MULTIPLE

DESCRIPTION OF EVENTS

"Reddit user Power[O]fTheGods said he had been investing since 2016 and kept his investments in a Ledger Nano S (a crypto wallet) and four Metamask digital hot wallets." "I've been investing in digital assets since early 2016. I would consider myself pretty knowledgeable on all things related crypto/blockchain. I believe in the tech, I built my portfolio up for years and this is pretty much one of the only things I enjoy in life. I have a hardware wallet (Ledger Nano S) since 2017 and 4 different Metamask "hot" wallets. The hardware wallet consisted of 80% of my portfolio." "$ETH $MATIC $AAVE $TIME $OVR $ENS $ZRX $AVAX"

"My seed phrase is on paper, stored in a safe, which no one has access to. My seed phrase has never been written down anywhere else, no computer, no phone, except on that paper in the safe."

"When he checked his accounts last December, he noticed they were empty. At the time, the currency was valued at more than $120,000." "Yesterday, I used my Metamask to access all my wallets for a balance status check before the new year. Everything seemed normal. After checking again late last night and after seeing one of my accounts showing as zero, I noticed every wallet was wiped." "As I look at all of my wallets today, I see zero balances and I am absolutely crushed. It took all my power to even get out of bed, file reports, and write this post today." "Checking the transactions, it seems like the wallets were completely wiped in a matter of minutes." "I have 4 hot wallets and 1 ledger wallet. Funds were pulled out of all 5."

"As I sit here on the first day of the new year, writing this post, I think to myself how much can one human take before it's just too much? The world can just be an absolutely awful, awful place. I read these "stolen or hacked crypto" posts all the time. I always think, wow that person doesn't know what they're doing, shouldn't be investing in crypto in the first place, or that would never happen to me, because I'm super careful! Maybe they are just lying and trying to just get sympathy? Believe me, I wish I was."

"PowerOfTheGods wrote he believes he lost his investment after clicking on a malicious link while web surfing. While his ledger was unlocked, a Trojan took control of his browser and wiped his wallet in a matter of minutes." "My only possible conclusion is that I clicked a malicious link while surfing the internet. The trojan must have somehow took control over my Google Chrome browser (or Metamask extension) while I was using it, while my ledger was unlocked. Checking the transactions times they were sent out around the time I had it open. Again, I never was prompted to accept or approve anything that I myself wasn't doing. It is frightening."

"I don't recall ever going to the actual Metamask website and definitely not a fake one, but either way thanks for this." "I've been on this computer for years and there's been a few times when accidently clicking something that starts an auto-download. Obviously, I am always quick to delete or disable those files. Maybe a virus file was lying dormant for months or years without my anti-virus catching it? Just waiting for the right opportunity? Maybe it is a Metamask data leak? I'm not sure. I like to think I'm pretty careful about my passwords and security."

"I mainly write this post to warn others. Even if you think you are safe, you might still be at risk. I guess with these advanced hackers now, all it takes is one wrong click. This was my life savings aside from a few emergency funds in my traditional bank. I don't think I will ever financially, emotionally, or mentally recover from this. It has affected my life tremendously. I hate to sound dramatic and be that guy, but I'm honestly at a point now where life doesn't even seem worth it."

"I reached out and filed reports to my local law enforcement and the FBI." "I'm hoping one of the wallets leads to a KYC connection, but obviously a long shot here. Super grateful for any research or help." "Can’t comment on much right now, but learned so far of a new malware that can hack into many of different crypto wallets. Yes, seems like Ledger software too. Potentially promising."

"While the user reported the alleged crime to the authorities, there was nothing they could do because cryptocurrency is still largely unregulated. After he shared his story on Reddit, he found other users who reported similar experiences."

The Reddit user PowerOfTheGods reported losing all their cryptocurrency, saved up over the past 5 years, on both their Ledger hardware wallet and 4 separate MetaMask wallets. This allegedly happened while they were checking their balances on the wallets, which they did regularly.

One of the potential theories for how this happened was that they downloaded from Official-KPSMICO, which is a way to get a pirated version of the Windows operating system that is also featuring seriously dangerous CryptBot malware. From this point forward, their computer operated under the full control of a remote attacker. They insist that they did not share their private key or seed phrase anywhere online, not even a screenshot, and the theft involved almost entirely ERC-20 Ethereum-based tokens. It therefore seems more probable that, at some point, they were tricked into authorizing a malicious smart contract to have full access to each of their wallets, including their Ledger hardware wallet. A malware having full control over their PC could easily swap a legitimate routine transaction for such an approval, showing the intended transaction on the PC side. It's often very difficult to evaluate whether a smart contract interaction on the Ledger hardware wallet is intended due to the small screen and cryptic way these transactions are often portrayed, so conceivable that they may not have noticed one approval. All approvals remained dormant and unnoticed until the hacker had sufficient certainty that they had captured all wallet balances, gaining awareness of the hardware wallet balance and each MetaMask from the regularly balance checking, and choosing the most patient/lucrative timing to exercise their withdrawal.

While they have extensively reported the theft for investigation, there is no evidence of any funds ever recovered of that the attacker was brought to justice.

HOW COULD THIS HAVE BEEN PREVENTED?

One must assume that any computer they use can be compromised. Minimize active management of funds and try to do so only in trusted and exclusive environments. If using a hardware wallet, always take the extra time and care to check even routine transactions on the screen. Malware is a key risk with downloading any pirated software. Linux is a great and free alternative to Windows that can be safely downloaded for free from an official source, under full scrutiny of a technical community.

Greater security can be achieved by storing most funds on a separate fully-offline wallet which is never interacted with. There is no need to check the balances regularly or share their existence with others. Advanced users can also set up a multi-signature wallet with multiple devices required for withdrawal.

Check Our Framework For Safe Secure Exchange Platforms

https://fortune.com/2022/03/08/crypto-scam-risk-and-how-to-stay-safe/ (May 2)
Got compromised and lost over $120k in crypto; AMA : CryptoCurrency (Jun 1)
0x365DB2B5722d13F431224066898b4CF8cA7AdFe5 - Blockscan address (Jun 3)
https://etherscan.io/address/0x365DB2B5722d13F431224066898b4CF8cA7AdFe5 (Jun 4)
https://etherscan.io/address/0xcf3c72fb2b320ec127289bb539e1daca489f1878 (Jun 4)
https://etherscan.io/tx/0x24dc3b3962cab5a83cb44aae1da1bf2d777455c95b247ad2b8f5969ff612f533 (Jun 4)
https://etherscan.io/tx/0xc3d1d261df80261e3fa0fdc83debac956693285d8747670d97374515d0911e5f (Jun 4)
https://etherscan.io/tx/0x54d2fa342effe867c50eb6ab1889c070effe9f597330eda74eb49ce4f7faa47b (Jun 4)
https://etherscan.io/tokenapprovalchecker?type=0&search=0xcf3c72fb2b320ec127289bb539e1daca489f1878 (Jun 4)
https://ca.trustpilot.com/review/official-kmspico.com (Jun 4)
24-Word Seed Phrases by wjmelements · Pull Request #7987 · MetaMask/metamask-extension · GitHub (Jun 4)
How Does Your Seed Phrase Work? - YouTube (Jun 4)
There's way more to these MetaMask Hackers... - YouTube (Jun 4)
Got compromised and lost over $120k in crypto; AMA : CryptoCurrency (Jun 26)

More case studies

Illuvium Discord
Server Hack

OpenSea Bored Ape
Old Contract Hack