VanZuron Smart Contract Developer Theft

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 11:37, 25 January 2023 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/vanzuronsmartcontractdevelopertheft.php}} thumb|MetaMaskReddit user VanZuron reports having lost his funds (he reports up to $130k though gives no wallet address) to a thief. He later admitted that his key was exposed because he committed code which contained the key that he was using for smart contract development. It is extremely unlikely he has recovered any funds, since t...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

MetaMask

Reddit user VanZuron reports having lost his funds (he reports up to $130k though gives no wallet address) to a thief. He later admitted that his key was exposed because he committed code which contained the key that he was using for smart contract development. It is extremely unlikely he has recovered any funds, since there is no indication he reported the theft to any authorities and he never published the wallet address.

This is a global/international case not involving a specific country.

About MetaMask

"I am a student with loans." "I kept my funds on MM, and I kept all of my funds there. My entire life savings was on there." "An amount large enough that I’m not comfortable disclosing it in public..." "As much as $130k." "I got my BTC wrapped a few weeks ago." "It’s actually Brave’s built in wallet. I keep my seed offline and log in almost everyday."

"Crypto actually never took up much of my time and I'm always working since I have to support myself financially." "I actively use dapps, hence why my funds are there and did not consider a hardware wallet before." "I have an antivirus." "I use my account actively, but only to trusted sites."

"I woke up this morning realizing that I just lost all of my hard earned money and savings in about 2 hours. Someone got access to my private key (or at least I think so) and everything was gone. Somehow he/she knew what to go for first, took everything from there. Went into every single other platform that I use and withdrew everything." "Every DApp I mean. So it’s all from the same account :/"

"I think my private key was leaked somewhere. That’s the only reason I can think of." "I don't even recall having my private key saved somewhere or posting it online." "I know there is an almost 0% chance to get my funds back but I just need to know how do I recover from this. I am in so much shock that I literally can't think straight. Help."

"Things just got harder, but it would have been much worse if this happened later. I'm glad it did happen now, because now I know to be more careful." "Yes, it was dumb as well, and everyone kept asking "why don't you get a hardware wallet" even though it's too late."

"I tracked the coins and it left to another address. I don’t think it’s a UI bug and I don’t think they can transfer any funds back to me. I’ll still reach out though. Thank you"

"Yup I tracked them to an address. It’s not like I can do anything about it but just watch whoever took it spend it." "I’m pretty sure whoever has my funds was waiting for the right moment because they went for the biggest spot first."

"I was developing smart contracts and accidentally committed my private key. Even though I deleted it, that commit history existed and hence, they stole it. I should have known better and cleaned up that commit."

"I definitely messed up and will learn from it." "[T]hanks for the positive words, I know it will take me a very long time to recover this especially during these times."

"I learnt my lesson though, and it was tough as I lost every bit of funds I have left except for the ones in my physical cash wallet..."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - VanZuron Smart Contract Developer Theft
Date Event Description
July 30th, 2020 10:49:53 PM First Event This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

It is unknown how much was recovered.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

The majority of funds should be kept offline in a cold storage wallet, and only brought into a hot wallet when needed for transacting. It's a good idea in smart contract development to never use the same private key as your main wallet.

References

If you want to join me in watching metamask account get robbed by some asshole look below : CryptoCurrency (Jul 3)

If you want to join me in watching metamask account get robbed by some asshole look below : CryptoCurrency (Jul 5)

I lost everything in my sleep : CryptoCurrency (Sep 13)

Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=VanZuron_Smart_Contract_Developer_Theft&oldid=689"