MetaMask Large USDC/USDT Theft Setana0: Difference between revisions
Jump to navigation
Jump to search
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/metamasklargeusdcusdttheftsetana0.php}} {{Unattributed Sources}} thumb|MetaMask Browser ExtensionSetana0 reported that $88k worth of funds were stolen from their MetaMask account. It appears that their wallet was somehow compromised. As there is no evidence of a smart contract approval being involved, it is most likely due to a seed phrase stored insecurely. This is a global...") |
(Another 30 minutes complete. The link is already in the wiki from researching that case previously. Added the date. About section complete, information moved around for now. Filled in a full technical analysis of the blockchain transactions and list of funds which were stolen in the theft.) |
||
| Line 1: | Line 1: | ||
{{ | {{Case Study Under Construction}}[[File:Metamask.jpg|thumb|MetaMask Browser Extension]]Setana0 reported that $88k worth of funds were stolen from their MetaMask account. It appears that their wallet was somehow compromised. As there is no evidence of a smart contract approval being involved, it is most likely due to a seed phrase stored insecurely. | ||
[[File:Metamask.jpg|thumb|MetaMask Browser Extension]]Setana0 reported that $88k worth of funds were stolen from their MetaMask account. It appears that their wallet was somehow compromised. As there is no evidence of a smart contract approval being involved, it is most likely due to a seed phrase stored insecurely. | |||
== About MetaMask == | == About MetaMask == | ||
== About Setana0 == | |||
Setana0 is a Reddit user and MetaMask user. | |||
gOHM investor. OlympusDAO. | |||
== The Reality == | == The Reality == | ||
| Line 47: | Line 17: | ||
== What Happened == | == What Happened == | ||
Setana0 noticed that their wallet was empty. | |||
{| class="wikitable" | {| class="wikitable" | ||
|+Key Event Timeline - MetaMask Large USDC/USDT Theft Setana0 | |+Key Event Timeline - MetaMask Large USDC/USDT Theft Setana0 | ||
| Line 56: | Line 26: | ||
|July 12th, 2022 11:19:37 AM MDT | |July 12th, 2022 11:19:37 AM MDT | ||
|USDC Theft | |USDC Theft | ||
|An initial theft of 45,860.064432 USDC is taken from Setana0's wallet. | |An initial theft of 45,860.064432 USDC is taken from Setana0's wallet<ref name="etherscan-12823" />. | ||
|- | |- | ||
|July 12th, 2022 11:20:20 AM MDT | |July 12th, 2022 11:20:20 AM MDT | ||
|USDT Theft | |USDT Theft | ||
|A further transfer of 19,111.780085 USDT is taken from Setana0's wallet. | |A further transfer of 19,111.780085 USDT is taken from Setana0's wallet<ref name="etherscan-12824" />. | ||
|- | |- | ||
|July 12th, 2022 11:21:59 AM MDT | |July 12th, 2022 11:21:59 AM MDT | ||
|gOHM Theft | |gOHM Theft | ||
|2.008524109747048012 gOHM tokens (OlympusDAO) are taken from Setana0's wallet. | |2.008524109747048012 gOHM tokens (OlympusDAO) are taken from Setana0's wallet<ref name="etherscan-12825" />. | ||
|- | |- | ||
|July 12th, 2022 11:26:26 AM MDT | |July 12th, 2022 11:26:26 AM MDT | ||
|ETH Theft | |ETH Theft | ||
|0.151518662904685053 ETH is taken to clear out Setana0's wallet. | |0.151518662904685053 ETH is taken to clear out Setana0's wallet<ref name="etherscan-12826" />. | ||
|- | |- | ||
|July 12th, 2022 12:31:18 PM MDT | |July 12th, 2022 12:31:18 PM MDT | ||
|ETH Transfer | |ETH Transfer | ||
|0.0008 ETH is transfered into Setana0's wallet. | |0.0008 ETH is transfered into Setana0's wallet<ref name="etherscan-12827" />, suspected to be funds to cover gas from another on of the the thief's wallets<ref name=":0">[https://etherscan.io/address/0xd8fc2a79aa7b4e8265cf60301525f59d3974dd05 Thief's Wallet For Gas Money - EtherScan] (Jan 18, 2024)</ref>. | ||
|- | |- | ||
|July 12th, 2022 12:42:37 PM MDT | |July 12th, 2022 12:42:37 PM MDT | ||
|Floki Theft | |Floki Theft | ||
|2,647,510,449.552820722 Floki is taken from Setana0's wallet. | |2,647,510,449.552820722 Floki is taken from Setana0's wallet<ref name="etherscan-12828" />. | ||
|- | |- | ||
|July 16th, 2022 11:36:26 AM MDT | |July 16th, 2022 11:36:26 AM MDT | ||
|Coinbase Withdrawal | |Coinbase Withdrawal | ||
|0.00895358 ETH worth of funds are withdrawn from Coinbase into Setana0's wallet. | |0.00895358 ETH worth of funds are withdrawn from Coinbase into Setana0's wallet<ref name="etherscan-12822" />. | ||
|- | |- | ||
|July 16th, 2022 1:52:37 PM MDT | |July 16th, 2022 1:52:37 PM MDT | ||
|Reddit Post | |Reddit Post | ||
|Issue is posted on Reddit. | |Issue is posted on Reddit<ref name="redditold-12817" /><ref name="redditoldarchive-12818" />. | ||
|} | |} | ||
== Technical Details == | == Technical Details == | ||
While many speculated that the loss may have involved a smart contract approval, further analysis largely concluded that the issue was regarding a private key breach. | |||
Setana0's Wallet Address: 0x1AE31f08F63DF72b1E15E2ecbB937F132776C422<ref name="etherscan-12821" /> | |||
Thief Wallet Addresses: | |||
* 0xb60a8d6a25e50da0ad0213bd2c1302db9dfe508d<ref>[https://etherscan.io/address/0xb60a8d6a25e50da0ad0213bd2c1302db9dfe508d Setana0's Thief "Fake_Phishing5888" - EtherScan] (Jan 18, 2024)</ref> | |||
* 0xD8FC2a79Aa7B4E8265Cf60301525F59d3974dD05<ref name="etherscan-12827" /><ref name=":0" /> | |||
=== Theft Of Funds === | |||
After gaining knowledge of the private key, the thief acted quickly to remove the assets from the wallet. | |||
First transfer of 45,860.064432 USDC<ref name="etherscan-12823" />. | |||
Second transfer of 19,111.780085 USDT<ref name="etherscan-12824" />. | |||
Third transfer of 2.008524109747048012 gOHM<ref name="etherscan-12825" />. | |||
Fourth transfer of 0.151518662904685053 ETH<ref name="etherscan-12826" />. | |||
=== Final FLOKI Transfer === | |||
The wallet was then out of fund. The thief had to make an ethereum deposit of 0.0008 to cover gas<ref name="etherscan-12827" /> for a withdrawal of the 2,647,510,449.552820722 FLOKI tokens<ref name="etherscan-12828" />. | |||
== Total Amount Lost == | == Total Amount Lost == | ||
The total losses stem from: | |||
{| class="wikitable" | |||
|+Total Loss Table | |||
!Asset | |||
!Value USD | |||
!Total USD | |||
|- | |||
|45,860.064432 USDC<ref name="etherscan-12823" /> | |||
|$1.00 USD | |||
|$45,860.06 USD | |||
|- | |||
|19,111.780085 USDT<ref name="etherscan-12824" /> | |||
|$1.00 USD | |||
|$19,111.78 USD | |||
|- | |||
|2.008524109747048012 gOHM<ref name="etherscan-12825" /> | |||
| | |||
| | |||
|- | |||
|0.151518662904685053 ETH<ref name="etherscan-12826" /> | |||
| | |||
| | |||
|- | |||
|2,647,510,449.552820722 FLOKI<ref name="etherscan-12828" /> | |||
| | |||
| | |||
|- | |||
|Total | |||
| | |||
| | |||
|} | |||
The total amount lost has been estimated at $88,000 USD. | The total amount lost has been estimated at $88,000 USD. | ||
== Immediate Reactions == | |||
Setana0 sought help from the Reddit community to determine what had happened to their MetaMask wallet to result in the theft. | |||
== | === Reddit Posts And Comments === | ||
"Im completely devastated. I honestly have no idea how or when my metamask or laptop got compromised. To think i was planning to get a hardware wallet. Not even in the mood to write anything. My life was already going backwards and now this. Any ideas on what i should do. Also If someone can shed some light on the situation.All the transaction on the 12th of July werent mine." | |||
=== Reactions on Reddit === | |||
<ref name="redditold-12819" /><blockquote>"Everyone makes mistakes, and that’s true. However the risk/reward should line up. If a lot is at stake, then having safeguards and back ups are useful. | |||
No one expects anyone to be perfect, that’s why people and companies compensate in other areas. Insurance is another such backup plan. | |||
Making a mistake is human, but not being prepared is simply folly. And the first step towards avoiding mistakes is to acknowledge you can make them. To admit you’re not perfect, and then plan for it. | |||
The people who just go “why bother planning, yolo!” Are the ones who get screwed over the most. And that recklessness should be called out and corrected."</blockquote><ref name="redditold-12820" /><blockquote>OP that's so rough! I'm so sorry for you man, such a [horrible] situation. It's gonna be devastating, but you're just going to have to move on. Easier said than done, but you have no other choice. Best of luck to you in life man, things will work out.</blockquote> | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done? | What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done? | ||
=== Clean Up Of Other Wallet Tokens === | |||
It appears that the thief left several tokens in Setana0's wallet. | |||
Additional Ethereum funds were withdrawn from Coinbase<ref name="etherscan-12822" /> and used to sweep the remaining tokens from the wallet. | |||
== Total Amount Recovered == | == Total Amount Recovered == | ||
| Line 124: | Line 161: | ||
== References == | == References == | ||
<references><ref name="redditold-12817">[https://old.reddit.com/r/CryptoCurrency/comments/w0owbk/deleted_by_user/ <nowiki>[deleted by user] | <references> | ||
<ref name="redditold-12817">[https://old.reddit.com/r/CryptoCurrency/comments/w0owbk/deleted_by_user/ <nowiki>[deleted by user]</nowiki> : CryptoCurrency] (Mar 6, 2023)</ref> | |||
<ref name="redditoldarchive-12818">[https://web.archive.org/web/20220716195947/https://old.reddit.com/r/CryptoCurrency/comments/w0owbk/just_found_out_more_than_88k_usd_worth_of_crypto/ Just found out more than 88k usd worth of crypto was stolen from my metamask : CryptoCurrency] (Jan 9, 2024)</ref> | <ref name="redditoldarchive-12818">[https://web.archive.org/web/20220716195947/https://old.reddit.com/r/CryptoCurrency/comments/w0owbk/just_found_out_more_than_88k_usd_worth_of_crypto/ Just found out more than 88k usd worth of crypto was stolen from my metamask : CryptoCurrency] (Jan 9, 2024)</ref> | ||
<ref name="redditold-12819">[https://old.reddit.com/r/CryptoCurrency/comments/w0owbk/deleted_by_user/igh9584/ Naus1987 - "Everyone makes mistakes, and that’s true. However the risk/reward should line up. If a lot is at stake, then having safeguards and back ups are useful." - Reddit] (Jan 9, 2024)</ref> | |||
<ref name="redditold-12819">[https://old.reddit.com/r/CryptoCurrency/comments/w0owbk/deleted_by_user/igh9584/ | <ref name="redditold-12820">[https://old.reddit.com/r/CryptoCurrency/comments/w0owbk/deleted_by_user/igi26hv/ <nowiki>Alanski22 - "OP that's so rough! I'm so sorry for you man, such a [horrible] situation. It's gonna be devastating, but you're just going to have to move on. Easier said than done, but you have no other choice. Best of luck to you in life man, things will work out." - Reddit</nowiki>] (Jan 9, 2024)</ref> | ||
<ref name="etherscan-12821">[https://etherscan.io/address/0x1ae31f08f63df72b1e15e2ecbb937f132776c422 Setana0's Wallet Address - EtherScan] (Jan 15, 2024)</ref> | |||
<ref name="redditold-12820">[https://old.reddit.com/r/CryptoCurrency/comments/w0owbk/deleted_by_user/igi26hv/ <nowiki>Alanski22 | <ref name="etherscan-12822">[https://etherscan.io/tx/0x51b0ffe0bd9ffdd83c4012918a210ff1fc3572c8716008c2c281d73716d955f7 Withdrawal Of 0.00895358 ETH from CoinBase - EtherScan] (Jan 15, 2024)</ref> | ||
<ref name="etherscan-12823">[https://etherscan.io/tx/0x4feb0f0ca1b01977c454e33e8b431c114b78669878de0e8b176b3e3e357a91ba Transfer of 45,860.064432 USDC From Setana0 To Phisher - EtherScan] (Mar 9, 2023)</ref> | |||
<ref name="etherscan-12821">[https://etherscan.io/address/0x1ae31f08f63df72b1e15e2ecbb937f132776c422 Address | <ref name="etherscan-12824">[https://etherscan.io/tx/0x3e7c83882ae4812f6c27baacbb4a6c13d78402e7c4b797c56880705f172388f9 Transfer of 19,111.780085 USDT from Setana0's Wallet - EtherScan] (Jan 15, 2024)</ref> | ||
<ref name="etherscan-12825">[https://etherscan.io/tx/0x307536f23dfa55e94cad5d25c20a393b24803f39123a091babe2bee0237170c9 Transfer of 2.008524109747048012 gOHM From Setana0's Wallet - EtherScan] (Jan 15, 2024)</ref> | |||
<ref name="etherscan-12822">[https://etherscan.io/tx/0x51b0ffe0bd9ffdd83c4012918a210ff1fc3572c8716008c2c281d73716d955f7 | <ref name="etherscan-12826">[https://etherscan.io/tx/0x8e05995228b3fd92f5708cf2a2823f4dd5616547d5f480fc2458f820d4cc97ad Transfer of 0.151518662904685053 ETH from Setana0's Wallet - EtherScan] (Jan 15, 2024)</ref> | ||
<ref name="etherscan-12827">[https://etherscan.io/tx/0xc546c2448f8a0a3613d4b9013477b59e65d3caa06d997c80050d396fde466bd3 Transfer of 0.0008 ETH into Setana0's Wallet - EtherScan] (Jan 15, 2024)</ref> | |||
<ref name="etherscan-12823">[https://etherscan.io/tx/0x4feb0f0ca1b01977c454e33e8b431c114b78669878de0e8b176b3e3e357a91ba | <ref name="etherscan-12828">[https://etherscan.io/tx/0xcd85db999ea8a22d0fc57a32b60f572e042b8cffa3b6916a83a671b24da015cd Transfer of 2,647,510,449.552820722 FLOKI From Setana0's Wallet - EtherScan] (Jan 15, 2024)</ref> | ||
</references> | |||
<ref name="etherscan-12824">[https://etherscan.io/tx/0x3e7c83882ae4812f6c27baacbb4a6c13d78402e7c4b797c56880705f172388f9 | |||
<ref name="etherscan-12825">[https://etherscan.io/tx/0x307536f23dfa55e94cad5d25c20a393b24803f39123a091babe2bee0237170c9 | |||
<ref name="etherscan-12826">[https://etherscan.io/tx/0x8e05995228b3fd92f5708cf2a2823f4dd5616547d5f480fc2458f820d4cc97ad | |||
<ref name="etherscan-12827">[https://etherscan.io/tx/0xc546c2448f8a0a3613d4b9013477b59e65d3caa06d997c80050d396fde466bd3 | |||
<ref name="etherscan-12828">[https://etherscan.io/tx/0xcd85db999ea8a22d0fc57a32b60f572e042b8cffa3b6916a83a671b24da015cd | |||
Latest revision as of 13:50, 18 January 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Setana0 reported that $88k worth of funds were stolen from their MetaMask account. It appears that their wallet was somehow compromised. As there is no evidence of a smart contract approval being involved, it is most likely due to a seed phrase stored insecurely.
About MetaMask
About Setana0
Setana0 is a Reddit user and MetaMask user.
gOHM investor. OlympusDAO.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
Setana0 noticed that their wallet was empty.
| Date | Event | Description |
|---|---|---|
| July 12th, 2022 11:19:37 AM MDT | USDC Theft | An initial theft of 45,860.064432 USDC is taken from Setana0's wallet[1]. |
| July 12th, 2022 11:20:20 AM MDT | USDT Theft | A further transfer of 19,111.780085 USDT is taken from Setana0's wallet[2]. |
| July 12th, 2022 11:21:59 AM MDT | gOHM Theft | 2.008524109747048012 gOHM tokens (OlympusDAO) are taken from Setana0's wallet[3]. |
| July 12th, 2022 11:26:26 AM MDT | ETH Theft | 0.151518662904685053 ETH is taken to clear out Setana0's wallet[4]. |
| July 12th, 2022 12:31:18 PM MDT | ETH Transfer | 0.0008 ETH is transfered into Setana0's wallet[5], suspected to be funds to cover gas from another on of the the thief's wallets[6]. |
| July 12th, 2022 12:42:37 PM MDT | Floki Theft | 2,647,510,449.552820722 Floki is taken from Setana0's wallet[7]. |
| July 16th, 2022 11:36:26 AM MDT | Coinbase Withdrawal | 0.00895358 ETH worth of funds are withdrawn from Coinbase into Setana0's wallet[8]. |
| July 16th, 2022 1:52:37 PM MDT | Reddit Post | Issue is posted on Reddit[9][10]. |
Technical Details
While many speculated that the loss may have involved a smart contract approval, further analysis largely concluded that the issue was regarding a private key breach.
Setana0's Wallet Address: 0x1AE31f08F63DF72b1E15E2ecbB937F132776C422[11]
Thief Wallet Addresses:
Theft Of Funds
After gaining knowledge of the private key, the thief acted quickly to remove the assets from the wallet.
First transfer of 45,860.064432 USDC[1].
Second transfer of 19,111.780085 USDT[2].
Third transfer of 2.008524109747048012 gOHM[3].
Fourth transfer of 0.151518662904685053 ETH[4].
Final FLOKI Transfer
The wallet was then out of fund. The thief had to make an ethereum deposit of 0.0008 to cover gas[5] for a withdrawal of the 2,647,510,449.552820722 FLOKI tokens[7].
Total Amount Lost
The total losses stem from:
| Asset | Value USD | Total USD |
|---|---|---|
| 45,860.064432 USDC[1] | $1.00 USD | $45,860.06 USD |
| 19,111.780085 USDT[2] | $1.00 USD | $19,111.78 USD |
| 2.008524109747048012 gOHM[3] | ||
| 0.151518662904685053 ETH[4] | ||
| 2,647,510,449.552820722 FLOKI[7] | ||
| Total |
The total amount lost has been estimated at $88,000 USD.
Immediate Reactions
Setana0 sought help from the Reddit community to determine what had happened to their MetaMask wallet to result in the theft.
Reddit Posts And Comments
"Im completely devastated. I honestly have no idea how or when my metamask or laptop got compromised. To think i was planning to get a hardware wallet. Not even in the mood to write anything. My life was already going backwards and now this. Any ideas on what i should do. Also If someone can shed some light on the situation.All the transaction on the 12th of July werent mine."
Reactions on Reddit
"Everyone makes mistakes, and that’s true. However the risk/reward should line up. If a lot is at stake, then having safeguards and back ups are useful.
No one expects anyone to be perfect, that’s why people and companies compensate in other areas. Insurance is another such backup plan.
Making a mistake is human, but not being prepared is simply folly. And the first step towards avoiding mistakes is to acknowledge you can make them. To admit you’re not perfect, and then plan for it.
The people who just go “why bother planning, yolo!” Are the ones who get screwed over the most. And that recklessness should be called out and corrected."
OP that's so rough! I'm so sorry for you man, such a [horrible] situation. It's gonna be devastating, but you're just going to have to move on. Easier said than done, but you have no other choice. Best of luck to you in life man, things will work out.
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Clean Up Of Other Wallet Tokens
It appears that the thief left several tokens in Setana0's wallet.
Additional Ethereum funds were withdrawn from Coinbase[8] and used to sweep the remaining tokens from the wallet.
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 1.2 Transfer of 45,860.064432 USDC From Setana0 To Phisher - EtherScan (Mar 9, 2023)
- ↑ 2.0 2.1 2.2 Transfer of 19,111.780085 USDT from Setana0's Wallet - EtherScan (Jan 15, 2024)
- ↑ 3.0 3.1 3.2 Transfer of 2.008524109747048012 gOHM From Setana0's Wallet - EtherScan (Jan 15, 2024)
- ↑ 4.0 4.1 4.2 Transfer of 0.151518662904685053 ETH from Setana0's Wallet - EtherScan (Jan 15, 2024)
- ↑ 5.0 5.1 5.2 Transfer of 0.0008 ETH into Setana0's Wallet - EtherScan (Jan 15, 2024)
- ↑ 6.0 6.1 Thief's Wallet For Gas Money - EtherScan (Jan 18, 2024)
- ↑ 7.0 7.1 7.2 Transfer of 2,647,510,449.552820722 FLOKI From Setana0's Wallet - EtherScan (Jan 15, 2024)
- ↑ 8.0 8.1 Withdrawal Of 0.00895358 ETH from CoinBase - EtherScan (Jan 15, 2024)
- ↑ [deleted by user] : CryptoCurrency (Mar 6, 2023)
- ↑ Just found out more than 88k usd worth of crypto was stolen from my metamask : CryptoCurrency (Jan 9, 2024)
- ↑ Setana0's Wallet Address - EtherScan (Jan 15, 2024)
- ↑ Setana0's Thief "Fake_Phishing5888" - EtherScan (Jan 18, 2024)
- ↑ Naus1987 - "Everyone makes mistakes, and that’s true. However the risk/reward should line up. If a lot is at stake, then having safeguards and back ups are useful." - Reddit (Jan 9, 2024)
- ↑ Alanski22 - "OP that's so rough! I'm so sorry for you man, such a [horrible] situation. It's gonna be devastating, but you're just going to have to move on. Easier said than done, but you have no other choice. Best of luck to you in life man, things will work out." - Reddit (Jan 9, 2024)