MetaMask Large USDC/USDT Theft Setana0
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Setana0 reported that $88k worth of funds were stolen from their MetaMask account. It appears that their wallet was somehow compromised. As there is no evidence of a smart contract approval being involved, it is most likely due to a seed phrase stored insecurely.
About MetaMask
About Setana0
Setana0 is a Reddit user and MetaMask user.
gOHM investor. OlympusDAO.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
Setana0 noticed that their wallet was empty.
| Date | Event | Description |
|---|---|---|
| July 12th, 2022 11:19:37 AM MDT | USDC Theft | An initial theft of 45,860.064432 USDC is taken from Setana0's wallet[1]. |
| July 12th, 2022 11:20:20 AM MDT | USDT Theft | A further transfer of 19,111.780085 USDT is taken from Setana0's wallet[2]. |
| July 12th, 2022 11:21:59 AM MDT | gOHM Theft | 2.008524109747048012 gOHM tokens (OlympusDAO) are taken from Setana0's wallet[3]. |
| July 12th, 2022 11:26:26 AM MDT | ETH Theft | 0.151518662904685053 ETH is taken to clear out Setana0's wallet[4]. |
| July 12th, 2022 12:31:18 PM MDT | ETH Transfer | 0.0008 ETH is transfered into Setana0's wallet[5], suspected to be funds to cover gas from another on of the the thief's wallets[6]. |
| July 12th, 2022 12:42:37 PM MDT | Floki Theft | 2,647,510,449.552820722 Floki is taken from Setana0's wallet[7]. |
| July 16th, 2022 11:36:26 AM MDT | Coinbase Withdrawal | 0.00895358 ETH worth of funds are withdrawn from Coinbase into Setana0's wallet[8]. |
| July 16th, 2022 1:52:37 PM MDT | Reddit Post | Issue is posted on Reddit[9][10]. |
Technical Details
While many speculated that the loss may have involved a smart contract approval, further analysis largely concluded that the issue was regarding a private key breach.
Setana0's Wallet Address: 0x1AE31f08F63DF72b1E15E2ecbB937F132776C422[11]
Thief Wallet Addresses:
Theft Of Funds
After gaining knowledge of the private key, the thief acted quickly to remove the assets from the wallet.
First transfer of 45,860.064432 USDC[1].
Second transfer of 19,111.780085 USDT[2].
Third transfer of 2.008524109747048012 gOHM[3].
Fourth transfer of 0.151518662904685053 ETH[4].
Final FLOKI Transfer
The wallet was then out of fund. The thief had to make an ethereum deposit of 0.0008 to cover gas[5] for a withdrawal of the 2,647,510,449.552820722 FLOKI tokens[7].
Total Amount Lost
The total losses stem from:
| Asset | Value USD | Total USD |
|---|---|---|
| 45,860.064432 USDC[1] | $1.00 USD | $45,860.06 USD |
| 19,111.780085 USDT[2] | $1.00 USD | $19,111.78 USD |
| 2.008524109747048012 gOHM[3] | ||
| 0.151518662904685053 ETH[4] | ||
| 2,647,510,449.552820722 FLOKI[7] | ||
| Total |
The total amount lost has been estimated at $88,000 USD.
Immediate Reactions
Setana0 sought help from the Reddit community to determine what had happened to their MetaMask wallet to result in the theft.
Reddit Posts And Comments
"Im completely devastated. I honestly have no idea how or when my metamask or laptop got compromised. To think i was planning to get a hardware wallet. Not even in the mood to write anything. My life was already going backwards and now this. Any ideas on what i should do. Also If someone can shed some light on the situation.All the transaction on the 12th of July werent mine."
Reactions on Reddit
"Everyone makes mistakes, and that’s true. However the risk/reward should line up. If a lot is at stake, then having safeguards and back ups are useful.
No one expects anyone to be perfect, that’s why people and companies compensate in other areas. Insurance is another such backup plan.
Making a mistake is human, but not being prepared is simply folly. And the first step towards avoiding mistakes is to acknowledge you can make them. To admit you’re not perfect, and then plan for it.
The people who just go “why bother planning, yolo!” Are the ones who get screwed over the most. And that recklessness should be called out and corrected."
OP that's so rough! I'm so sorry for you man, such a [horrible] situation. It's gonna be devastating, but you're just going to have to move on. Easier said than done, but you have no other choice. Best of luck to you in life man, things will work out.
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Clean Up Of Other Wallet Tokens
It appears that the thief left several tokens in Setana0's wallet.
Additional Ethereum funds were withdrawn from Coinbase[8] and used to sweep the remaining tokens from the wallet.
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 1.2 Transfer of 45,860.064432 USDC From Setana0 To Phisher - EtherScan (Mar 9, 2023)
- ↑ 2.0 2.1 2.2 Transfer of 19,111.780085 USDT from Setana0's Wallet - EtherScan (Jan 15, 2024)
- ↑ 3.0 3.1 3.2 Transfer of 2.008524109747048012 gOHM From Setana0's Wallet - EtherScan (Jan 15, 2024)
- ↑ 4.0 4.1 4.2 Transfer of 0.151518662904685053 ETH from Setana0's Wallet - EtherScan (Jan 15, 2024)
- ↑ 5.0 5.1 5.2 Transfer of 0.0008 ETH into Setana0's Wallet - EtherScan (Jan 15, 2024)
- ↑ 6.0 6.1 Thief's Wallet For Gas Money - EtherScan (Jan 18, 2024)
- ↑ 7.0 7.1 7.2 Transfer of 2,647,510,449.552820722 FLOKI From Setana0's Wallet - EtherScan (Jan 15, 2024)
- ↑ 8.0 8.1 Withdrawal Of 0.00895358 ETH from CoinBase - EtherScan (Jan 15, 2024)
- ↑ [deleted by user] : CryptoCurrency (Mar 6, 2023)
- ↑ Just found out more than 88k usd worth of crypto was stolen from my metamask : CryptoCurrency (Jan 9, 2024)
- ↑ Setana0's Wallet Address - EtherScan (Jan 15, 2024)
- ↑ Setana0's Thief "Fake_Phishing5888" - EtherScan (Jan 18, 2024)
- ↑ Naus1987 - "Everyone makes mistakes, and that’s true. However the risk/reward should line up. If a lot is at stake, then having safeguards and back ups are useful." - Reddit (Jan 9, 2024)
- ↑ Alanski22 - "OP that's so rough! I'm so sorry for you man, such a [horrible] situation. It's gonna be devastating, but you're just going to have to move on. Easier said than done, but you have no other choice. Best of luck to you in life man, things will work out." - Reddit (Jan 9, 2024)