Happy New Year! 🍾 🎉 Not. ☹️ This is more of a warning post than anything; get yourself a hardware wallet (and ideally set it up fresh; ie. not simply by importing an existing wallet if possible).
Here we go…
For various reasons, I have a few wallets. I’ve been in crypto since 2017 (although totally inactive mid-2018 until end of 2020) and have never been ‘hacked’ until 31st December 2021 – New Year’s Eve.
Happy New Year! #not
I don’t yet know how it happened, and maybe I’ll never know.
Before you ask; nope — I never input my keyphrase or any details into anything. I never downloaded a dodgy app that I’m aware of nor clicked through on a fake MetaMask site. I even have published a few posts on how to avoid crypto hacks and phishing!
My last transaction was 28th December, before getting the ferry from Ireland to Spain.
A few days into January I went to do a transaction and it was rejected as I didn’t have enough AVAX.
🤔 Weird, I thought; I have plenty of AVAX.
Nope; I had zero AVAX.
Turned out I had zero BSC, FTM, ETH and several other tokens too. 😬
Everything had been taken on New Year’s Eve, whist I was mid-way though a 550 mile drive through Spain, blissfully unaware.
The “hacker” took what they took within around 25 minutes and then appear to have abandoned the wallet. ETH, VXV, OHM, BNB, FTM, AVAX and several others all gone.
My first guess was a contract from one of my experimental, “degen” plays in November/December, but that didn’t seem to be the case; I checked them all, alongside the various associated Discords, Telegrams etc.
Nope; didn’t appear to be a contract.
This was further confirmed;
I realised that another of my “MetaMask” wallets had also been emptied, one that had never authorised anything except claiming some tokens…
It was an old wallet from Exodus that I had imported to MetaMask as it was whitelisted for a token and then they required MetaMask to claim. Hence I imported…but then I never moved the tokens out to one of my hardware wallets.🤦♀️
Emails; An application has been linked to your wallet
Mid-December, I started getting emails with subject “An application has been linked to your wallet”. All were obviously fake/phishing and never clicked, so I don’t think these emails are connected to the hack. I still get them.
I use a VPN, however I can’t say 100% it is always on.
I always lock my MetaMask, however again; I can’t say with 100% certainty that I done it 100% of the time…nor with 100% certainty that I locked on 28th December.
Brave browser was not effected: I have another hot MetaMask on Brave. Nothing was taken from it.
Exodus was not effected: Nothing was taken from it either, eg non-ERC20 tokes; Bitcoin etc…although in fairness, there wasn’t much there to take other than the ERC-20 tokens (ie the wallet I had imported to MetaMask).
I’m guessing it was… some form of malware, key logger or something related to a wifi network that targets MetaMask on Chrome and was able to access wherever MetaMask stores the private keys and then decrypt them. Then the hacker manually removed the tokens.
I’m assuming that wallet is 100% compromised.
Everything is now removed from it.
Above, you can see a Malwarebytes scan. I’m on a Mac and couldn’t seem to get the actual file names no matter what I did (eg searching, browsing Library files, dragging the UI) to research them further. As you can see, one is a browser extension.
Needless to say, I deleted them all!
I’ll probably never find out what happened.
And the scary thing is, I’ve seen many other similar reports from people getting their crypto stolen from a MetaMask wallet and not knowing how. ie they say they never gave out seed phrase, clicked on anything dodgy etc.
I’m not the most technical, but I’m pretty savvy to phishing etc and have had MetaMask since CryptoKitties…and yet it happened to me.
One thing I can say is that I was stupid leaving more in a hot wallet than I should have done; laziness/convenience and ETH gas fees are the excuses.
None of these excuses are good enough.
Beyond the financial loss, a hack or theft very much knocks your confidence. Especially when you don’t know how it happened.
Don’t let it happen to you – please get a hardware wallet!
I am “lucky”; all my main crypto stuff does live in hardware wallets 🙂; a Ledger Nano S from 2017 which, after setting up some Strong nodes, I then got paranoid that back in 2017 I was a total newbie (ie. anxiety set in; did I do everything 100% correctly?), and so I purchased a Ledger Nano X. I’m loving that Nano X – the buttons are much easier and it stores more than the Nano S!
Needless to say, neither of these hardware wallets got hacked/compromised.
If this happened to someone’s main/only wallet it could be devastating for them.
Don’t let it be you.
The most secure way to setup a hardware wallet is “from scratch”….ie buy the wallet and follow the instructions to create an entirely new wallet.
Then, connect it to MetaMask (here’s how – directly from MetaMask).
That way, the seed phrase for the wallet is never on your computer.…unless of course you are stupid enough to store it there after. ⛔ DON’T DO THAT!!! Write it out several times and store it in multiple very, very safe places.
What if I already have Strong nodes on a ‘hot’ wallet?
Lex, a Strong advocate has excellent instructions on how to import your existing MetaMask wallet to Ledger and Trezor hardware as safely as possible (ie remove the encrypted MetaMask files too). Here’s Ledger and here’s Trezor.
If your wallet is already compromised (ie someone has your private keys) this will not help as they keys to the kingdom are out.
If I had setup a Strong node(s) or other assets that currently cannot be transferred to a new wallet, I would (1) buy a cheap hardware wallet eg a Nano S and follow Lex’s guide to import the existing wallet…..then; (2) buy another wallet eg a Nano X, set it up “from scratch” (ie a totally new wallet) and build ALL future nodes/assets on it.
That way, if anything has happened to your original wallet which you may not be aware of, any potential damage will be contained.
REMEMBER: if you are into “node” projects, most nodes cannot be transferred currently…so please do get a hardware wallet, even if it’s just the cheapest Ledger – a Nano S.
Be safe people!
And if you also have a ‘hot’ wallet, don’t be lazy like I was and leave tokens in it. Trust me — it can cost ya dearly!