Crypto Jordin Redline PDF Spearphishing Email

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Crypto Jordin on YouTube

YouTuber Crypto Jordin was targeted by a spearphishing attack which claimed to be from a representative of Canyon Gaming, a company that specializes in gaming accessories. CryptoJordin was tricked into installing Redline malware in a malicious PDF file, and this allowed the attacker to gain access to his computer and drain his cryptocurrency hot wallets.

About Crypto Jordin

Crypto Jordin runs a YouTube channel.

About Canyon Gaming

Canyon, founded in the Netherlands in 2003, offers stylish yet affordable accessories and wearables[1]. Canyon promotes individuality, eco-friendliness, and mindful consumption[1]. Their products are designed for young urban individuals who appreciate smart consumption and seek innovation[1]. Canyon encourages users to be themselves, emphasizing that they are cooler than the brands they use and can prioritize what matters to them[1].

They provide a range of gadgets, including smartwatches for fitness and outdoor activities, USB hubs to extend PC and Mac functionality, and Bluetooth audio devices for high-quality sound and design[1]. They offer charging stations for a clutter-free desktop, power banks for portable device charging, and Canyon Gaming accessories known for their quality, original design, and affordability[1].

Canyon Gaming offers a range of high-quality PC accessories designed for gamers, including mice and keyboards[2], headsets that provide an immersive experience for long gaming sessions, gamepads compatible with popular consoles and PCs, and a selection of Sport Battle chairs to suit various budgets, equipped with essential gamer-friendly features[3]. These devices are known for their unique design, extended functionality, and affordability[2]. They are constructed from top-notch materials and designed for ergonomic comfort[2].

Canyon Gaming peripherals come with extra features such as programmable buttons, onboard memory modules, and a distinct style[2]. The company prioritizes providing an enjoyable user experience and using quality materials that are accessible to the average user[2]. As a result, Canyon Gaming tools are suitable not only for gaming but also for everyday work[2].

You can find drivers, e-catalogs, news, certificates, and more on their website[1].

Canyon Gaming Advertising Campaign

Crypto Jordin received an email which claimed to be from Canyon Gaming.

"hi I represent canyon gaming and I'm responsible for launching an advertising campaign to promote new technologies developed by our company"

The Reality

The email received by Crypto Jordin was not from Canyon Gaming. It contained a malicious PDF file with Redline malware.

What Happened

CryptoJordin installed the Redline malware by mistake, and this allowed the attacker to gain access to drain his cryptocurrency hot wallets on his computer.

Key Event Timeline - Crypto Jordin Redline PDF Spearphishing Email
Date Event Description
December 1st, 2021 6:30:53 AM MST Last Avalanche Transaction The last reported transaction on CryptoJordin's avalanche wallet prior to the malicious transaction[4][5].
December 4th, 2021 4:55:48 PM MST KuCoin Withdrawal A small amount of BSC is withdrawn from the KuCoin hot wallet to CryptoJordin's main wallet address on the Binance smart chain[6].
December 4th, 2021 4:58:48 PM MST BUSD Tokens Transferred In an apparently unrelated transfer, 396.46602051 BUSD tokens are transferred from CryptoJordin's MetaMask wallet to another unidentified wallet[7].
December 5th, 2021 12:21:00 PM MST Transfer In Avalanche The attacker transfers 0.300561904654125746 avalanche tokens into CryptoJordin's wallet, likely necessary to cover transaction fees[5][8].
December 5th, 2021 12:34:22 PM MST Malicious Transaction The malicious transaction happened which stole CryptoJordin's funds[5][9].
December 8th, 2021 9:27:37 AM MST Video About Missing Tokens The first video with reported missing wonderland tokens[10].
December 9th, 2021 8:20:49 AM MST Another Video Uploaded CryptoJordin uploads his first video explaining the situation and what happened titled "Update on The Hackers Who Wiped My MetaMask Wallet."[11].
December 11th, 2021 10:09:31 AM MST Video Detailing Size of Account CryptoJordin produces and launches another video with "Shocking Details About My MetaMask Hackers." which goes through how his funds were joined into a wallet with over $31m in there[12].
December 14th, 2021 2:14:07 PM MST Video Baiting Scammer CryptoJordin reports on baiting the hacker into sending a malicious PDF with the malware included[13].
January 4th, 2022 11:15:13 AM MST Another PDF Email Received CryptoJordin reports on receiving another malicious PDF email in a new video. This video included 3 other YouTubers in the videos[14].
April 4th, 2022 2:49:35 PM MDT Video About Scam Emails CryptoJordin posts another video about scam emails. He also indicates that they are currently "in contact with the hackers"[15].

Technical Analysis

Avalanche: [4][5][8][9]

BNB: [6]

Total Amount Lost

CryptoJordin shows a screenshot of his wallet, which has a transaction transferring 11.811348845090403543 avalanche tokens[11][9]. The historic closing market price of avalanche on December 5th, 2021 was $85.79[16]. This makes a total loss of $1,013.30 USD.

A separate transaction the day prior to the exploit for $396.47 BUSD[7] is likely unrelated. While the attacker may have had access to that wallet due to the same compromised private key, this transaction happened just moments after a transfer from KuCoin[6], which was likely initiated by CryptoJordin. There is no suggestion of his KuCoin account being compromised. In his December 8th video, CryptoJordin says he "lost $400 yesterday from trying to transfer something" which may be related to this transaction[10]. The discrepancy related to the timeline is likely because CryptoJordin took a couple of days to edit his content before sharing it online.

The total amount lost has been estimated at $1,000 USD.

Immediate Reactions

CryptoJordin describes his initial reactions when first encountering the theft in his video.

it got me really worked up and I wanted to make a video on it, but, I also wanted to calm down first before I even thought about making a video, because I didn't want to make an immature video like freaking out and I wanted to get to the bottom of the problem before I actually made a video on it. Because, you know how badly I wanted to jump on here and just freak out and ramble, but I knew it wasn't the right thing. I had to really just calm my thoughts, and just, breathe. But um, basically I went on my wonderland account, to, um, just see how my stake balance was doing, to see how much money it was. I typically check on it like once a week or so, just to see how it's performing. So, I went on and I noticed this 'zero time zero' memo - just a wiped account. So obviously I thought to myself 'Oh I'm not connected to my MetaMask' or 'I'm on the wrong network.' because if you get connected to the Binance network [or] ethereum network it doesn't really work. It'll say you're wrong network. I was connected to the avalanche network. I was on my right account. I was connected. But I did notice that I had no avax and I did have, like point, like something, like I always keep a little bit in here for transactions and stuff.

CryptoJordin created a video just a few days after his loss.

"hey what is up guys it's jordan welcome back to another uh investigation video to be honest I haven't got much sleep probably about four to five hours last night I've honestly just been stressed about this whole situation" "Today we investigate who stole crypto from my #MetaMask wallet. This is one of many scams. We will get to the bottom of this. This is far from over... stay tuned "

Transcript From "My $Time Wonderland Balance Was Wiped."

"Hey! What is up, guys? So today in this one I'm not gonna go fake and energetic and stuff because obviously if you read the title I'm not. Something happened yesterday and it got me really worked up and I wanted to make a video on it, but, I also wanted to calm down first before I even thought about making a video, because I didn't want to make an immature video like freaking out and I wanted to get to the bottom of the problem before I actually made a video on it. Because, you know how badly I wanted to jump on here and just freak out and ramble, but I knew it wasn't the right thing. I had to really just calm my thoughts, and just, breathe.

But um, basically I went on my wonderland account, to, um, just see how my stake balance was doing, to see how much money it was. I typically check on it like once a week or so, just to see how it's performing. So, I went on and I noticed this 'zero time zero' memo - just a wiped account. So obviously I thought to myself 'Oh I'm not connected to my MetaMask' or 'I'm on the wrong network.' because if you get connected to the Binance network [or] ethereum network it doesn't really work. It'll say you're wrong network. I was connected to the avalanche network. I was on my right account. I was connected. But I did notice that I had no avax and I did have, like point, like something, like I always keep a little bit in here for transactions and stuff. And I don't use MetaMask. I really only used it for wonderland, and to make the tutorial for wonderland, like how to buy it and stuff. The first thing I did was go down here to activity to see like, has anybody been on my account.

I did send out two avex December 1st, but that was from the snow bank that I sold because I unstaked all my snow bank and sold that off. And that was December 1st. That's seven days ago from today. So, I knew I checked my balance on wonderland within seven days. It was probably like three or four days ago I checked it. It was weird to see I had no balance but my activity was - there was no activity. And this is literally the only tab I use. I only connect to the avalanche mainnet. All the other ones won't even work, for this site. So it's like - this is all I use. So last night I was trying to calm myself down. I'm like 'All right, I'll wake up in the morning, I'll refresh it. Maybe with something with the network, having server issues, or something. I didn't know.' I was like 'All right. I'm gonna just wake up in the morning. Try not to freak out.' Yeah, I woke up, checked the balance, and it was still blank. It was just like this. I tried to delete the network and re-add it. It was just all the same thing. There was nothing I could do. I went over to Trader Joe to see if I could uh, pull up like previous transactions and that wouldn't let me. So the next thing I did was go into the Telegram and I tried to talk to some people and there was about like three other people that also said they were having problems and their account got wiped, so I really wanted to know - like was it wonderland that was like pulling something suspicious, was it like that I got hacked? Was it that that I did something wrong? Did I understand it when I was in sleeping? Did I - did I sleep walk and unstake my wonderland? Like I really really wanted to know. There's nothing in the transactions. Like, if somebody got on my account there's literally nothing here - there's no activity saying somebody unstaked my thousand dollars or they sent it somewhere else. Like there's literally no activity, and you can't even click on the activity and like delete it, like there's no there's literally no way of deleting my activity. Like I'm saying, like if somebody got on my account, sent it over, like there's no way they can possibly delete it from here. So when I was in the Telegram, I had some kind person really help me. They told me to take my address from MetaMask.

God, I'm still like - so I'm still just like worked up man. It's like like like this really gets me worked up. [So I took] my MetaMask address and copy it right here and then I'm gonna go over to snow trade, paste my address, and search up the history. So, two days and 20 hours ago, I received a payment of 0.3 avax from this address which we will look into. Time staking, so they unstaked my time and then went over to Trader Joe, swapped it so the 11 [avalanche] was then sent to this address, which we will also look into. These are not my addresses. I did not send this 0.3 avax two days ago. I did not send that 0.2 avax two days ago. There is no activity explaining any of this that happened. It is not - it is not on my account, is not in the activity two days ago. I received the 0.3 from this address. This address here is the transaction right here. They sent me 0.3 avax. None of these transactions in these last six days are mine. This is not my account. This is not my address. Someone sent me avax, got into my account so they could use that money to unstake it, wiped all of my time out of wonderland, and sent it back to theirs.

I'm going to go back over to my address and now we're going to see where they sent the 11 avax that was stolen from my account. It was sent to this address right here, and it is a brand new address. It was literally created for this transaction. This is something I'm just gonna have to accept and learn from. I need to secure my accounts as much as possible. All my other accounts are so freaking secured, but my MetaMask - a wallet that I don't really use that I just put a thousand dollars on. The state time wonderland I got hacked I got beat I lost I have to accept this. I have to get a ledger wallet. I have to secure my assets. I cannot let this happen again, and it will not happen again, and I do not want this to happen to anybody. I want you to please please please go secure your assets. Buy a ledger right after this video. I'm going to go watch YouTube videos and figure out which one I'm going to buy. I'm going to buy it up right away. I'm going to delete this MetaMask while it start fresh and that's all I can do. You know, I mean I could sit here and just think about it all day which I'm probably end up well or I could just accept it and move on, because there's nothing I can do. You know, when something's out of your control, I mean you just have to do whatever you can to adapt and to make for so it doesn't happen next time, and that's what I'm gonna do. So, this isn't a video to put any bad light on wonderland fight acid staked on other platforms they would have taken that too this was all on me I'm the only one that I can blame and sometimes you just got to own up to that instantly when it happened I was like 'Oh my God wonderland's a scam lands God wonderland did people are so fast to jump I'm so fast to jump it's what we do we try to find something someone to blame quick but in reality I mean it was me probably clicked on something I probably downloaded something nothing happened for my while it wasn't secured I'm gonna have to deal with the consequence thank you guys for watching this video please throw a thumbs up on it I want this video to be shared with everybody and if you lost money staking somewhere if you lost money in crypto together we have to learn together we have to teach people and educate the crypto space so this doesn't happen there's nothing worse than losing money I lost 400 yesterday if I'm trying to transfer something and then this happens it's like every time I go forward something happens and there's two steps back but I can't allow myself to be emotionally torn by this so I'm gonna move on and thank you guys for watching really appreciate all of you always keep your head up and stay positive it's all we can do in this world love you guys peace"

Transcript From "Update on The Hackers Who Wiped My MetaMask Wallet."

"Hey, what is up guys? It's Jordan. Welcome back to another, uh, investigation video. To be honest, I haven't got much sleep - probably about four to five hours last night. I've honestly just been stressed about this whole situation and a lot of people have been contacting me saying they've been having similar problems. They describe it to me. It's literally the exact same thing I'm going through. You feel hopeless. You feel like you have no voice. If something happens to your bank account or whatever you can go and contact your bank, talk to somebody. [It] makes you feel a little better, even if they don't fix your problem, but in the crypto world there's nobody. It's you, it's a decentralized world, and I mean it is scary. My latest videos sparked a huge conversation around the crypto world that nobody wants to talk about, and it's all of these scams that are going around. There's going to be a lot of information in this video you do not want to miss. Let's jump right into it."

"[I] began my investigation by thinking back to what I was doing the exact second my funds got stolen. When I took a look at the address that transferred the coins from my account to theirs, I noticed it happened two days and like 18 hours ago. That is the only information I was given. So, what do you do? You have to work with what you're given. [I] paste my address and search up the history, so two days and 20 hours ago. I sat right here for about an hour [and] really tried to think what I was doing two days and 18 hours ago, or whatever it was from yesterday. So I thought a lot, I did the math or whatever, and figured out what time it was. [I was] busy throughout the morning. Around the afternoon I went out for lunch. I came back and I started my day. And what do I start off with? First I respond to emails. I respond to sponsors, promos, questions, all types of stuff."

"About four or five years ago I used to create vlog content. That's how I really built my channel and I mean I would get tons of emails every day. I would always respond to them, so I've been doing this for like a long time now. So I've seen scams where people want me to promote their product and they never end up sending payments and stuff. That's happened. So, I mean I've pretty much seen it all, besides what I'm going to show you, and this is crazy."

"Another way I pinpointed the exact thing I was doing at that time was I went onto my iPhone, I went to my pictures, and I took a thumbnail picture four o'clock or something, and I remember I made the video right after I did the emails. That means I was reading emails around like three o'clock or so, because I recorded at four probably. [It] probably took an hour, so reading emails, watching YouTube videos ... on the side watching flying emails and like God I didn't know like recording this video would be so hard like my heart's like actually kind of racing and like I get really worked up about this I said this last video really defensive I get very angry we'll say it again i'll probably say it at the end of the video this was all my fault but I want to take my mistake and turn it into something positive and allow people to learn from it this is an email I received on december 4th around 6 30 p.m hi I represent canyon gaming and I'm responsible for launching an advertising campaign to promote new technologies developed by our company so typically when I get one of these emails I'm like okay cool let me jump over to canon gaming website and see what they got I'm not gonna go over to the website because I don't know if they're affiliated with this hacking group or not which I assume they're not probably a normal company but maybe they made this company to disguise it that's very possible it's not hard to make a website and we will get to the bottom of that also I currently have a team right now while I'm recording this video investigating this this is a big deal and if nobody else in the crypto community wants to step up I will I want to be the voice for the people that are going through the same that I'm dealing with okay let's read this email you definitely want to hear this we create the best personal computer accessories your channel is suitable for us to advertise our campaign so we decided to order an advertising video from you about the new collection of which will be released in mid-december so in my head I'm thinking okay company that I checked out their website they have sick gaming chairs they have sick freaking headsets they got these gaming mouses that look amazing I mean they light up and whoa they're saying I can pick three to four accessories from their new catalog that's launching in december and they're gonna pay for all the shipping all I have to do is receive the accessories create a commercial about it on the day that I get it and then like a week before they do the sales post that video after they deliver the accessories free of charge they're gonna just remain with me it's not like I have to send them back or anything instead of paying me money they're gonna just give me these accessories that they probably don't pay too much for they probably get them made in china or something and if you buy products in bulk like of course you can just give them out cheap why I'm talking like this is the thoughts that were going through my brain I didn't read this and think ah they're freaking stupid they're trying to scam me and take my bitcoins I mean hey they're talking about gaming chairs and like they're going to provide me information in the future about this I mean they're not even like really like oh click this link right here click this link right here and you got you got to check out our new accessories you got to keep it click click click it download it install it and make sure you respond back to us they're just like hey let me know if you're interested and we'll send you a pdf with instructions obviously they can't post the catalog on their website they got to send you the catalog because it's private it's it's going to be a big sale like obviously I'm making an advertisement like I was gonna record a dope ass video like showing off this gaming chair like it's like an actual advertisement because it's not been released yet they're gonna hold a presentation early december so I wrote back the next morning december 5th at 7 57 a.m I said hello yes I am interested I would love to see the new collection and create videos I'd love to yeah later on the same day at 12 58 p.m they finally sent me their product line to check out so I could pick out three to four products free of charge all you gotta do is make a video guy being a YouTube r is so great isn't it so what do my eyes see blah blah blah blah okay our campaign YouTube all right free charge all right pick my products okay attach the document non-disclosure agreement oh because it's like a partner what information is needed it's in the products however okay documents does not need to be signed all right so I just got to read follow instructions only the company's employees and partners know about this okay everything you see in the catalog will be protected by the rule described in the okay okay cool oh all right right here so I have to do is all right so it's just a pdf and there was instructions to click another link which will lead to the private catalog and they gave me like a personal code to use for the catalog and I guess like all I can say is they they got me I'm not stupid well kinda but I know not to download stuff I am not new to the internet I am not new to scams I've literally seen everything in the books but like this I mean it was so perfectly written so manipulative so what happened was the catalog actually opened up and when I clicked on it right away my brain kind of went like why did like install the catalog like I thought I was just gonna click on the link and like the catalog would just pop up but no like it literally popped up on my monitor like an installation bar that just went across real quick and then the catalog popped up and inside the catalog real products like I could actually scroll I could actually like look at product selection and stuff and what they said in this pdf when you click on it it's like showing you the instructions like how to pick out something you want and what to do and stuff and this pdf that I'm not gonna click on this manipulated me even more it's saying to write down like three to four order numbers you can't exceed two thousand dollars and all of this stuff it's talking about everything you need to do for the commercial guys this is not a joke this is the most professional scam I've ever seen in my life so what happened when I clicked that what happened when I clicked that link gave them access to my MetaMask they didn't just log into my MetaMask through my key or something and send the funds over to their account they got access to full control of my MetaMask like they literally got handed over my MetaMask account just from me doing what I did from clicking that and believing this there's still so many details I need to be unraveled and there's a lot more investigation that needs to be done it is all in the works right now and I will not give up on this I'm going to stay on this case you do not want to miss future update videos about this so definitely throw a thumbs up on this video and click the subscribe button it mean a ton the support has been tremendous and I will be the voice for the people I'm currently in talks with a blockchain security engineer at binance he said this case piqued his interest and he has been working on cyber incidents for over 10 years and I'm actually looking at the tweets he just sent me and this case honestly just keeps getting deeper there's gonna be a part two to this video and the details we will be releasing will blow your mind the money that this hacker organization has accumulated within a short period of time is freaking insanity remember to prioritize securing your assets it is something I'm gonna forever tell my community to do and I will have a video coming out shortly within this week probably or next week talking about how to do so because every single day I'm informing myself how to lock down as best as possible and do what I can do to prevent this from happening again if you have been scammed or have had your MetaMask wallet completely wiped let me know down below I want to hear your story because your information definitely definitely definitely could help in this investigation if you would like to reach out to me and contact me please do so on twitter telegram or instagram all of that's down below in the description I'm glad I can update you guys on the situation this is far from over I'm gonna go get right back to it and i'll see you guys in part two peace"

Transcript From "Shocking Details About My MetaMask Hackers."

ever since my last video I've gotten over 100 messages from people been going through the same thing that I'm going through and to be honest it's just heartbreaking and what I'm gonna reveal in this video it's just not cool and it is the main reason why I started this investigation why I built a team around this and why I made that first video but without further ado let's get right into it I wanted to keep all the information kind of like enclosed I don't want to just start rambling to everybody blockchain security engineer at binance and right away I knew I wanted to work with him so I reached out he said he was sorry to hear about my loss and he wanted to know more information about the case so that's exactly what we started with sent him over my MetaMask address and he did a lot more digging and what he found out I just can't even comprehend it's it's just sad that's like the only thing I can say it's sad so the real question was what can we do to get information about these hackers there has to be something right my funds never landed into an exchange so unfortunately that kind of stops the path because there's no exchange to track it down to I mean it's kind of just chilling in the blockchain right now what he's saying is the best case scenario is the exchange will block the user's account and they will report his criminal activity to the police in his region I told you people don't give up on me I am not gonna just let this fly I'm gonna do whatever it takes to do something about this and you want to know why I'm even angrier than I was because we tracked down what happened after they unstaked my time or memo whatever then they sold it for avax then they transferred it to another account and then they swapped it for matic that was then transferred to an account with over 31 million 31 million dollars of hard-working people 31 million dollars when this all first happened it was more or less about me like hey guys I lost a thousand dollars I went through this I'm feeling I mean it's honestly beyond that point it it's not about me anymore guys it's not I'm not doing this for me I don't give a about that a thousand dollars I don't care I don't care there is 31 million dollars that has been stolen and nothing has been done about this I just since this is a screenshot I'm gonna actually uh go and see if this money is still in the account because this is a screenshot from uh two days ago and to make it more convenient for you i'll put that in the description you can look at it you can do some more investigation if you want I mean this is all a team effort and if you've been scammed or if you've been through something like this where you've had your MetaMask hacked where you've had your crypto stolen hacked whatever reach out to me you should join my brand new telegram I actually just started it yesterday it's a place where I'm chatting and talking to viewers and it's just it's been great there's like 30 people in there because I haven't really even put in a video yet and it's just been cool like everybody's chilled and the community I'm building it's awesome it makes me smile every day it makes me feel like I'm not alone on this it just feels good having support behind me I hope you believe in me to not give up I know we can do it I believe in myself I believe in the people that are helping me I just want to turn something bad into something good okay people it looks like the hackers have some bad spending habits or maybe they're just buying the bitcoin dip that could be a good thing they have several transactions that are going outside of this matic wallet to other wallets when you think about it put yourself in the shoes of the hacker you hack somebody you get their bitcoins or whatever whatever the they want or in this case whatever the you want you take the currency you have it in a MetaMask wallet or whatever you send it to another MetaMask while you send it to another MetaMask while you think that's secure even though you can track the transactions but anyways what do you do to be able to actually spend that money you can't go and spend your freaking polygon at target well I haven't really been outside the house recently so maybe you can but you know they're gonna take this medic send it to another wallet and somehow get it to an exchange so they can cash it out and get some cash what what else do they want they want cash I mean at least if I was a hacker I would want the cash I don't want matic and you know they're gonna at least cash out a little bit you just know it you know it put yourself in those shoes so I took that thought and I told the main investigator that was helping me with this case I went and looked at my messages and he was already two steps ahead I was trying to tell him information I just discovered and he was already five steps ahead actually he tracked down multiple exchange accounts associated with my attacker that's big at that point I'm like whoa like we're actually getting somewhere with this so what he said was yeah one of the hackers in my summed up terms got pretty freaking greedy so we tracked down the greed in the chain of transactions that we detected you can see here one of the attacker's wallet is regularly receiving funds from various binance hot wallets this is a very strong indicator that this is a personal wallet and not a burner wallet you can report this address to binance and they can identify the hacker and I hope this ship bites his mother I hope it bites his ass like a pit bull so I just clicked the link now we're gonna take a little better look at what's going on in this wallet look at all of these transactions so the hacker is sending funds from binance hot wallets to their personal wallet which is right here I will also have that down below in the description and what we are suspecting is every single one of these transactions stolen funds stolen funds stolen funds stolen funds stolen funds stolen funds stolen funds stolen fond stone this wallet right here has been reported the binance and what I want you to do is the exact same thing please please please go report this to binance go report this to kucoin we need to report these addresses I have done my part I want you to do yours you never know what can happen when everybody works together the possibilities are endless I have the platform I will be the voice for the people this is far from over they currently have zero funds in this account everything they get they send it back out to another wallet this is also another wallet that is doing the exact same thing another one and this is a wallet that also led from tracking down transactions from that matic wallet so that was the main source where we're getting these leads from and every single day we're getting more and more information and it's been rewarding we're moving forward and we are getting somewhere with this this is the third one we tracked down another one and what it seems to be is one of them was for ethereum one of them was formatic this one's for b and b and it kind of seems to be that they're pretty organized which potentially could help us even more when you search up somebody's wallet and see their transactions you can also leave comments what do the comments say on this wallet let's see one month ago well that's the address of someone who steals your bnb here is another address that he sends stuff please return every bnb you have stolen it is hard earned money it is just sad to think that there's like people out there that could actually like live normally knowing that they literally single-handedly destroyed lives money is something that's connected to emotion I don't see money as like a physical object I see it as like an emotion in a way you could literally just ruin somebody's whole life by doing something like this I just can't even like sit here and comprehend it all I'm kind of just so overwhelmed with all the messages of like this happening to people and stuff and I've said this in several videos it's just something that gets me very very worked up I just want to do my part and that's what I'm doing so there are still many details I cannot release and I hope you can understand that we want to ensure that we do the proper thing but the one thing I can tell you is we're currently in contact with the hackers [Music] you

Ultimate Outcome

"i want to take my mistake and turn it into something positive and allow people to learn from it"

Transcript From "We Baited The MetaMask Hacker..."

"i'm not just saying this to say it but as a reason I've been really really anxious and I swear just like everything I see online now I'm just like is this a scam like is this a scam should I click this website is this person lying to me is this email this I've been really paranoid I'm not gonna lie and I mean I have a reason to be but I mean it's just not right everybody that even contacts me I'm just thinking in my head like we is this person like trying to pull something and come to find out they're just sending me like a picture you get what I'm saying I've just been overall paranoid and I'm sure a lot of people can relate because once it happens to you you feel like it's like always happening to you and I I don't know it's something that I can't really explain but it's there but I have promised you guys that I will not give up on this case and we haven't me and the person that's helping me out together we have detected a lot of information about my hacker some of the stuff I can talk about in this video some of the stuff I can't because it's an ongoing investigation I can't tell everything and I'm not trying to leave you with some like cliffhanger or something I'm not trying to turn this into like john wick where there's 15 different movies about the same exact thing I'm just trying to protect the information so we can use it to just milk as much information as possible because one thing just leads to the next that's how this investigation has been going so where we let off last video was we tracked down a chain of wallets that were all connected and by doing so that led us to the account with 31 million dollars of stolen funds and it led us to two exchange accounts one on kucoin and one on binance we then took appropriate action and I shared those wallet addresses with you guys that is in the last video if you have not seen any of these videos you've got to start with the first one otherwise none of this will be making sense and I don't want to go back and repeat myself because it will be an hour video we're going to continue from last video and right after that we discovered a lot more information about my hacker but how do we do so we baited them through the same email they sent me the investigator helping me out on this is using a separate computer separate emails and a lot of other different sources that is the only way we're gonna get somewhere you have to basically give your computer the virus so you can detect it and break it down it's something I can't really even explain to you that's why I have somebody helping me out on this this is far from my thousand dollars getting stolen this is something that needs to be taken very very serious think about it if I found an account with 31 million dollars imagine how many wallets are out there with just millions and millions of dollars all stolen funds we sent this to my hacker hello sir my friends in the crypto influencer industry have shared some info with me that your company is offering some free gaming keyboards and other gaming hardware while I am a crypto investor but not a crypto influencer is it possible for me to still participate in this offer and then we just said some stuff about twitch blah blah blah so we were sitting waiting hoping to hear back and uh within five minutes boom hi your advertising campaign is there ain't no providing repair oh I've seen that email before God they got my ass man we emailed the same address that reached out to me and scammed me but then they responded back with a different email so I just kind of thought that was interesting and I should add that but why exactly were we trying to get the email I already had the virus why were we trying to get the email again well right after I got the virus and stuff obviously I wake my whole entire computer I literally wipe my whole entire wi-fi my phone everything like everything is restored I mean my whole life's restored means all my passwords I mean everything everything everything everything it's all fresh it's all new I'm gonna be securing my assets I'm getting my ledger delivered one friday so you don't want to miss out on that I'm gonna have a video several videos I'm gonna have one setting it up I'm gonna have one how to set it up I'm gonna have one talking about why you should use it I'm not even joking once I hit like let's say 30 000 subscribers i'll give out three ledgers I want to use this opportunity to save people in the future that's what all of this is about and it's also about trying to get to the bottom of this so let's get back into it and see exactly what happened you know me I like to ramble I'm sorry okay so a day passed and we didn't get any leads I was thinking like oh [ __ ] they're not even right back they're probably like suspicious or something I don't know okay so they finally wrote back the next day but the file didn't work then I had me thinking like did they send like a real document to just like kind of act like it's real to cover themselves a little more I don't know I was just going pretty deep into my thoughts you know what I mean like trying to cover it up is like oh no this is actually real we never scanned anybody maybe they were suspicious first from that email that we sent them I don't all speculation just the way my brain works so what we did was email them again and we said hello sir it seems like we can't access your amazing catalog and then we said can you please send it again but they didn't respond so we were stuck pretty much for a whole day with no leads nothing to really go off of we pretty much tracked all the wallets down that we could kind of got stuck there I was thinking like damn this is pretty much probably it but no no no at two in the morning we received the pdf they sent us an email saying the error is erased and they sent us the actual file so what we did with the new device we bought specifically for this investigation we opened up the file we encrypted it we broke it all down I don't know whatever that all I know is we got information out of it and uh yeah i'll get to that one second so yeah I was told he'll update me soon you know when you get a text and you have that little preview up at the top yeah this is like what the preview looked like all I saw was I have identified the attackers right then and there I just had this feeling inside of me like oh here I thought we kind of hit a brick wall and we're stuck I didn't really know how we could go forward and I see this pop up I have identified the attacker's allospaces on his attack server associated with the malware security community refers to the attacker by the name mr santa mr santa this is the username he uses on various forms that he sells stolen data on and that's what I'm trying to explain here like this guy didn't just sit here all day and try to get like my MetaMask with a thousand dollars he wants a thousand people this hacking group is stealing millions and millions I'm an ant to this whole entire thing this is huge this is the real deal like I said if I can find an account with 31 million dollars 2 000 of them with 20 million so this group or this person isn't just targeting MetaMask wallets they're targeting your data below me right here is the operating system for the mr santa when I first made that video about me just like talking about a thousand dollars I lost in time wonderland I never would have thought that like all of this would become a thing and none of this would be possible without the person that's helping me on this so I just want to say thank you so so much and I wouldn't have met this person if I didn't post that initial videos by me making that video and reaching out to other people it allowed me to meet all these people and kind of like create this community of pretty much victims like we're all victims to this all the people watching these videos they've went through the exact same thing that I went through or worse most of them worse I only lost a thousand dollars I was talking to a 68 year old yesterday he's probably watching this video shout out to you and he was telling me the saddest story like he was in these crypto projects really really early and he accumulated like over a hundred thousand dollars and instantly it got wiped I mean that's just one story I have a video coming out soon where I'm putting together all of these stories in hopes that somebody sees it and does something about this at MetaMask there needs to be two-step verification and just a lot more things overall to protect their customers and yeah you can say to me well you can get a hard wallet I know that I know that and I'm going to tell people all the time to get one of those because it's the most important thing why would somebody that's only trying to invest a couple hundred dollars want to spend 200 on a ledger yeah that sounds ignorant of me but there's just got to be something else to protect people at least just a little bit more that's all I'm saying but we're trying to discover what information this whole entire virus thing is stealing from people because if it's taking your data your MetaMask like what is it actually taking what exactly happened when I clicked that like what happened that's what we're trying to get to the bottom of it's a shame that this keeps happening I'm doing everything I can every single day I'm informing myself on crypto security and just internet security in general so I can teach you guys I've been working on a ton of different projects and a ton of different things to get somebody to do something about all this only time change happens in the world is when everybody comes together as one and I know we can do so thank you guys for watching this video grab a thumbs up on it though it can get shared with the world we need this out there and we got to put a stop to this thank you guys for watching this video always keep your head up and stay positive i'll see you guys in the next one peace [Music] you"

Transcript From "The PDF Crypto Scam Just Went To A Whole New Level."

"I Whisper task and make comparisons starting today I'm hearing from you better understand more about New Year the treatment of installed and every single day out for the community of span the documents Yoona For Fun and is also Good morning Avril Lavigne to check my email and Write nudist disman have you Channel this wonderful and usage in Advertising Company I love your Manager weekend in its performance in Advertising campaign for new players Are You Now Company And introducing The bestest avernus people in the world with that were also for you got any further servicetag Supper styling and animal nurse your new Universe of that you just email kamigami fruits of responsibility of your eyes and Kelvin kwan advantages of using many people travel food lovers anh thú Soda zebra đi tìm for her much will take that money someone like you think you're speaking Night the squares and uses information mammon coremedia console against other studies the other well it now begun Pasteur Block puzzle game that way to get to the leaves is important that won't think have to ask My and therefore not to make sure that Person is an Evil series Inverter your purpose the things started to you everything in my heart with a world that many years to pdf file xin file save your personal phycatol Begin the Brothers The huntresses the new version you evaluate kebbel use the National route Will Find other countries and their treatment gentle blemish spot Essence segments unlocker michel Ange tuteur a little trees and right people in that And Father travel to think centre which participants to Switch action is intended for documents and subjected nosara jaw Vina computer system for some money buying activesync finest work tomorrow and gone and you will fall in Vietnam Idol Queen Pearl Shell store You Nothing You're My Soul to use and even the public When were gone ahead and reshiram adwords tear us apart in my video of the game just come around is used to make dr.dre Monster research Manager position on the power sand and tricks in the Woods and use your first I Scream and Advanced minister The waterfall Dragon and supports and me this way protein email the youths comments for her study finds out that food and permission a scam email vk Me it's just three Of The universe pudding caramen will you the nao xin Stories of the stores the beaver businesses need your trust What we used to get it might of treatment or you'll find ourselves in mechanical know that nothing and people about a person to you Happy birthday to you different uses it when you wish upon your my cos I wish I never Listen My ID ornare viverra thinkin about our instant noodles and equitable descending Ocean game What's the word that meet you study of any type of this Installer for love and very inter persian virus amazed when I don't need and travel Back Together on turn our Core Westlife nice work useful email most important to stay in touch me now I have Eyes were never think I Have Nothing To National day But if you want to find the intention is edible and fungal tomorrow The Voice power for use as the voice intervals Secret passage what to wear PS Viettel music catalogue jean top five information see receipt printer Brand New Canon Castle season villages and sisters is pain away my kids to learn and tell me this way to the morning with laughter vestiges of At least I trivium respects The internet to prepare your Bank information edestus picture series ungeziefer everything predictions about the medicos and the weather is enough for potential in things like that Will Keep adding more Advanced đối với city we need you develop their particular and get to play or damaged nigricans I ai hờ this game is lying in the work better let you to bring someone say là chibi YouTube maidstone whether you and compelling directly to memories quotes English phrasal stayed out all night of many people recommend this Wood of the way to protect her to the Messenger used to mean it depends on the Missing Words can indicate mother and we have described the sentinel Delta Tell me about it come my love im Yoona Mission and want to be with you I can't afford the Formula that not to treat them are Used across the kop diaz committees find anything like you not Connect with you my knees if you see that of the other self learning English welcome I presume indeterminate automatically apply can't make sure of pineapple understand Winner tannacomp Ultimate 300k Lâm iPhone sticky password khi nó báo được xin nói use the monster obby solzhenitsyn as paper or take the work work work with people who use your smartphone with nadir Angeles Together staples this happen in the other two days And ganesh One Piece I [âm nhạc]"

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

Ongoing Developments


Individual Prevention Policies

The primary issue was that CryptoJordin was storing his cryptocurrency funds in a hot wallet as opposed to offline. He used the same computer to answer emails and perform other uncontrolled activities. This meant that once the device was compromised, all of the funds in his hot wallet were able to be taken.

Any time untrusted software is being run is an opportunity for abuse. It is recommended to always interact with cryptocurrency in a fully controlled environment, which is an environment where you have understanding of every piece of software running there. Using a hardware wallet, spare computer with all software wiped, and/or virtual machine with only the needed software greatly reduces your attack surface. Take the time to verify downloaded files come from the correct and expected source and match available hashes if provided. Any time you encounter a new file, always check if it can contain executable code prior to using it.

Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Increasing the education level for cryptocurrency users can help prevent loss. In the event of loss, an industry insurance fund can assist and provide some relief.

Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

Increasing the education level for cryptocurrency users can help prevent loss. In the event of loss, an industry insurance fund can assist and provide some relief.

Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.