Crypto Hack

$40 Million Cryptocurrency MetaMask Hack Ongoing

Posted by

Just after Christmas I discovered a large crypto scam that is currently ongoing.

The hack is sophisticated and we now believe that access to thousands of Metamask wallets was gained by Hackers purchasing Ads on Google and tricking people into downloading a fake version of Metamask.

This was an extremely successful phishing scam that was engineered over several months. At first we suspected a large application had been compromised, but after thorough investigation the victims we were able to contact didn’t have any applications in common.

It is worth noting that the first 5 all had saved their passwords electronically either in a notepad or sending it to themselves in an email which opened up the possibility that existing Apple and Windows hacks could have been used, but the scope of the hack meant that sifting through passwords for people that used Metamask and then gaining access to Metamask was unlikely.

What we Know

For the past month the hacker has been converting victim’s tokens to ETH and passing them through several wallets before winding up at a wallet hosted by Changenow.io the address is 0x8f54972F4Ca40bD3ffC8b085f6Ece1739C40c65f. 

As transactions are coming in the hacker sends them out to thousands of smaller wallets for future distribution.

It was very hard to track down victims. At this point I have made contact with roughly a dozen victims. If you have had your Metamask or Trust Wallet drained recently please join our Telegram group to help us identify the security breach that thousands of crypto enthusiasts are currently being attacked through.

  • The attack began on December 23
  • The first 6 victims had saved their seed phrases in Evernote or Notepad, or had sent them in emails
  • The volume of victims makes this a highly sophisticated and far reaching attack
  • A few victims had installed Cryptotab browser in the last few months
  • A few victims have purchased Ledgers from Amazon

If you have your seed phrases saved electronically you need to move them to a hardcopy and delete the record immediately.

How to Protect Yourself

Please read up about security for your cryptocurrency.

The first thing you nee to do is if you aren’t sure if your version of Metamask is from a legitimate source, you need to set up a wallet using the legitimate version of Metamask and immediately move your funds there. It is likely that during this step if you are safe you will not be able to download the legitimate version as your version is already good.

For good measure set it up using a new email address. To be clear you will need to pay gas fees and send your funds to the new wallet – do not just import the existing wallet because your seed phrase is compromised.

Once your funds have been secured delete the old wallet software completely from all of your devices.

If you are a victim of this type of hack it is possible that the hacker didn’t steal all of your funds. Your wallet is now useless. If you have had your Ethereum stolen from your wallet please join our telegram group to help us identify the security breach and potentially save millions of dollars.

So to recap:

  • Update and run an antivirus scan on all of your devices.
  • Create a new email
  • Create a new wallet with a new seed phrase
  • Move anything that is left to the new wallet

 

[Updated 1/27/2021]

One comment

  1. Thanks for this summary. Quite helpful!

    I should have read this before I went crazy and fell for one of the most basic crypto scams out there, the ETH/BTC giveaway scam with the Elon Musk and Tesla names being used as an anchor.

    ** The fraudsters host a webpage staging as Tesla / Elon Musk giving away / matching Ethereum and Bitcoins sent to them at:

    ** soon after the fraudsters cleared the ETH address and moved the funds:
    https://etherscan.io/address/0xb657363ff37003b9681f26977e01651c2ea6acdd

    ** This is the target ETH address where they collect all the money the have stolen:
    https://etherscan.io/address/0x8f54972f4ca40bd3ffc8b085f6ece1739c40c65f

    That collecting wallet is worth more than 200..250k during certain days.
    We can watch these criminals doing their thing, but there is nothing we can do to prevent this from happening… a perfect breeding ground for criminals of all kinds.

    Brave new crypto world.

    Didn’t we go here in the first place to have more secure, more trusted deposits and transactions?

Leave a Reply

Your email address will not be published. Required fields are marked *