DiegoPapi6 TrustWallet Theft: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(→‎Ultimate Outcome: Completed the incorporation of CENX / source 1.)
(→‎What Happened: Added the post on the wrong subreddit to the timeline.)
Line 44: Line 44:
|Theft Transfer Transaction
|Theft Transfer Transaction
|A blockchain transaction transfers 9.249016167190047758 BNB from DiegoPapi6's wallet to the attacker's wallet<ref>[https://bscscan.com/tx/0xae3429b6ea9a18a7f38a4f26080fd17e82f868195a1829bd6b7d09bc53e105a8 Stolen BNB Funds Transferred - BSCScan] (Mar 14, 2023)</ref>.
|A blockchain transaction transfers 9.249016167190047758 BNB from DiegoPapi6's wallet to the attacker's wallet<ref>[https://bscscan.com/tx/0xae3429b6ea9a18a7f38a4f26080fd17e82f868195a1829bd6b7d09bc53e105a8 Stolen BNB Funds Transferred - BSCScan] (Mar 14, 2023)</ref>.
|-
|July 31st, 2021 2:03:53 PM MDT
|Wrong Subreddit Thread
|DiegoPapi6 originally posts about their situation in the wrong BitRise subreddit<ref name="unnamed-10589" />.
|-
|-
|July 31st, 2021 9:28:29 PM MDT
|July 31st, 2021 9:28:29 PM MDT
Line 112: Line 116:
<references>
<references>
<ref name="unnamed-10587">[https://old.reddit.com/r/CryptoCurrency/comments/t8jsa0/its_my_6th_year_into_crypto_and_im_still_seeing/hzs61k9/ DiegoPapi6 - "I’m definitely one of those excited about the market right now because of my early buys into $BRISE and Now I also hold $CENX." - Reddit] (Mar 4, 2023)</ref>
<ref name="unnamed-10587">[https://old.reddit.com/r/CryptoCurrency/comments/t8jsa0/its_my_6th_year_into_crypto_and_im_still_seeing/hzs61k9/ DiegoPapi6 - "I’m definitely one of those excited about the market right now because of my early buys into $BRISE and Now I also hold $CENX." - Reddit] (Mar 4, 2023)</ref>
<ref name="unnamed-10589">[https://old.reddit.com/r/bitrise/comments/ovdzm4/please_beware_all_of_my_bitrise_tokens_and_lock/h7a3dd6/ DiegoPapi6 comments on **** PLEASE BEWARE****. All of my BitRise Tokens and Lock let tokens (look at the bottom of pic) have been sold into BNB and transfer to another wallet without my authorization. This is the wallet that hass my money now :...ff2a9] (Mar 4, 2023)</ref>
<ref name="unnamed-10589">[https://old.reddit.com/r/bitrise/comments/ovdzm4/please_beware_all_of_my_bitrise_tokens_and_lock/h7a3dd6/ DiegoPapi6's Post On The Wrong BitRise SubReddit - Reddit] (Mar 4, 2023)</ref>
<ref name="unnamed-10590">[https://old.reddit.com/r/Cryptonewsworld/comments/ofk5yd/bitrise_hyper_deflationary_token_with_bnb_rewards/h79nw7k/ DiegoPapi6 comments on Bitrise - Hyper Deflationary Token with BNB Rewards | Hold $BRISE & Earn BNB] (Mar 4, 2023)</ref>
<ref name="unnamed-10590">[https://old.reddit.com/r/Cryptonewsworld/comments/ofk5yd/bitrise_hyper_deflationary_token_with_bnb_rewards/h79nw7k/ DiegoPapi6 comments on Bitrise - Hyper Deflationary Token with BNB Rewards | Hold $BRISE & Earn BNB] (Mar 4, 2023)</ref>
<ref name="unnamed-10591">[https://old.reddit.com/r/SHIBArmy/comments/ove6cf/please_beware_my_trust_wallet_was_just_hacked_and/ ****PLEASE BEWARE*** MY TRUST WALLET WAS JUST HACKED AND COMPLETELY DRAINED OF ALL MY BITRISE AND LOCKLET TOKENS. SOME FROM THIS ADDRESS: 0x9c88eea9c217eedbeef80bc4f7ff2a95d1f3c65d. SOLD MY TOKENS FOR OVER 9 BNB. IS THERE ANYWAY TO TRACK THIS POS...BArmy] (Mar 5, 2023)</ref>
<ref name="unnamed-10591">[https://old.reddit.com/r/SHIBArmy/comments/ove6cf/please_beware_my_trust_wallet_was_just_hacked_and/ ****PLEASE BEWARE*** MY TRUST WALLET WAS JUST HACKED AND COMPLETELY DRAINED OF ALL MY BITRISE AND LOCKLET TOKENS. SOME FROM THIS ADDRESS: 0x9c88eea9c217eedbeef80bc4f7ff2a95d1f3c65d. SOLD MY TOKENS FOR OVER 9 BNB. IS THERE ANYWAY TO TRACK THIS POS...BArmy] (Mar 5, 2023)</ref>

Revision as of 16:17, 21 March 2023

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Trust Wallet

DiegoPapi6 was tricked into signing a malicious smart contract which took their funds. While many details of their story don't line up perfectly, they've provided a blockchain address. They claim to have lost $8k in funds.

This is a global/international case not involving a specific country. [1][2][3][4][5][6]

About DiegoPapi6

DiegoPapi6 is a Christian[7] trucker[8][9][10] from Mesa[11], Arizona[12][13][14], primarily operating in Texas[15][16]. He was 43 as of November 4th, 2021[17], and is happily married[18][19] with a son named Emillian[20] who was 19 between September 6th, 2021 and October 27th, 2021[11][20][21][22]. He has been a user of Reddit since August 11th, 2020[23], and had used primarily Facebook prior to that point[24].

He is a regular and enthusiastic investor in Shiba Inu[25][26][27][28][29] since June 2021[11][22][30], ZombieInu[31][32][33][34], VeThor[35][36], Ethereum[36], Bitcoin[36], Cardano[36], Dogecoin[37], CoinMerge[38], and BitRise[39]. He previously held an investment in Wink[40][41]. He does a high degree of research for every project he invests in[27][42]. According to his profile, he has been a crypto investor since 2016[23].

DiegoPapi6 used an Android smartphone on the TMobile network.

About TrustWallet

TrustWallet is a wallet available as a browser extension or mobile download for IOS or Android[43]. The wallet was originally released in November 2017[44]. TrustWallet was acquired by Binance on July 31, 2018[44].

The most trusted & secure crypto wallet

Buy, store, collect NFTs, exchange & earn crypto. Join 25 million+ people using Trust Wallet.

Wallets within TrustWallet are typically secured by a 12 word seed phrase[45].

Just like your bank account login or email credentials, your recovery phrase needs to be kept in a secure, hidden location. You need to write it on a piece of paper (or engrave it in metal) and ensure that the order of words is followed.

The Reality

Malicious links can often be sent to smartphones via text messages, and may be able to download malware onto a phone[46][47][48][49]. On Android, malicious applications can only be installed from outside the Play Store if install permissions have been explicitly set to "allow unknown app"[48]. Once installed, applications can either trick users into providing the desired permissions or exploit vulnerabilities to gain administrator level permissions and access sensitive data[49].

There is some speculation that phishing attacks are assisted through data that was acquired from privacy breaches on mobile carriers throughout 2018[47].

What Happened

According to private messages later received from DiegoPapi6, he received a text messages which he believed at the time was an update from TMobile for this Android smartphone. The provided link prompted him to download and install malware on his smartphone, which was then able to harvest his TrustWallet credentials and drain his wallet account.

I believe it was a down load via text that appeared to come from T-mobile that got me. Because all I remembered was accepting the download and then a few hours later my wallet was getting drained in real time 😱 I was able to witness 2 sells 😳

Key Event Timeline - DiegoPapi6 TrustWallet Theft
Date Event Description
July 31st, 2021 1:09:57 PM MDT BitRise Liquidation Transaction The very first unauthorized transaction is found on the blockchain, which is liquidating BitRise tokens for 5.533666193138193418 BNB[50].
July 31st, 2021 1:10:31 PM MDT LockLet Liquidation Transaction A second transaction liquidates DiegoPapi6's Locklet tokens for 3.429139695919401803 BNB[51].
July 31st, 2021 1:12:55 PM MDT Theft Transfer Transaction A blockchain transaction transfers 9.249016167190047758 BNB from DiegoPapi6's wallet to the attacker's wallet[52].
July 31st, 2021 2:03:53 PM MDT Wrong Subreddit Thread DiegoPapi6 originally posts about their situation in the wrong BitRise subreddit[1].
July 31st, 2021 9:28:29 PM MDT Original Reddit Post DiegoPapi6 posts on Reddit about their situation.
August 2nd, 2021 2:00:32 PM MDT Safepal Hardware Wallet DiegoPapi6 posts about security measures he's taking including switching phones and purchasing a SafePal hardware wallet[53].
November 30th, 2021 9:33:02 PM MST Shiba Hacking Response DiegoPapi6 responds to another user who was hacked with support and recounting valuable lessons he's learned in the process of his own loss[54].
December 14th, 2021 2:47:32 PM MST anonymizeme Reddit Response DiegoPapi6 posts additional details on a Reddit thread by anonymizeme multiple months later[55].

Total Amount Lost

In DiegoPapi6's original post, he did not mention the specific assets lost. He later described the amount as "$7700" on November 30th, 2021[54], and again on December 14th, 2021[55]. He also mentioned the stolen assets were "sold back in June for 14 BNB"[55], which appears to be an incorrect statement of facts on a theft that was reported at the end of July. He has confirmed by private message that there was only a single theft, and we were also able to locate and confirm his blockchain wallet[56] and the specific theft transactions[50].

The closing market price of BNB on July 31st, 2021 was $333.55 USD[57]. Taking his numbers at face value, this would make the value of 14 BNB at that time $4,669.70, which would be an extremely high degree of slippage when liquidating his assets, however that may make sense given a token with less liquidity.

Immediate Reactions

DiegoPapi6 posted on Reddit with some high level details of what happened.

"I really didn't want to post this here today but I have exhausted all avenues and can't seem to get anywhere. I have the address to where the [individual] who sold two of my Tokens for BNB and then sent them off to his or her wallet.

My question is.., Is there there anything I can do at this point? Or should I just move on, dust myself off and try again?

Anyone with knowledge or advice on what I can do please go ahead and shoot it straight. I can handle it"

One of the responses believed that he had bought a scam coin:

"You didn't get hacked and trust wallet is safe. You bought a scam coin that was a smart contract. You should always be careful when you sign a smart contract because it's literally a contract."

Ultimate Outcome

DiegoPapi6 later posted about the situation on Reddit in response to anonymizeme's similar theft situation[55].

"Been there done that... I completely feel your pain. I had $7700 siphoned out of my old TW which would have translated to over $200,000 in today's price in $BRISE which was sold back in June for 14 BNB.

Good luck in getting your funds back. It will be near impossible but good luck."

DiegoPapi6 took the following measures to improve his security since the situations:

  • He purchased a SafePal hardware wallet to store his tokens[53].
  • He never clicks on any email/link, even from a company he does business with[54].
  • He switched from using an Android phone to an IOS-phone (which could arguably be more secure due to standard hardware)[53].
  • He also does not connect his phone to wifi (which is of questionable significance)[54].

    I know the feeling... I to, lost $7700 in BNB about 3 months ago and it happened while I was connected to my wifi at home. I never connect my phone to Wi-Fi...EVER💯. Learned a very expensive but valuable lesson. I also never click on just any email/link. Even if it says it's from paypal or any company I do business with😅

    DiegoPapi6 no longer uses TMobile, however that is unrelated to this situation.

DiegoPapi6 posted that he feels that scammers in the cryptocurrency space should be regulated[58].

Way too many scammers- That definitely need to be regulated

He has continued to invest in the space[59], investing in Centcex[59][60] and making large gains from Shiba Inu. As of September 2021, he reported being the proud owner of a 535i MSport Beemer[61]. From follow up discussions with DiegoPapi6 on Reddit, it would appear that DiegoPapi6 has lost track of many details of his wallet and is not pursuing any further investigation.

It’s been a while and I don’t remember where I put this information. But no worries, I’ve made 50x that amount since then

Total Amount Recovered

Based on the final comment from DiegoPapi6[55], there do not appear to have been any funds recovered in this case. This was also confirmed by private message.

Ongoing Developments

There are no remaining developments likely in this case.

General Prevention Policies

Store most funds offline, double check all transactions.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 DiegoPapi6's Post On The Wrong BitRise SubReddit - Reddit (Mar 4, 2023)
  2. DiegoPapi6 comments on Bitrise - Hyper Deflationary Token with BNB Rewards | Hold $BRISE & Earn BNB (Mar 4, 2023)
  3. ****PLEASE BEWARE*** MY TRUST WALLET WAS JUST HACKED AND COMPLETELY DRAINED OF ALL MY BITRISE AND LOCKLET TOKENS. SOME FROM THIS ADDRESS: 0x9c88eea9c217eedbeef80bc4f7ff2a95d1f3c65d. SOLD MY TOKENS FOR OVER 9 BNB. IS THERE ANYWAY TO TRACK THIS POS...BArmy (Mar 5, 2023)
  4. BitRise Token Historic Price - CoinMarketCap (Mar 5, 2023)
  5. Address 0x9c88eea9c217eedbeef80bc4f7ff2a95d1f3c65d | Etherscan (Mar 5, 2023)
  6. Binance Transactions Information | BscScan (Mar 5, 2023)
  7. DiegoPapi6 - "GOD (The Creator of Heaven & Earth) works on all those who believe and trust in HIM." - Reddit (Mar 9, 2023)
  8. DiedoPapi6 - "for us truckers" - Reddit (Mar 9, 2023)
  9. DiegoPapi6 - "I have trucker friends with 30 plus years experience and I have broker/dispatcher friends with 14 plus years experience" - Reddit (Mar 9, 2023)
  10. DiegoPapi6 - "“We” truckers are the life line to this whole economy" - Reddit (Mar 9, 2023)
  11. 11.0 11.1 11.2 DiegoPapi6 - "I bought a little over a Billion back in early June" - Reddit (Mar 16, 2023)
  12. DiegoPapi6 - "Proud of my State" - Reddit (Mar 14, 2023)
  13. DiegoPapi6 - "Straight from the Desert" "State.... AZ" - Reddit (Mar 16, 2023)
  14. DiegoPapi6 - "It's my home State: ARIZONA" - Reddit (Mar 16, 2023)
  15. DiegoPapi6 - "I’m already here in Dallas" - Reddit (Mar 9, 2023)
  16. DiegoPapi6 - "In Laredo but honestly I’ve never had it that bad" - Reddit (Mar 9, 2023)
  17. DiegoPapi6 - "I'm 43 y.o. and I know how the majority of people are." - Reddit (Mar 15, 2023)
  18. DiegoPapi6 - "I have been with my wife for over 20 years" - Reddit (Mar 15, 2023)
  19. DiegoPapi6 - "She is definitely the best friend I needed in my life" - Reddit (Mar 15, 2023)
  20. 20.0 20.1 DiegoPapi6 - "19y.o. son's name. Emillian" - Reddit (Mar 16, 2023)
  21. DiegoPapi6 - "I even got my 19y.o. to invest" - Reddit (Mar 15, 2023)
  22. 22.0 22.1 DiegoPapi6 - "my 19 y.o. invested his 1,800 dollars" - Reddit (Mar 16, 2023)
  23. 23.0 23.1 DiegoPapi6's Profile - Reddit (Mar 15, 2023)
  24. DiegoPapi6 - "I haven't used FB since the start of 2020" - Reddit (Mar 16, 2023)
  25. DiegoPapi6 - "I’m on this game, on the daily." - Reddit (Mar 9, 2023)
  26. DiegoPapi6 - "Same" "I am 100% Shib staked!" - Reddit (Mar 14, 2023)
  27. 27.0 27.1 DiegoPapi6 - "I first started with the community." - Reddit (Mar 15, 2023)
  28. DiegoPapi6 - "I'm so glad I bought a billion SHIB when it was still affordable to buy!!!" - Reddit (Mar 16, 2023)
  29. DiegoPapi6 - "I already own a SHIBAInu duffle bag" - Reddit (Mar 16, 2023)
  30. DiegoPapi6 - "My 1 billion cost me $6300 back in June" - Reddit (Mar 16, 2023)
  31. DiegoPapi6 - "I appreciate my ZINU homies" - Reddit (Mar 9, 2023)
  32. DiegoPapi6 - "Basically ZINU will go from having 1,000T to 1B tokens." - Reddit (Mar 9, 2023)
  33. DiegoPapi6 - "I been following ZINU since launch but did not jump in till recently" - Reddit (Mar 9, 2023)
  34. DiegoPapi6 - "I will hodl my tokens." - Reddit (Mar 9, 2023)
  35. DiegoPapi6 - "I currently hold 25K VET" - Reddit (Mar 16, 2023)
  36. 36.0 36.1 36.2 36.3 DiegoPapi6 - "Especially ETH, BTC, ADA and VET when most of these coins" - Reddit (Mar 16, 2023)
  37. DiegoPapi6 - "I have dog" - Reddit (Mar 15, 2023)
  38. DiegoPapi6 - "After studying both Lunar and CoinMerge I've decided to go with CM." - Reddit (Mar 16, 2023)
  39. DiegoPapi6 - "Bitrise...since the 1st message I sent about 5 hours ago." - Reddit (Mar 15, 2023)
  40. DiegoPapi6 - "I ended up investing in WINK" - Reddit (Mar 14, 2023)
  41. DiegoPapi6 - "So glad I pulled out about a month ago" - Reddit (Mar 15, 2023)
  42. DiegoPapi6 - "Basically I do my DD and Research." - Reddit (Mar 15, 2023)
  43. Best Cryptocurrency Wallet | Ethereum Wallet | ERC20 Wallet | Trust Wallet (Mar 9, 2023)
  44. 44.0 44.1 Trust Wallet - Golden.com Wiki (Mar 9, 2023)
  45. Could Someone Guess Your Recovery Seed Phrase? - TrustWallet (Mar 9, 2023)
  46. T-Mobile customers warned of unblockable SMS phishing attacks - BleepingComputer (Mar 14, 2023)
  47. 47.0 47.1 Government issues warning against unblockable phishing attacks on T-Mobile customers - Phone Arena (Mar 14, 2023)
  48. 48.0 48.1 How to Tell if Your Phone Has Been Hacked - Techlicious (Mar 14, 2023)
  49. 49.0 49.1 Android malware tries to trick you. Here's how to spot it - CNet (Mar 14, 2023)
  50. 50.0 50.1 First Unauthorized Theft Swap - BSCScan (Mar 14, 2023)
  51. Liquidation Of DiegoPapi6's Locklet Tokens - BSCScan (Mar 14, 2023)
  52. Stolen BNB Funds Transferred - BSCScan (Mar 14, 2023)
  53. 53.0 53.1 53.2 DiegoPapi6 - "I have decided to get a SafePal for all my BEP20 coins." - Reddit (Mar 4, 2023)
  54. 54.0 54.1 54.2 54.3 DiegoPapi6 - "Learned a very expensive but valuable lesson." - Reddit (Mar 15, 2023)
  55. 55.0 55.1 55.2 55.3 55.4 DiegoPapi6's Response To anonymizeme's Theft Case - Reddit (Mar 5, 2023)
  56. DiegoPapi6's BNB Wallet Transactions - BSCScan (Mar 14, 2023)
  57. BNB Historic Price - CoinMarketCap (Mar 5, 2023)
  58. DiegoPapi6 - "Way too many scammers- That definitely need to be regulated" - Reddit (Mar 4, 2023)
  59. 59.0 59.1 DiegoPapi6 - "I’m definitely one of those excited about the market right now because of my early buys into $BRISE and Now I also hold $CENX." - Reddit (Mar 4, 2023)
  60. Centcex price today, CENX to USD live, marketcap and chart | CoinMarketCap (Mar 21, 2023)
  61. DiegoPapi6 - "I'm a proud owner of 535i MSport Beemer" - Reddit (Mar 16, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=DiegoPapi6_TrustWallet_Theft&oldid=3105"