MetaMask Konomi Hoge Xbase Theft ICEINTHENICE

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

MetaMask

User ICEINTHENICE suffered a breach of their MetaMask wallet, and thousands of dollars in three tokens were taken from the wallet.

This is a global/international case not involving a specific country.[1]

About ICEINTHENICE

ICEINTHENICE is a Reddit user.

https://old.reddit.com/user/ICEINTHENICE?count=100&after=t1_gw7vx6x

About MetaMask

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - MetaMask Konomi Hoge Xbase Theft ICEINTHENICE
Date Event Description
March 17th, 2021 4:28:53 PM MDT 20 ETH Transaction On the blockchain.
March 20th, 2021 2:58:32 AM MDT Konomi Transaction Theft transactions occur for the Konomi[2], Hoge Finance[3], and XBase[4] tokens. All three transactions occurred in the same block of the Ethereum protocol.
March 20th, 2021 3:33:54 AM MDT Swap For USDT Attacker swapped coins for USDT. (Brought balance to 15 ETH.)
March 20th, 2021 8:00:16 AM MDT First Reddit Post Initial post made on Reddit reporting the situation. Their post had only a title and screenshots, with no text body provided[5]. TBD need to finish reviewing this thread further.
March 20th, 2021 9:59:53 AM MDT Second Reddit Post ICEINTHENICE posts a follow up post on Reddit with a large image reporting the attacker's address where the funds reside[6].
March 20th, 2021 2:03:59 PM MDT Swap For USDT Attacker swapped coins for USDT.
March 20th, 2021 3:42:31 PM MDT Discussion About MetaMask Lawsuit ICEINTHENICE discusses the potential for a lawsuit against MetaMask[7][8][9][10].
March 20th, 2021 5:02:24 PM MDT Investigation on Exchanges ICEINTHENICE receives a suggestion to "be relentless. Go to all social media platforms and make them pay attention to you" and indicates that he will[11][12].
March 20th, 2021 5:15:58 PM MDT Blaming MetaMask For Breach "Well I did exactly everything they said to do and I still get hacked so am I the problem or are they the ones with the problem".[13]
March 21st, 2021 8:31:19 PM MDT Ordered Hardware Wallet ICEINTHENICE reports that they have already ordered a hardware wallet[14].
March 20th, 2021 8:31:23 PM MDT Focus On Prevention "I know I’m just trying not to sweat the loss but I know it’s gone at this point I mean the sad part is that a bunch of other people had the same thing happen to them today and this prior week and they actually depended on that money know what I’m saying if we could team up as community and make sure this is made aware and we can work on preventing it from happening is a start instead of just crying about the loss"[15]
March 20th, 2021 8:42:42 PM MDT Not Giving Up On Hustling "I’m not gunna stop hustling my brother fall off the horse gotta hop right back on"[16]
March 22nd, 2021 2:55:08 PM MDT Received Hardware Wallet ICEINTHENICE reports they've received their hardware wallet "today already"[17].
May 2nd, 2021 5:47:02 AM MDT They've Already Forgotten ICEINTHENICE reports that they've already forgotten they were hacked because "this is so old lol I forgot that I was hacked"[18].

Technical Details

The last thing prior to theft was reportedly sleep: [19].

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

We are likely dealing with a more sophisticated attacker employing an automated bot, since all three transactions occurred within the same block.

[20]

https://etherscan.io/tokentxns?a=0x4D3587807e70D8f50592fCc0Cc99E0F3a9110fCA

https://etherscan.io/tx/0xd51808395b43ff72db2faba2f85f3c03ec96e32bf8012386bcf6d4340646b3a8

https://etherscan.io/tx/0x91bcd550ab607c14eae66cfbf3acad501953582964371e017f3f5c41b2eed711

https://etherscan.io/tx/0xd4af57c08faebafeeab92d0343ff9d2ed65ec6a162b4fc7b9444934f3fc6d006

https://etherscan.io/tx/0xcd6e77dfb7bd8b621bd368193bf627ee604de8f8c20e8664162eef22adc7939d

https://etherscan.io/tx/0x531886f6e599ac7c900438987937d84540092edc527333ef1c54cbc28f346781

https://etherscan.io/address/0x0c93069ae648c8523118f73bd8279547a4c84048

https://etherscan.io/tx/0x4d17a187b446a57bdeb5fef0daaee4aaa186993c7d5ab9cf3896480fef3ab6bd

https://web.archive.org/web/20230000000000*/http://xbase.finance/

Total Amount Lost

The total amount lost has been estimated at $3,000 USD. This was broken down into 3 separate token assets:

  • 129.326854400701850945 Konomi tokens[2].
  • 8,787,498.280061676 Hoge Finance tokens[3].
  • 1,483,612.92977633 XBase Finance tokens[4].

XBase Finance

A portion of ICEINTHENICE's holdings were in the XBase protocol[4], which appears to have disappeared shortly after the incident.[21][22][23] TBD fill in more information on XBase.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?


"I was hacked at 4:58 am I barely had any ethereum in my account to make a swap and yet they managed to complete 3 transactions. I need help please I will split the profits of whatever I get back with whoever can recover them if not MetaMask please let me know how we can fix this together"

"Yep definitely the hacker That the address my funds were sent to"

"Like yea here’s my seed phrases so u can hack my thousands"

"Nothing you can do but monitor the activities. You can go to etherscan and see where the funds get cashed out on. Then afterwards contact the exchange about the hackers activities. Make sure you have evidence, but i reported two of them on Binanace and no one responded to me. So dont get your hopes up"

"0x4D3587807e70D8f50592fCc0Cc99E0F3a9110fCA"

"Either MetaMask buys by back my stolen crypto or I will make sure this goes public to where I find the address of the person who created MetaMask"

"I know I’m just trying not to sweat the loss but I know it’s gone at this point I mean the sad part is that a bunch of other people had the same thing happen to them today and this prior week and they actually depended on that money know what I’m saying if we could team up as community and make sure this is made aware and we can work on preventing it from happening is a start instead of just crying about the loss"

"Warning! There are reports that the Xbase team has deleted the website and social media accounts. Please exercise caution when interacting with this address."

Initial Reddit Post About Incident

ICEINTHENICE first posted to Reddit roughly 5 hours after the theft occurred. Their post had only a title and screenshots, with no text body provided[5].

I was hacked at 4:58 am I barely had any ethereum in my account to make a swap and yet they managed to complete 3 transactions. I need help please I will split the profits of whatever I get back with whoever can recover them if not MetaMask please let me know how we can fix this together

Secondary Reddit Post About Incident

ICEINTHENICE shared a second post to Reddit with an image of the attacker's address[6].

Reddit Community Reactions

[24]

Do you know how many thousand use MM every day without losing money? The common theme amongst all these posts about MM users getting hacked is that they’re all new to crypto. You should buy a hardware wallet and use it to interact with MM.

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Getting Hardware Wallet

ICEINTHENICE [14].

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. BetItAllJonny comments on Hackers address (Oct 2, 2022)
  2. 2.0 2.1 Ethereum Transaction Transferring 129.326854400701850945 Konomi Tokens - Etherscan (May 23, 2023)
  3. 3.0 3.1 Ethereum Transaction Transferring 8,787,498.280061676 Hoge Tokens - Etherscan (May 23, 2023)
  4. 4.0 4.1 4.2 Ethereum Transaction Transferring 1,483,612.92977633 XBase Tokens - Etherscan (May 23, 2023)
  5. 5.0 5.1 I was hacked at 4:58 am I barely had any ethereum in my account to make a swap and yet they managed to complete 3 transactions. I need help please I will split the profits of whatever I get back with whoever can recover them if not MetaMask please...amask (May 23, 2023)
  6. 6.0 6.1 ICEINTHENICE - Hackers address - Metamask Reddit (May 23, 2023)
  7. ICEINTHENICE - "MetaMask need to fix this if not they are going to have a huge lawsuit on their hands and so is Hoge especially with the fact they display how to buy Hoge on HOGE.FINANCE AND IT CLEARLY SHOWS TO USE METAMASK SO THEY ARE BOTH GOING TO GET SUED IF THEY DONT TAKE CARE OF IT ASAP AND REIMBURSE MY MONEY SOMEHOW OR COMPENSATE IT" - Reddit (May 26, 2023)
  8. BetItAllJonny - "Metamask is decentralized app. So hard to sue" - Reddit (Oct 2, 2022)
  9. ICEINTHENICE - "With the amount of comments mentioning how people have been hacked I don’t believe I made an error MetaMask better fix this if n they are going to have a lawsuit on their hands" - Reddit (May 26, 2023)
  10. BetItAllJonny - "It's a decentralized app." - Reddit (Oct 2, 2022)
  11. BetItAllJonny - "ethscan or ethplorer just get address and see all txs on that addresss. to get coverted to cash it has to go thru an exchange. Then contact that exchange" - Reddit (Oct 2, 2022)
  12. BetItAllJonny - "But be relentless. Go to all social media platforms and make them pay attention to you." - Reddit (Oct 2, 2022)
  13. ICEINTHENICE - "Well I did exactly everything they said to do and I still get hacked so am I the problem or are they the ones with the problem" - Reddit (Jun 30, 2023)
  14. 14.0 14.1 ICEINTHENICE - "I already order them" - Reddit (Jun 30, 2023)
  15. ICEINTHENICE - "I know I’m just trying not to sweat the loss but I know it’s gone at this point I mean the sad part is that a bunch of other people had the same thing happen to them today and this prior week and they actually depended on that money know what I’m saying if we could team up as community and make sure this is made aware and we can work on preventing it from happening is a start instead of just crying about the loss" - Reddit (Jun 30, 2023)
  16. ICEINTHENICE - "I’m not gunna stop hustling my brother fall off the horse gotta hop right back on" - Reddit (Jun 30, 2023)
  17. ICEINTHENICE - "Just ordered one got it today already" - Reddit (Jun 30, 2023)
  18. ICEINTHENICE - "This is so old lol I forgot that I was hacked" - Reddit (May 23, 2023)
  19. ICEINTHENICE - "Sleep" - Reddit (Jun 30, 2023)
  20. Ethereum Transactions Information | Etherscan (May 23, 2023)
  21. $0.00000028 | XBASE.Finance (XBASE) Token Tracker | Etherscan (May 23, 2023)
  22. About XBase Finance – Medium (May 23, 2023)
  23. Xbase Whitepaper (May 23, 2023)
  24. HighFivePuddy - "Do you know how many thousand use MM every day without losing money? The common theme amongst all these posts about MM users getting hacked is that they’re all new to crypto. You should buy a hardware wallet and use it to interact with MM." - Reddit (Jun 30, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=MetaMask_Konomi_Hoge_Xbase_Theft_ICEINTHENICE&oldid=4696"