Cell Phone Repair Shop Theft hoangs2k

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Multiple

On November 9th, Reddit user hoangs2k took his cell phone with a broken screen to get repaired at the UBreakIFix cell phone repair shop. He reported finding that a new device had been hooked up to his Google account on November 9th, the same day that his cell phone was being repaired. On December 26th, he found that his HotBit account and MetaMask wallet were both emptied out. His HotBit account was protected by his Google Authenticator with the backup information stored on his cell phone. It's unclear where the MetaMask wallet was accessed from, but conceivable it may have been on his phone as well.

$73k was taken between the Hotbit and MetaMask wallets. It is possible that the information on the phone was extracted during the repair process, with the new device added to the Google account, and this was later used to perform the theft. hoangs2k reportedly has not filed any police report, and it appears no funds have been recovered in this case.

This exchange or platform is based in Canada, or the incident targeted people primarily in Canada.

About Multiple

"I feel your pain. The morning after christmas 12/26/21, I got hacked as well for 73k." They took "62k from my metamask + an additional 10k from my hotbit account." "They did try to get into my coinbase account as well, which i dont use anymore and is pretty empty." "But I do have my bank account linked on there, so that worries me. I got the text for the code. I immediately changed my password via desktop pc." "Like many of you, I thought my funds were safe." "Thought my metamask was safe. My fault."

"The only thing I can think of is that the cell phone repair shop, cloned my phone (my touchscreen needed a replacement)." "I remember when I dropped my phone the screen broke and i got it repaired at a ubreakifix shop. Its showing the same day Nov. 9 it first connected, as my [PayPal] receipts." I "still don't know how they got into my metamask and my hotbit account as it requires fingerprint and 2fa for funds going out."

"Woke up to a notification from hotbit saying that I have a withdrawal success for 6k. Went to go check it and there was another one that was made for 4k a few minutes earlier. So I changed my hotbit password and email as well. Went to follow the tranasction id, found that address. Looked at it. Showing 62k in shib. Which i had in my metamask. Opened my metamask and there it wasnt. Gone 62k, just like that." "They sold assests in hotbit, converted it and withdrew it to that address. In metamask they unstaked my xshib to shib, and moved that as well."

"There was unrecognized phoned signed into my google email account, I signed that out immediately and changed the password." "I checked my google account to see what device was connected. And there was this ROG phone 2 connected on Nov. 9 that i dont recognize. I only owned samsung phones." "My google 2fa is strictly on my phone, so it has to be where they gained access. Downloaded and scanned for spyware, but didnt find anything."

"I also had a weird phone number text me the same day my account got hacked. It was in croation. I googled translated it, but didnt reply back to the text. (585) 733-8815 Tata samo da vam javim da nisam kod kuce That was the random text at 7:49pm EST. Translates to 'Dad just to let you know im not home.' Didnt think too much of it, as it was the same area code. Must be a wrong number im thinking. Too many coincidences."

"I tried to search for a crypto recovery solution. Checked out cncintel, spoke to them on the phone. But I fear that it is a scam. They wanted $5500 upfront and 20% of recovered funds. I told them I dont have that much, then they asked for $1500 upfront and 10% for the basic plan." "I tried to recover my hotbit funds, but they said they couldnt do anything."

"I already lost all hope. I dont make much, those were all gains, after I took my initial 5k investment out. I felt lucky for awhile. But it doesn't hurt any less, 73k is a lot. I had a feeling it's going to 4x by end of 2022." "If I were to do it again, I would make multiple wallets, split up funds.

"You phone/pc was hacked. Your email was hacked. Most likely they screen logged your 2fa seed for your metamask or exchange. Since you didnt use a hardware wallet the funds were easier to steal from metamask. Since they have your email, password and 2fa they have everything. I've heard people getting hacked in 2021 despite using google 2fa. This is why I have disabled google 2fa, moved to yubikey and whitelist address only for withdrawals."

"I haven't tried fil[l]ing a police report. I wouldn't know where to begin, what to say, or how I can prove anything..."

"It's all gone now. Still feeling it. Discouraged from future crypto investments, but I will find my way back in, somehow, someway."

"Anyways, easily the worst christmas present for me or a great one to whoever owns that address. Learn from my mistake get a hard wallet. I dont even know what I did wrong. This sucks man, really does."

This exchange or platform is based in Canada, or the incident targeted people primarily in Canada.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

• Known history of when and how the service was started.
• What problems does the company or service claim to solve?
• What marketing materials were used by the firm or business?
• Audits performed, and excerpts that may have been included.
• Business registration documents shown (fake or legitimate).
• How were people recruited to participate?
• Public warnings and announcements prior to the event.

Don't Include:

• Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
• Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

• When the service was actually started (if different than the "official story").
• Who actually ran a service and their own personal history.
• How the service was structured behind the scenes. (For example, there was no "trading bot".)
• Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Total Amount Lost

The total amount lost has been estimated at $73,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

Keep the majority of funds stored offline with all seed phrases and private keys in your possession. It is a good idea to remove wallets or two-factor authentication from any devices prior to sending them for repair.

References

Got compromised and lost over $120k in crypto; AMA : CryptoCurrency (Jun 1)

Got compromised and lost over $120k in crypto; AMA : CryptoCurrency (Jul 5)

https://etherscan.io/tx/0x1e0a1e2b75b0230e962f617e6f3759777e4221bc50bba55a19d7c7e5999b3011 (Jul 6)

https://etherscan.io/tx/0xd539dfa08a1714ba2f1f7c991a8fd3ed767081f5ee8857c9c224277fd396bae7 (Jul 6)

https://etherscan.io/tx/0xd8683405db99b7224b7c88433bf4bb2dd8208743d7db5b399e6534a7a7fb3594 (Jul 6)

https://etherscan.io/tx/0xd6aa5436bc37b8f70788e8df9e0ad3aec074e714d014f18c519163230ac4ca31 (Jul 6)

https://etherscan.io/tx/0xd43ab0a2416ef63147527066453365a0502af4e0bb14c00ecf9dde4396cb85e7 (Jul 6)

https://etherscan.io/tx/0x407743f09bbb2840583f7b494e761821c025bd1592e1b3064257b27e1bb0b9b7 (Jul 6)

https://etherscan.io/tx/0x34804087a17bd819069dd57e2fcced2a9cc6afe0f4e0fa2eb945e18664af212e (Jul 6)

https://etherscan.io/address/0xa6025e4efcaee6c4cc6ee97692a31c27fd44b8d1 (Jul 6)

I Think im done with crypto. : SatoshiStreetBets (Jul 6)

Daily Discussion - December 26, 2021 (GMT+0) : CryptoCurrency (Jul 6)

Just got hacked for 72k. I think im done with crypto. : SHIBArmy (Jul 6)

I got hacked for 72k. I think im done with crypto. : SatoshiStreetBets (Jul 6)

Repair Locations Nationwide | uBreakiFix (Jul 6)

Idgaf... I'm leaving my coins on an exchange where it is insured... Too many scams out there that even crypto vets are falling for. : CryptoCurrency (Jul 6)