MetaMask Redline PDF Spearphishing Email CryptoJordin

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 16:29, 3 March 2023 by Azoundria (talk | contribs) (→‎What Happened: January 4th, 2022)
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Crypto Jordin

This is a global/international case not involving a specific country.

About MetaMask

"Today we investigate who stole crypto from my #MetaMask wallet. This is one of many scams. We will get to the bottom of this. This is far from over... stay tuned "

"hey what is up guys it's jordan welcome back to another uh investigation video to be honest i haven't got much sleep probably about four to five hours last night i've honestly just been stressed about this whole situation"

"hi i represent canyon gaming and i'm responsible for launching an advertising campaign to promote new technologies developed by our company"

"i want to take my mistake and turn it into something positive and allow people to learn from it"

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

About CryptoJordin

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Crypto Jordin Redline PDF Spearphishing Email
Date Event Description
December 4th, 2021 4:55:48 PM MST KuCoin Withdrawal A small amount of BSC is withdrawn from the KuCoin hot wallet to CryptoJordin's main wallet address on the Binance smart chain[1].
December 4th, 2021 4:58:48 PM MST BUSD Tokens Transferred In an apparently unrelated transfer, 396.46602051 BUSD tokens are transferred from CryptoJordin's MetaMask wallet to another unidentified wallet[2].
December 5th, 2021 12:34:22 PM MST Malicious Transaction The malicious transaction happened which stole CryptoJordin's funds[3].
Reading emails around like "3'oclock"
December 9th, 2021 8:20:49 AM MST First Video Uploaded CryptoJordin uploads his first video explaining the situation and what happened titled "Update on The Hackers Who Wiped My MetaMask Wallet."[4].
January 4th, 2022, 11:15:13 AM MST Another PDF Email Received CryptoJordin reports on receiving another malicious PDF email in a new video. This video included 3 other YouTubers in the videos[5].

Total Amount Lost

CryptoJordin shows a screenshot of his wallet, which has a transaction transferring 11.811348845090403543 avalanche tokens[4][3]. The historic closing market price of avalanche on December 5th, 2021 was $85.79[6]. This makes a total loss of $1,013.30 USD.

A separate transaction the day prior[2] for $396.47 BUSD is likely unrelated. While the attacker may have had access to that wallet due to the same compromised private key, this transaction happened just moments after a transfer from KuCoin[1], which was likely initiated by CryptoJordin. There is no suggestion of his KuCoin account being compromised.

The total amount lost has been estimated at $2,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

"Hey, what is up guys? It's Jordan. Welcome back to another, uh, investigation video. To be honest, I haven't got much sleep - probably about four to five hours last night. I've honestly just been stressed about this whole situation and a lot of people have been contacting me saying they've been having similar problems. They describe it to me. It's literally the exact same thing I'm going through. You feel hopeless. You feel like you have no voice. If something happens to your bank account or whatever you can go and contact your bank, talk to somebody. [It] makes you feel a little better, even if they don't fix your problem, but in the crypto world there's nobody. It's you, it's a decentralized world, and I mean it is scary. My latest videos sparked a huge conversation around the crypto world that nobody wants to talk about, and it's all of these scams that are going around. There's going to be a lot of information in this video you do not want to miss. Let's jump right into it."

"[I] began my investigation by thinking back to what I was doing the exact second my funds got stolen. When I took a look at the address that transferred the coins from my account to theirs, I noticed it happened two days and like 18 hours ago. That is the only information I was given. So, what do you do? You have to work with what you're given. [I] paste my address and search up the history, so two days and 20 hours ago. I sat right here for about an hour [and] really tried to think what I was doing two days and 18 hours ago, or whatever it was from yesterday. So I thought a lot, I did the math or whatever, and figured out what time it was. [I was] busy throughout the morning. Around the afternoon I went out for lunch. I came back and I started my day. And what do I start off with? First I respond to emails. I respond to sponsors, promos, questions, all types of stuff."

"About four or five years ago I used to create vlog content. That's how I really built my channel and I mean I would get tons of emails every day. I would always respond to them, so I've been doing this for like a long time now. So I've seen scams where people want me to promote their product and they never end up sending payments and stuff. That's happened. So, I mean I've pretty much seen it all, besides what I'm going to show you, and this is crazy."

"Another way I pinpointed the exact thing I was doing at that time was i went onto my iPhone, I went to my pictures, and I took a thumbnail picture four o'clock or something, and I remember I made the video right after I did the emails. That means I was reading emails around like three o'clock or so, because I recorded at four probably. [It] probably took an hour, so reading emails, watching YouTube videos ... on the side watching flying emails and like god i didn't know like recording this video would be so hard like my heart's like actually kind of racing and like i get really worked up about this i said this last video really defensive i get very angry we'll say it again i'll probably say it at the end of the video this was all my fault but i want to take my mistake and turn it into something positive and allow people to learn from it this is an email i received on december 4th around 6 30 p.m hi i represent canyon gaming and i'm responsible for launching an advertising campaign to promote new technologies developed by our company so typically when i get one of these emails i'm like okay cool let me jump over to canon gaming website and see what they got i'm not gonna go over to the website because i don't know if they're affiliated with this hacking group or not which i assume they're not probably a normal company but maybe they made this company to disguise it that's very possible it's not hard to make a website and we will get to the bottom of that also i currently have a team right now while i'm recording this video investigating this this is a big deal and if nobody else in the crypto community wants to step up i will i want to be the voice for the people that are going through the same that i'm dealing with okay let's read this email you definitely want to hear this we create the best personal computer accessories your channel is suitable for us to advertise our campaign so we decided to order an advertising video from you about the new collection of which will be released in mid-december so in my head i'm thinking okay company that i checked out their website they have sick gaming chairs they have sick freaking headsets they got these gaming mouses that look amazing i mean they light up and whoa they're saying i can pick three to four accessories from their new catalog that's launching in december and they're gonna pay for all the shipping all i have to do is receive the accessories create a commercial about it on the day that i get it and then like a week before they do the sales post that video after they deliver the accessories free of charge they're gonna just remain with me it's not like i have to send them back or anything instead of paying me money they're gonna just give me these accessories that they probably don't pay too much for they probably get them made in china or something and if you buy products in bulk like of course you can just give them out cheap why i'm talking like this is the thoughts that were going through my brain i didn't read this and think ah they're freaking stupid they're trying to scam me and take my bitcoins i mean hey they're talking about gaming chairs and like they're going to provide me information in the future about this i mean they're not even like really like oh click this link right here click this link right here and you got you got to check out our new accessories you got to keep it click click click it download it install it and make sure you respond back to us they're just like hey let me know if you're interested and we'll send you a pdf with instructions obviously they can't post the catalog on their website they got to send you the catalog because it's private it's it's going to be a big sale like obviously i'm making an advertisement like i was gonna record a dope ass video like showing off this gaming chair like it's like an actual advertisement because it's not been released yet they're gonna hold a presentation early december so i wrote back the next morning december 5th at 7 57 a.m i said hello yes i am interested i would love to see the new collection and create videos i'd love to yeah later on the same day at 12 58 p.m they finally sent me their product line to check out so i could pick out three to four products free of charge all you gotta do is make a video guy being a youtuber is so great isn't it so what do my eyes see blah blah blah blah okay our campaign youtube all right free charge all right pick my products okay attach the document non-disclosure agreement oh because it's like a partner what information is needed it's in the products however okay documents does not need to be signed all right so i just got to read follow instructions only the company's employees and partners know about this okay everything you see in the catalog will be protected by the rule described in the okay okay cool oh all right right here so i have to do is all right so it's just a pdf and there was instructions to click another link which will lead to the private catalog and they gave me like a personal code to use for the catalog and i guess like all i can say is they they got me i'm not stupid well kinda but i know not to download stuff i am not new to the internet i am not new to scams i've literally seen everything in the books but like this i mean it was so perfectly written so manipulative so what happened was the catalog actually opened up and when i clicked on it right away my brain kind of went like why did like install the catalog like i thought i was just gonna click on the link and like the catalog would just pop up but no like it literally popped up on my monitor like an installation bar that just went across real quick and then the catalog popped up and inside the catalog real products like i could actually scroll i could actually like look at product selection and stuff and what they said in this pdf when you click on it it's like showing you the instructions like how to pick out something you want and what to do and stuff and this pdf that i'm not gonna click on this manipulated me even more it's saying to write down like three to four order numbers you can't exceed two thousand dollars and all of this stuff it's talking about everything you need to do for the commercial guys this is not a joke this is the most professional scam i've ever seen in my life so what happened when i clicked that what happened when i clicked that link gave them access to my meta mask they didn't just log into my meta mask through my key or something and send the funds over to their account they got access to full control of my metamask like they literally got handed over my metamask account just from me doing what i did from clicking that and believing this there's still so many details i need to be unraveled and there's a lot more investigation that needs to be done it is all in the works right now and i will not give up on this i'm going to stay on this case you do not want to miss future update videos about this so definitely throw a thumbs up on this video and click the subscribe button it mean a ton the support has been tremendous and i will be the voice for the people i'm currently in talks with a blockchain security engineer at binance he said this case piqued his interest and he has been working on cyber incidents for over 10 years and i'm actually looking at the tweets he just sent me and this case honestly just keeps getting deeper there's gonna be a part two to this video and the details we will be releasing will blow your mind the money that this hacker organization has accumulated within a short period of time is freaking insanity remember to prioritize securing your assets it is something i'm gonna forever tell my community to do and i will have a video coming out shortly within this week probably or next week talking about how to do so because every single day i'm informing myself how to lock down as best as possible and do what i can do to prevent this from happening again if you have been scammed or have had your metamask wallet completely wiped let me know down below i want to hear your story because your information definitely definitely definitely could help in this investigation if you would like to reach out to me and contact me please do so on twitter telegram or instagram all of that's down below in the description i'm glad i can update you guys on the situation this is far from over i'm gonna go get right back to it and i'll see you guys in part two peace"

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 Withdrawal From KuCoin To CryptoJordin's Wallet - BSCScan (Mar 3, 2023)
  2. 2.0 2.1 Transfer of 396.466 BNB (Unrelated) - BSCScan (Mar 3, 2023)
  3. 3.0 3.1 Theft of CryptoJordin's Avalanche Tokens - SnowTrace (Mar 3, 2023)
  4. 4.0 4.1 CryptoJordin - Update on The Hackers Who Wiped My MetaMask Wallet. - YouTube (Mar 3, 2023)
  5. CryptoJordin - The PDF Crypto Scam Just Went To A Whole New Level. - YouTube (Mar 3, 2023)
  6. Avalanche Historic Market Price - CoinMarketCap (Mar 3, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=MetaMask_Redline_PDF_Spearphishing_Email_CryptoJordin&oldid=2947"