them out to thousands of smaller wallets for future distribution.
It was very hard to track down victims. At this point I have made contact with roughly a dozen victims. If you have had your Metamask or Trust Wallet drained recently please join our Telegram group to help us identify the security breach that thousands of crypto enthusiasts are currently being attacked through.
- The attack began on December 23
- The first 6 victims had saved their seed phrases in Evernote or Notepad, or had sent them in emails
- The volume of victims makes this a highly sophisticated and far reaching attack
- A few victims had installed Cryptotab browser in the last few months
- A few victims have purchased Ledgers from Amazon
If you have your seed phrases saved electronically you need to move them to a hardcopy and delete the record immediately.
How to Protect Yourself
Please read up about security for your cryptocurrency.
The first thing you nee to do is if you aren’t sure if your version of Metamask is from a legitimate source, you need to set up a wallet using the legitimate version of Metamask and immediately move your funds there. It is likely that during this step if you are safe you will not be able to download the legitimate version as your version is already good.
For good measure set it up using a new email address. To be clear you will need to pay gas fees and send your funds to the new wallet – do not just import the existing wallet because your seed phrase is compromised.
Once your funds have been secured delete the old wallet software completely from all of your devices.
If you are a victim of this type of hack it is possible that the hacker didn’t steal all of your funds. Your wallet is now useless. If you have had your Ethereum stolen from your wallet please join our telegram group to help us identify the security breach and potentially save millions of dollars.
So to recap:
- Update and run an antivirus scan on all of your devices.
- Create a new email
- Create a new wallet with a new seed phrase
- Move anything that is left to the new wallet