Crypto veterans targeted in mysterious MetaMask heist – 5k ETH stolen
More than 5,000 Ethereum (ETH) and an undetermined amount of tokens and NFTs have been stolen across multiple chains in an ongoing hack since late last year, MetaMask developer @tayvano_ said.
“I don’t know how big it is but since December 2022 it has drained 5000+ ETH and ??? in tokens / NFTs / coins across 11+ chains.“
The dev added that he has been investigating for the past two days but cannot determine how the attacker is carrying out the thefts. Moreover, the victims are all “OGs that are reasonably safe.”
OG is targeted in sophisticated MetaMask heist
@tayvano_ pointed out that this is a sophisticated attack targeting OGs and reiterated that no one can figure out where the exploit is.
“This is NOT a small phishing site or a random scammer. It has NOT targeted a single noob. It ONLY manages OGs.”
Forensic equipment investigations have led nowhere – further blunting investigations into the method used to access the victims’ MetaMask wallet.
The common features between the cases were that the keys were created between 2014 and 2022, and the victims are “crypto-natives”, such as having multiple addresses and working within the crypto industry.
The hacker will commit “primary” thefts, with “secondary” thefts following hours later to collect assets and dust that were missed during the first heist – sometimes weeks or months later.
In case of major theft, the attacker will exchange assets for ETH inside the wallet, then send the tokens to a centralized exchange, including SimpleSwap and ChangeNOW – always exchange for Bitcoin (BTC).
When you sit on the exchanged BTC for a week, the funds are sent to a mixer for address obfuscation.
Tips to keep you safe
@tayvano_ speculates that the attacker obtained a data cache from the victims’ device. Using this, they can abstract the MetaMask keys — but he emphasizes that this is “just a guess.”
“My best guess rn is that someone got a fat cache of data from 1+ years ago and methodically siphons the keys while parsing them from the vault.“
The developer warns MetaMask users to avoid storing all their digital assets on a single wallet key. Instead, people should split their crypto on multiple keys or hold assets on a hardware wallet.
“PLEASE DO NOT STORE ALL YOUR ASSETS IN A SINGLE KEY OR SECRET PHRASE THIS YEAR. THE END.“
Disclaimer: Our authors’ opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Do your own due diligence before doing anything related to the content of this article. Finally, CryptoSlate takes no responsibility if you lose money trading cryptocurrencies.
