MetaMask Redline PDF Spearphishing Email CryptoJordin: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(→‎What Happened: January 4th, 2022)
(→‎What Happened: Video baiting scammer details and transcript.)
Line 74: Line 74:
|First Video Uploaded
|First Video Uploaded
|CryptoJordin uploads his first video explaining the situation and what happened titled "Update on The Hackers Who Wiped My MetaMask Wallet."<ref name="unnamed-10585" />.
|CryptoJordin uploads his first video explaining the situation and what happened titled "Update on The Hackers Who Wiped My MetaMask Wallet."<ref name="unnamed-10585" />.
|-
|December 14th, 2021, 2:14:07 PM MST
|Video Baiting Scammer
|CryptoJordin reports on baiting the hacker into sending a malicious PDF with the malware included<ref>[https://www.youtube.com/watch?v=msqDmwmkDEA CryptoJordin - We've Baited My MetaMask Hacker... - YouTube] (Mar 3, 2023)</ref>.
|-
|-
|January 4th, 2022, 11:15:13 AM MST
|January 4th, 2022, 11:15:13 AM MST
Line 91: Line 95:
== Immediate Reactions ==
== Immediate Reactions ==
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Update on The Hackers Who Wiped My MetaMask Wallet.


"Hey, what is up guys? It's Jordan. Welcome back to another, uh, investigation video. To be honest, I haven't got much sleep - probably about four to five hours last night. I've honestly just been stressed about this whole situation and a lot of people have been contacting me saying they've been having similar problems. They describe it to me. It's literally the exact same thing I'm going through. You feel hopeless. You feel like you have no voice. If something happens to your bank account or whatever you can go and contact your bank, talk to somebody. [It] makes you feel a little better, even if they don't fix your problem, but in the crypto world there's nobody. It's you, it's a decentralized world, and I mean it is scary. My latest videos sparked a huge conversation around the crypto world that nobody wants to talk about, and it's all of these scams that are going around. There's going to be a lot of information in this video you do not want to miss. Let's jump right into it."
"Hey, what is up guys? It's Jordan. Welcome back to another, uh, investigation video. To be honest, I haven't got much sleep - probably about four to five hours last night. I've honestly just been stressed about this whole situation and a lot of people have been contacting me saying they've been having similar problems. They describe it to me. It's literally the exact same thing I'm going through. You feel hopeless. You feel like you have no voice. If something happens to your bank account or whatever you can go and contact your bank, talk to somebody. [It] makes you feel a little better, even if they don't fix your problem, but in the crypto world there's nobody. It's you, it's a decentralized world, and I mean it is scary. My latest videos sparked a huge conversation around the crypto world that nobody wants to talk about, and it's all of these scams that are going around. There's going to be a lot of information in this video you do not want to miss. Let's jump right into it."
Line 99: Line 108:


"Another way I pinpointed the exact thing I was doing at that time was i went onto my iPhone, I went to my pictures, and I took a thumbnail picture four o'clock or something, and I remember I made the video right after I did the emails. That means I was reading emails around like three o'clock or so, because I recorded at four probably. [It] probably took an hour, so reading emails, watching YouTube videos ... on the side watching flying emails and like god i didn't know like recording this video would be so hard like my heart's like actually kind of racing and like i get really worked up about this i said this last video really defensive i get very angry we'll say it again i'll probably say it at the end of the video this was all my fault but i want to take my mistake and turn it into something positive and allow people to learn from it this is an email i received on december 4th around 6 30 p.m hi i represent canyon gaming and i'm responsible for launching an advertising campaign to promote new technologies developed by our company so typically when i get one of these emails i'm like okay cool let me jump over to canon gaming website and see what they got i'm not gonna go over to the website because i don't know if they're affiliated with this hacking group or not which i assume they're not probably a normal company but maybe they made this company to disguise it that's very possible it's not hard to make a website and we will get to the bottom of that also i currently have a team right now while i'm recording this video investigating this this is a big deal and if nobody else in the crypto community wants to step up i will i want to be the voice for the people that are going through the same that i'm dealing with okay let's read this email you definitely want to hear this we create the best personal computer accessories your channel is suitable for us to advertise our campaign so we decided to order an advertising video from you about the new collection of which will be released in mid-december so in my head i'm thinking okay company that i checked out their website they have sick gaming chairs they have sick freaking headsets they got these gaming mouses that look amazing i mean they light up and whoa they're saying i can pick three to four accessories from their new catalog that's launching in december and they're gonna pay for all the shipping all i have to do is receive the accessories create a commercial about it on the day that i get it and then like a week before they do the sales post that video after they deliver the accessories free of charge they're gonna just remain with me it's not like i have to send them back or anything instead of paying me money they're gonna just give me these accessories that they probably don't pay too much for they probably get them made in china or something and if you buy products in bulk like of course you can just give them out cheap why i'm talking like this is the thoughts that were going through my brain i didn't read this and think ah they're freaking stupid they're trying to scam me and take my bitcoins i mean hey they're talking about gaming chairs and like they're going to provide me information in the future about this i mean they're not even like really like oh click this link right here click this link right here and you got you got to check out our new accessories you got to keep it click click click it download it install it and make sure you respond back to us they're just like hey let me know if you're interested and we'll send you a pdf with instructions obviously they can't post the catalog on their website they got to send you the catalog because it's private it's it's going to be a big sale like obviously i'm making an advertisement like i was gonna record a dope ass video like showing off this gaming chair like it's like an actual advertisement because it's not been released yet they're gonna hold a presentation early december so i wrote back the next morning december 5th at 7 57 a.m i said hello yes i am interested i would love to see the new collection and create videos i'd love to yeah later on the same day at 12 58 p.m they finally sent me their product line to check out so i could pick out three to four products free of charge all you gotta do is make a video guy being a youtuber is so great isn't it so what do my eyes see blah blah blah blah okay our campaign youtube all right free charge all right pick my products okay attach the document non-disclosure agreement oh because it's like a partner what information is needed it's in the products however okay documents does not need to be signed all right so i just got to read follow instructions only the company's employees and partners know about this okay everything you see in the catalog will be protected by the rule described in the okay okay cool oh all right right here so i have to do is all right so it's just a pdf and there was instructions to click another link which will lead to the private catalog and they gave me like a personal code to use for the catalog and i guess like all i can say is they they got me i'm not stupid well kinda but i know not to download stuff i am not new to the internet i am not new to scams i've literally seen everything in the books but like this i mean it was so perfectly written so manipulative so what happened was the catalog actually opened up and when i clicked on it right away my brain kind of went like why did like install the catalog like i thought i was just gonna click on the link and like the catalog would just pop up but no like it literally popped up on my monitor like an installation bar that just went across real quick and then the catalog popped up and inside the catalog real products like i could actually scroll i could actually like look at product selection and stuff and what they said in this pdf when you click on it it's like showing you the instructions like how to pick out something you want and what to do and stuff and this pdf that i'm not gonna click on this manipulated me even more it's saying to write down like three to four order numbers you can't exceed two thousand dollars and all of this stuff it's talking about everything you need to do for the commercial guys this is not a joke this is the most professional scam i've ever seen in my life so what happened when i clicked that what happened when i clicked that link gave them access to my meta mask they didn't just log into my meta mask through my key or something and send the funds over to their account they got access to full control of my metamask like they literally got handed over my metamask account just from me doing what i did from clicking that and believing this there's still so many details i need to be unraveled and there's a lot more investigation that needs to be done it is all in the works right now and i will not give up on this i'm going to stay on this case you do not want to miss future update videos about this so definitely throw a thumbs up on this video and click the subscribe button it mean a ton the support has been tremendous and i will be the voice for the people i'm currently in talks with a blockchain security engineer at binance he said this case piqued his interest and he has been working on cyber incidents for over 10 years and i'm actually looking at the tweets he just sent me and this case honestly just keeps getting deeper there's gonna be a part two to this video and the details we will be releasing will blow your mind the money that this hacker organization has accumulated within a short period of time is freaking insanity remember to prioritize securing your assets it is something i'm gonna forever tell my community to do and i will have a video coming out shortly within this week probably or next week talking about how to do so because every single day i'm informing myself how to lock down as best as possible and do what i can do to prevent this from happening again if you have been scammed or have had your metamask wallet completely wiped let me know down below i want to hear your story because your information definitely definitely definitely could help in this investigation if you would like to reach out to me and contact me please do so on twitter telegram or instagram all of that's down below in the description i'm glad i can update you guys on the situation this is far from over i'm gonna go get right back to it and i'll see you guys in part two peace"
"Another way I pinpointed the exact thing I was doing at that time was i went onto my iPhone, I went to my pictures, and I took a thumbnail picture four o'clock or something, and I remember I made the video right after I did the emails. That means I was reading emails around like three o'clock or so, because I recorded at four probably. [It] probably took an hour, so reading emails, watching YouTube videos ... on the side watching flying emails and like god i didn't know like recording this video would be so hard like my heart's like actually kind of racing and like i get really worked up about this i said this last video really defensive i get very angry we'll say it again i'll probably say it at the end of the video this was all my fault but i want to take my mistake and turn it into something positive and allow people to learn from it this is an email i received on december 4th around 6 30 p.m hi i represent canyon gaming and i'm responsible for launching an advertising campaign to promote new technologies developed by our company so typically when i get one of these emails i'm like okay cool let me jump over to canon gaming website and see what they got i'm not gonna go over to the website because i don't know if they're affiliated with this hacking group or not which i assume they're not probably a normal company but maybe they made this company to disguise it that's very possible it's not hard to make a website and we will get to the bottom of that also i currently have a team right now while i'm recording this video investigating this this is a big deal and if nobody else in the crypto community wants to step up i will i want to be the voice for the people that are going through the same that i'm dealing with okay let's read this email you definitely want to hear this we create the best personal computer accessories your channel is suitable for us to advertise our campaign so we decided to order an advertising video from you about the new collection of which will be released in mid-december so in my head i'm thinking okay company that i checked out their website they have sick gaming chairs they have sick freaking headsets they got these gaming mouses that look amazing i mean they light up and whoa they're saying i can pick three to four accessories from their new catalog that's launching in december and they're gonna pay for all the shipping all i have to do is receive the accessories create a commercial about it on the day that i get it and then like a week before they do the sales post that video after they deliver the accessories free of charge they're gonna just remain with me it's not like i have to send them back or anything instead of paying me money they're gonna just give me these accessories that they probably don't pay too much for they probably get them made in china or something and if you buy products in bulk like of course you can just give them out cheap why i'm talking like this is the thoughts that were going through my brain i didn't read this and think ah they're freaking stupid they're trying to scam me and take my bitcoins i mean hey they're talking about gaming chairs and like they're going to provide me information in the future about this i mean they're not even like really like oh click this link right here click this link right here and you got you got to check out our new accessories you got to keep it click click click it download it install it and make sure you respond back to us they're just like hey let me know if you're interested and we'll send you a pdf with instructions obviously they can't post the catalog on their website they got to send you the catalog because it's private it's it's going to be a big sale like obviously i'm making an advertisement like i was gonna record a dope ass video like showing off this gaming chair like it's like an actual advertisement because it's not been released yet they're gonna hold a presentation early december so i wrote back the next morning december 5th at 7 57 a.m i said hello yes i am interested i would love to see the new collection and create videos i'd love to yeah later on the same day at 12 58 p.m they finally sent me their product line to check out so i could pick out three to four products free of charge all you gotta do is make a video guy being a youtuber is so great isn't it so what do my eyes see blah blah blah blah okay our campaign youtube all right free charge all right pick my products okay attach the document non-disclosure agreement oh because it's like a partner what information is needed it's in the products however okay documents does not need to be signed all right so i just got to read follow instructions only the company's employees and partners know about this okay everything you see in the catalog will be protected by the rule described in the okay okay cool oh all right right here so i have to do is all right so it's just a pdf and there was instructions to click another link which will lead to the private catalog and they gave me like a personal code to use for the catalog and i guess like all i can say is they they got me i'm not stupid well kinda but i know not to download stuff i am not new to the internet i am not new to scams i've literally seen everything in the books but like this i mean it was so perfectly written so manipulative so what happened was the catalog actually opened up and when i clicked on it right away my brain kind of went like why did like install the catalog like i thought i was just gonna click on the link and like the catalog would just pop up but no like it literally popped up on my monitor like an installation bar that just went across real quick and then the catalog popped up and inside the catalog real products like i could actually scroll i could actually like look at product selection and stuff and what they said in this pdf when you click on it it's like showing you the instructions like how to pick out something you want and what to do and stuff and this pdf that i'm not gonna click on this manipulated me even more it's saying to write down like three to four order numbers you can't exceed two thousand dollars and all of this stuff it's talking about everything you need to do for the commercial guys this is not a joke this is the most professional scam i've ever seen in my life so what happened when i clicked that what happened when i clicked that link gave them access to my meta mask they didn't just log into my meta mask through my key or something and send the funds over to their account they got access to full control of my metamask like they literally got handed over my metamask account just from me doing what i did from clicking that and believing this there's still so many details i need to be unraveled and there's a lot more investigation that needs to be done it is all in the works right now and i will not give up on this i'm going to stay on this case you do not want to miss future update videos about this so definitely throw a thumbs up on this video and click the subscribe button it mean a ton the support has been tremendous and i will be the voice for the people i'm currently in talks with a blockchain security engineer at binance he said this case piqued his interest and he has been working on cyber incidents for over 10 years and i'm actually looking at the tweets he just sent me and this case honestly just keeps getting deeper there's gonna be a part two to this video and the details we will be releasing will blow your mind the money that this hacker organization has accumulated within a short period of time is freaking insanity remember to prioritize securing your assets it is something i'm gonna forever tell my community to do and i will have a video coming out shortly within this week probably or next week talking about how to do so because every single day i'm informing myself how to lock down as best as possible and do what i can do to prevent this from happening again if you have been scammed or have had your metamask wallet completely wiped let me know down below i want to hear your story because your information definitely definitely definitely could help in this investigation if you would like to reach out to me and contact me please do so on twitter telegram or instagram all of that's down below in the description i'm glad i can update you guys on the situation this is far from over i'm gonna go get right back to it and i'll see you guys in part two peace"
We Baited The MetaMask Hacker...
"i'm not just saying this to say it but as a reason i've been really really anxious and i swear just like everything i see online now i'm just like is this a scam like is this a scam should i click this website is this person lying to me is this email this i've been really paranoid i'm not gonna lie and i mean i have a reason to be but i mean it's just not right everybody that even contacts me i'm just thinking in my head like we is this person like trying to pull something and come to find out they're just sending me like a picture you get what i'm saying i've just been overall paranoid and i'm sure a lot of people can relate because once it happens to you you feel like it's like always happening to you and i i don't know it's something that i can't really explain but it's there but i have promised you guys that i will not give up on this case and we haven't me and the person that's helping me out together we have detected a lot of information about my hacker some of the stuff i can talk about in this video some of the stuff i can't because it's an ongoing investigation i can't tell everything and i'm not trying to leave you with some like cliffhanger or something i'm not trying to turn this into like john wick where there's 15 different movies about the same exact thing i'm just trying to protect the information so we can use it to just milk as much information as possible because one thing just leads to the next that's how this investigation has been going so where we let off last video was we tracked down a chain of wallets that were all connected and by doing so that led us to the account with 31 million dollars of stolen funds and it led us to two exchange accounts one on kucoin and one on binance we then took appropriate action and i shared those wallet addresses with you guys that is in the last video if you have not seen any of these videos you've got to start with the first one otherwise none of this will be making sense and i don't want to go back and repeat myself because it will be an hour video we're going to continue from last video and right after that we discovered a lot more information about my hacker but how do we do so we baited them through the same email they sent me the investigator helping me out on this is using a separate computer separate emails and a lot of other different sources that is the only way we're gonna get somewhere you have to basically give your computer the virus so you can detect it and break it down it's something i can't really even explain to you that's why i have somebody helping me out on this this is far from my thousand dollars getting stolen this is something that needs to be taken very very serious think about it if i found an account with 31 million dollars imagine how many wallets are out there with just millions and millions of dollars all stolen funds we sent this to my hacker hello sir my friends in the crypto influencer industry have shared some info with me that your company is offering some free gaming keyboards and other gaming hardware while i am a crypto investor but not a crypto influencer is it possible for me to still participate in this offer and then we just said some stuff about twitch blah blah blah so we were sitting waiting hoping to hear back and uh within five minutes boom hi your advertising campaign is there ain't no providing repair oh i've seen that email before god they got my ass man we emailed the same address that reached out to me and scammed me but then they responded back with a different email so i just kind of thought that was interesting and i should add that but why exactly were we trying to get the email i already had the virus why were we trying to get the email again well right after i got the virus and stuff obviously i wake my whole entire computer i literally wipe my whole entire wi-fi my phone everything like everything is restored i mean my whole life's restored means all my passwords i mean everything everything everything everything it's all fresh it's all new i'm gonna be securing my assets i'm getting my ledger delivered one friday so you don't want to miss out on that i'm gonna have a video several videos i'm gonna have one setting it up i'm gonna have one how to set it up i'm gonna have one talking about why you should use it i'm not even joking once i hit like let's say 30 000 subscribers i'll give out three ledgers i want to use this opportunity to save people in the future that's what all of this is about and it's also about trying to get to the bottom of this so let's get back into it and see exactly what happened you know me i like to ramble i'm sorry okay so a day passed and we didn't get any leads i was thinking like oh [ __ ] they're not even right back they're probably like suspicious or something i don't know okay so they finally wrote back the next day but the file didn't work then i had me thinking like did they send like a real document to just like kind of act like it's real to cover themselves a little more i don't know i was just going pretty deep into my thoughts you know what i mean like trying to cover it up is like oh no this is actually real we never scanned anybody maybe they were suspicious first from that email that we sent them i don't all speculation just the way my brain works so what we did was email them again and we said hello sir it seems like we can't access your amazing catalog and then we said can you please send it again but they didn't respond so we were stuck pretty much for a whole day with no leads nothing to really go off of we pretty much tracked all the wallets down that we could kind of got stuck there i was thinking like damn this is pretty much probably it but no no no at two in the morning we received the pdf they sent us an email saying the error is erased and they sent us the actual file so what we did with the new device we bought specifically for this investigation we opened up the file we encrypted it we broke it all down i don't know whatever that all i know is we got information out of it and uh yeah i'll get to that one second so yeah i was told he'll update me soon you know when you get a text and you have that little preview up at the top yeah this is like what the preview looked like all i saw was i have identified the attackers right then and there i just had this feeling inside of me like oh here i thought we kind of hit a brick wall and we're stuck i didn't really know how we could go forward and i see this pop up i have identified the attacker's allospaces on his attack server associated with the malware security community refers to the attacker by the name mr santa mr santa this is the username he uses on various forms that he sells stolen data on and that's what i'm trying to explain here like this guy didn't just sit here all day and try to get like my metamask with a thousand dollars he wants a thousand people this hacking group is stealing millions and millions i'm an ant to this whole entire thing this is huge this is the real deal like i said if i can find an account with 31 million dollars 2 000 of them with 20 million so this group or this person isn't just targeting metamask wallets they're targeting your data below me right here is the operating system for the mr santa when i first made that video about me just like talking about a thousand dollars i lost in time wonderland i never would have thought that like all of this would become a thing and none of this would be possible without the person that's helping me on this so i just want to say thank you so so much and i wouldn't have met this person if i didn't post that initial videos by me making that video and reaching out to other people it allowed me to meet all these people and kind of like create this community of pretty much victims like we're all victims to this all the people watching these videos they've went through the exact same thing that i went through or worse most of them worse i only lost a thousand dollars i was talking to a 68 year old yesterday he's probably watching this video shout out to you and he was telling me the saddest story like he was in these crypto projects really really early and he accumulated like over a hundred thousand dollars and instantly it got wiped i mean that's just one story i have a video coming out soon where i'm putting together all of these stories in hopes that somebody sees it and does something about this at metamask there needs to be two-step verification and just a lot more things overall to protect their customers and yeah you can say to me well you can get a hard wallet i know that i know that and i'm going to tell people all the time to get one of those because it's the most important thing why would somebody that's only trying to invest a couple hundred dollars want to spend 200 on a ledger yeah that sounds ignorant of me but there's just got to be something else to protect people at least just a little bit more that's all i'm saying but we're trying to discover what information this whole entire virus thing is stealing from people because if it's taking your data your metamask like what is it actually taking what exactly happened when i clicked that like what happened that's what we're trying to get to the bottom of it's a shame that this keeps happening i'm doing everything i can every single day i'm informing myself on crypto security and just internet security in general so i can teach you guys i've been working on a ton of different projects and a ton of different things to get somebody to do something about all this only time change happens in the world is when everybody comes together as one and i know we can do so thank you guys for watching this video grab a thumbs up on it though it can get shared with the world we need this out there and we got to put a stop to this thank you guys for watching this video always keep your head up and stay positive i'll see you guys in the next one peace [Music] you"


== Ultimate Outcome ==
== Ultimate Outcome ==

Revision as of 16:35, 3 March 2023

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Crypto Jordin

This is a global/international case not involving a specific country.

About MetaMask

"Today we investigate who stole crypto from my #MetaMask wallet. This is one of many scams. We will get to the bottom of this. This is far from over... stay tuned "

"hey what is up guys it's jordan welcome back to another uh investigation video to be honest i haven't got much sleep probably about four to five hours last night i've honestly just been stressed about this whole situation"

"hi i represent canyon gaming and i'm responsible for launching an advertising campaign to promote new technologies developed by our company"

"i want to take my mistake and turn it into something positive and allow people to learn from it"

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

About CryptoJordin

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Crypto Jordin Redline PDF Spearphishing Email
Date Event Description
December 4th, 2021 4:55:48 PM MST KuCoin Withdrawal A small amount of BSC is withdrawn from the KuCoin hot wallet to CryptoJordin's main wallet address on the Binance smart chain[1].
December 4th, 2021 4:58:48 PM MST BUSD Tokens Transferred In an apparently unrelated transfer, 396.46602051 BUSD tokens are transferred from CryptoJordin's MetaMask wallet to another unidentified wallet[2].
December 5th, 2021 12:34:22 PM MST Malicious Transaction The malicious transaction happened which stole CryptoJordin's funds[3].
Reading emails around like "3'oclock"
December 9th, 2021 8:20:49 AM MST First Video Uploaded CryptoJordin uploads his first video explaining the situation and what happened titled "Update on The Hackers Who Wiped My MetaMask Wallet."[4].
December 14th, 2021, 2:14:07 PM MST Video Baiting Scammer CryptoJordin reports on baiting the hacker into sending a malicious PDF with the malware included[5].
January 4th, 2022, 11:15:13 AM MST Another PDF Email Received CryptoJordin reports on receiving another malicious PDF email in a new video. This video included 3 other YouTubers in the videos[6].

Total Amount Lost

CryptoJordin shows a screenshot of his wallet, which has a transaction transferring 11.811348845090403543 avalanche tokens[4][3]. The historic closing market price of avalanche on December 5th, 2021 was $85.79[7]. This makes a total loss of $1,013.30 USD.

A separate transaction the day prior[2] for $396.47 BUSD is likely unrelated. While the attacker may have had access to that wallet due to the same compromised private key, this transaction happened just moments after a transfer from KuCoin[1], which was likely initiated by CryptoJordin. There is no suggestion of his KuCoin account being compromised.

The total amount lost has been estimated at $2,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?



Update on The Hackers Who Wiped My MetaMask Wallet.

"Hey, what is up guys? It's Jordan. Welcome back to another, uh, investigation video. To be honest, I haven't got much sleep - probably about four to five hours last night. I've honestly just been stressed about this whole situation and a lot of people have been contacting me saying they've been having similar problems. They describe it to me. It's literally the exact same thing I'm going through. You feel hopeless. You feel like you have no voice. If something happens to your bank account or whatever you can go and contact your bank, talk to somebody. [It] makes you feel a little better, even if they don't fix your problem, but in the crypto world there's nobody. It's you, it's a decentralized world, and I mean it is scary. My latest videos sparked a huge conversation around the crypto world that nobody wants to talk about, and it's all of these scams that are going around. There's going to be a lot of information in this video you do not want to miss. Let's jump right into it."

"[I] began my investigation by thinking back to what I was doing the exact second my funds got stolen. When I took a look at the address that transferred the coins from my account to theirs, I noticed it happened two days and like 18 hours ago. That is the only information I was given. So, what do you do? You have to work with what you're given. [I] paste my address and search up the history, so two days and 20 hours ago. I sat right here for about an hour [and] really tried to think what I was doing two days and 18 hours ago, or whatever it was from yesterday. So I thought a lot, I did the math or whatever, and figured out what time it was. [I was] busy throughout the morning. Around the afternoon I went out for lunch. I came back and I started my day. And what do I start off with? First I respond to emails. I respond to sponsors, promos, questions, all types of stuff."

"About four or five years ago I used to create vlog content. That's how I really built my channel and I mean I would get tons of emails every day. I would always respond to them, so I've been doing this for like a long time now. So I've seen scams where people want me to promote their product and they never end up sending payments and stuff. That's happened. So, I mean I've pretty much seen it all, besides what I'm going to show you, and this is crazy."

"Another way I pinpointed the exact thing I was doing at that time was i went onto my iPhone, I went to my pictures, and I took a thumbnail picture four o'clock or something, and I remember I made the video right after I did the emails. That means I was reading emails around like three o'clock or so, because I recorded at four probably. [It] probably took an hour, so reading emails, watching YouTube videos ... on the side watching flying emails and like god i didn't know like recording this video would be so hard like my heart's like actually kind of racing and like i get really worked up about this i said this last video really defensive i get very angry we'll say it again i'll probably say it at the end of the video this was all my fault but i want to take my mistake and turn it into something positive and allow people to learn from it this is an email i received on december 4th around 6 30 p.m hi i represent canyon gaming and i'm responsible for launching an advertising campaign to promote new technologies developed by our company so typically when i get one of these emails i'm like okay cool let me jump over to canon gaming website and see what they got i'm not gonna go over to the website because i don't know if they're affiliated with this hacking group or not which i assume they're not probably a normal company but maybe they made this company to disguise it that's very possible it's not hard to make a website and we will get to the bottom of that also i currently have a team right now while i'm recording this video investigating this this is a big deal and if nobody else in the crypto community wants to step up i will i want to be the voice for the people that are going through the same that i'm dealing with okay let's read this email you definitely want to hear this we create the best personal computer accessories your channel is suitable for us to advertise our campaign so we decided to order an advertising video from you about the new collection of which will be released in mid-december so in my head i'm thinking okay company that i checked out their website they have sick gaming chairs they have sick freaking headsets they got these gaming mouses that look amazing i mean they light up and whoa they're saying i can pick three to four accessories from their new catalog that's launching in december and they're gonna pay for all the shipping all i have to do is receive the accessories create a commercial about it on the day that i get it and then like a week before they do the sales post that video after they deliver the accessories free of charge they're gonna just remain with me it's not like i have to send them back or anything instead of paying me money they're gonna just give me these accessories that they probably don't pay too much for they probably get them made in china or something and if you buy products in bulk like of course you can just give them out cheap why i'm talking like this is the thoughts that were going through my brain i didn't read this and think ah they're freaking stupid they're trying to scam me and take my bitcoins i mean hey they're talking about gaming chairs and like they're going to provide me information in the future about this i mean they're not even like really like oh click this link right here click this link right here and you got you got to check out our new accessories you got to keep it click click click it download it install it and make sure you respond back to us they're just like hey let me know if you're interested and we'll send you a pdf with instructions obviously they can't post the catalog on their website they got to send you the catalog because it's private it's it's going to be a big sale like obviously i'm making an advertisement like i was gonna record a dope ass video like showing off this gaming chair like it's like an actual advertisement because it's not been released yet they're gonna hold a presentation early december so i wrote back the next morning december 5th at 7 57 a.m i said hello yes i am interested i would love to see the new collection and create videos i'd love to yeah later on the same day at 12 58 p.m they finally sent me their product line to check out so i could pick out three to four products free of charge all you gotta do is make a video guy being a youtuber is so great isn't it so what do my eyes see blah blah blah blah okay our campaign youtube all right free charge all right pick my products okay attach the document non-disclosure agreement oh because it's like a partner what information is needed it's in the products however okay documents does not need to be signed all right so i just got to read follow instructions only the company's employees and partners know about this okay everything you see in the catalog will be protected by the rule described in the okay okay cool oh all right right here so i have to do is all right so it's just a pdf and there was instructions to click another link which will lead to the private catalog and they gave me like a personal code to use for the catalog and i guess like all i can say is they they got me i'm not stupid well kinda but i know not to download stuff i am not new to the internet i am not new to scams i've literally seen everything in the books but like this i mean it was so perfectly written so manipulative so what happened was the catalog actually opened up and when i clicked on it right away my brain kind of went like why did like install the catalog like i thought i was just gonna click on the link and like the catalog would just pop up but no like it literally popped up on my monitor like an installation bar that just went across real quick and then the catalog popped up and inside the catalog real products like i could actually scroll i could actually like look at product selection and stuff and what they said in this pdf when you click on it it's like showing you the instructions like how to pick out something you want and what to do and stuff and this pdf that i'm not gonna click on this manipulated me even more it's saying to write down like three to four order numbers you can't exceed two thousand dollars and all of this stuff it's talking about everything you need to do for the commercial guys this is not a joke this is the most professional scam i've ever seen in my life so what happened when i clicked that what happened when i clicked that link gave them access to my meta mask they didn't just log into my meta mask through my key or something and send the funds over to their account they got access to full control of my metamask like they literally got handed over my metamask account just from me doing what i did from clicking that and believing this there's still so many details i need to be unraveled and there's a lot more investigation that needs to be done it is all in the works right now and i will not give up on this i'm going to stay on this case you do not want to miss future update videos about this so definitely throw a thumbs up on this video and click the subscribe button it mean a ton the support has been tremendous and i will be the voice for the people i'm currently in talks with a blockchain security engineer at binance he said this case piqued his interest and he has been working on cyber incidents for over 10 years and i'm actually looking at the tweets he just sent me and this case honestly just keeps getting deeper there's gonna be a part two to this video and the details we will be releasing will blow your mind the money that this hacker organization has accumulated within a short period of time is freaking insanity remember to prioritize securing your assets it is something i'm gonna forever tell my community to do and i will have a video coming out shortly within this week probably or next week talking about how to do so because every single day i'm informing myself how to lock down as best as possible and do what i can do to prevent this from happening again if you have been scammed or have had your metamask wallet completely wiped let me know down below i want to hear your story because your information definitely definitely definitely could help in this investigation if you would like to reach out to me and contact me please do so on twitter telegram or instagram all of that's down below in the description i'm glad i can update you guys on the situation this is far from over i'm gonna go get right back to it and i'll see you guys in part two peace"


We Baited The MetaMask Hacker...

"i'm not just saying this to say it but as a reason i've been really really anxious and i swear just like everything i see online now i'm just like is this a scam like is this a scam should i click this website is this person lying to me is this email this i've been really paranoid i'm not gonna lie and i mean i have a reason to be but i mean it's just not right everybody that even contacts me i'm just thinking in my head like we is this person like trying to pull something and come to find out they're just sending me like a picture you get what i'm saying i've just been overall paranoid and i'm sure a lot of people can relate because once it happens to you you feel like it's like always happening to you and i i don't know it's something that i can't really explain but it's there but i have promised you guys that i will not give up on this case and we haven't me and the person that's helping me out together we have detected a lot of information about my hacker some of the stuff i can talk about in this video some of the stuff i can't because it's an ongoing investigation i can't tell everything and i'm not trying to leave you with some like cliffhanger or something i'm not trying to turn this into like john wick where there's 15 different movies about the same exact thing i'm just trying to protect the information so we can use it to just milk as much information as possible because one thing just leads to the next that's how this investigation has been going so where we let off last video was we tracked down a chain of wallets that were all connected and by doing so that led us to the account with 31 million dollars of stolen funds and it led us to two exchange accounts one on kucoin and one on binance we then took appropriate action and i shared those wallet addresses with you guys that is in the last video if you have not seen any of these videos you've got to start with the first one otherwise none of this will be making sense and i don't want to go back and repeat myself because it will be an hour video we're going to continue from last video and right after that we discovered a lot more information about my hacker but how do we do so we baited them through the same email they sent me the investigator helping me out on this is using a separate computer separate emails and a lot of other different sources that is the only way we're gonna get somewhere you have to basically give your computer the virus so you can detect it and break it down it's something i can't really even explain to you that's why i have somebody helping me out on this this is far from my thousand dollars getting stolen this is something that needs to be taken very very serious think about it if i found an account with 31 million dollars imagine how many wallets are out there with just millions and millions of dollars all stolen funds we sent this to my hacker hello sir my friends in the crypto influencer industry have shared some info with me that your company is offering some free gaming keyboards and other gaming hardware while i am a crypto investor but not a crypto influencer is it possible for me to still participate in this offer and then we just said some stuff about twitch blah blah blah so we were sitting waiting hoping to hear back and uh within five minutes boom hi your advertising campaign is there ain't no providing repair oh i've seen that email before god they got my ass man we emailed the same address that reached out to me and scammed me but then they responded back with a different email so i just kind of thought that was interesting and i should add that but why exactly were we trying to get the email i already had the virus why were we trying to get the email again well right after i got the virus and stuff obviously i wake my whole entire computer i literally wipe my whole entire wi-fi my phone everything like everything is restored i mean my whole life's restored means all my passwords i mean everything everything everything everything it's all fresh it's all new i'm gonna be securing my assets i'm getting my ledger delivered one friday so you don't want to miss out on that i'm gonna have a video several videos i'm gonna have one setting it up i'm gonna have one how to set it up i'm gonna have one talking about why you should use it i'm not even joking once i hit like let's say 30 000 subscribers i'll give out three ledgers i want to use this opportunity to save people in the future that's what all of this is about and it's also about trying to get to the bottom of this so let's get back into it and see exactly what happened you know me i like to ramble i'm sorry okay so a day passed and we didn't get any leads i was thinking like oh [ __ ] they're not even right back they're probably like suspicious or something i don't know okay so they finally wrote back the next day but the file didn't work then i had me thinking like did they send like a real document to just like kind of act like it's real to cover themselves a little more i don't know i was just going pretty deep into my thoughts you know what i mean like trying to cover it up is like oh no this is actually real we never scanned anybody maybe they were suspicious first from that email that we sent them i don't all speculation just the way my brain works so what we did was email them again and we said hello sir it seems like we can't access your amazing catalog and then we said can you please send it again but they didn't respond so we were stuck pretty much for a whole day with no leads nothing to really go off of we pretty much tracked all the wallets down that we could kind of got stuck there i was thinking like damn this is pretty much probably it but no no no at two in the morning we received the pdf they sent us an email saying the error is erased and they sent us the actual file so what we did with the new device we bought specifically for this investigation we opened up the file we encrypted it we broke it all down i don't know whatever that all i know is we got information out of it and uh yeah i'll get to that one second so yeah i was told he'll update me soon you know when you get a text and you have that little preview up at the top yeah this is like what the preview looked like all i saw was i have identified the attackers right then and there i just had this feeling inside of me like oh here i thought we kind of hit a brick wall and we're stuck i didn't really know how we could go forward and i see this pop up i have identified the attacker's allospaces on his attack server associated with the malware security community refers to the attacker by the name mr santa mr santa this is the username he uses on various forms that he sells stolen data on and that's what i'm trying to explain here like this guy didn't just sit here all day and try to get like my metamask with a thousand dollars he wants a thousand people this hacking group is stealing millions and millions i'm an ant to this whole entire thing this is huge this is the real deal like i said if i can find an account with 31 million dollars 2 000 of them with 20 million so this group or this person isn't just targeting metamask wallets they're targeting your data below me right here is the operating system for the mr santa when i first made that video about me just like talking about a thousand dollars i lost in time wonderland i never would have thought that like all of this would become a thing and none of this would be possible without the person that's helping me on this so i just want to say thank you so so much and i wouldn't have met this person if i didn't post that initial videos by me making that video and reaching out to other people it allowed me to meet all these people and kind of like create this community of pretty much victims like we're all victims to this all the people watching these videos they've went through the exact same thing that i went through or worse most of them worse i only lost a thousand dollars i was talking to a 68 year old yesterday he's probably watching this video shout out to you and he was telling me the saddest story like he was in these crypto projects really really early and he accumulated like over a hundred thousand dollars and instantly it got wiped i mean that's just one story i have a video coming out soon where i'm putting together all of these stories in hopes that somebody sees it and does something about this at metamask there needs to be two-step verification and just a lot more things overall to protect their customers and yeah you can say to me well you can get a hard wallet i know that i know that and i'm going to tell people all the time to get one of those because it's the most important thing why would somebody that's only trying to invest a couple hundred dollars want to spend 200 on a ledger yeah that sounds ignorant of me but there's just got to be something else to protect people at least just a little bit more that's all i'm saying but we're trying to discover what information this whole entire virus thing is stealing from people because if it's taking your data your metamask like what is it actually taking what exactly happened when i clicked that like what happened that's what we're trying to get to the bottom of it's a shame that this keeps happening i'm doing everything i can every single day i'm informing myself on crypto security and just internet security in general so i can teach you guys i've been working on a ton of different projects and a ton of different things to get somebody to do something about all this only time change happens in the world is when everybody comes together as one and i know we can do so thank you guys for watching this video grab a thumbs up on it though it can get shared with the world we need this out there and we got to put a stop to this thank you guys for watching this video always keep your head up and stay positive i'll see you guys in the next one peace [Music] you"

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 Withdrawal From KuCoin To CryptoJordin's Wallet - BSCScan (Mar 3, 2023)
  2. 2.0 2.1 Transfer of 396.466 BNB (Unrelated) - BSCScan (Mar 3, 2023)
  3. 3.0 3.1 Theft of CryptoJordin's Avalanche Tokens - SnowTrace (Mar 3, 2023)
  4. 4.0 4.1 CryptoJordin - Update on The Hackers Who Wiped My MetaMask Wallet. - YouTube (Mar 3, 2023)
  5. CryptoJordin - We've Baited My MetaMask Hacker... - YouTube (Mar 3, 2023)
  6. CryptoJordin - The PDF Crypto Scam Just Went To A Whole New Level. - YouTube (Mar 3, 2023)
  7. Avalanche Historic Market Price - CoinMarketCap (Mar 3, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=MetaMask_Redline_PDF_Spearphishing_Email_CryptoJordin&oldid=2948"