MetaMask Wallet NFT Theft Baconm77/Michael Bode

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Michael Bode NFT Transfers

NFT enthusiast and collector Michael Bode saw all of his NFTs lost after his wallet was drained, which he attributes to a MetaMask breach. One of the NFTs was purchased by another user MrRayG for 0.9 ETH, and MrRayG returned the NFT for free after it was flagged on the OpenSea platform. Some NFTs remained in the wallet and were transferred to a new ethereum address. It is still being investigated what happened to the other NFTs.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30]

About None

"Can anyone please help?!?!?! My MM account was hacked. I lost everything!!!!"

"Can you connect with me on DM? I bought your Lazy Lion and didn’t know your account was hacked or compromised. Happy to sell it back to you as i see you flagged it with @opensea and now it doesn’t allow me to sell it."

"It happened to me. I bought a stolen NFT shortly after it was transferred, listed and then sold to me with NO knowledge it was stolen. ETH spent and a day later it was flagged by @opensea. Solution: found the original owner and gave it back! Be safe out there."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - MetaMask Wallet NFT Theft Baconm77/Michael Bode
Date Event Description
May 17th, 2022 7:49:37 AM MDT Vee Friends 21966 Vee Friends 21966 is the first NFT transferred from the MetaMask account of Baconm77 is transferred to an unknown address.
May 17th, 2022 7:51:14 AM MDT HAPE 1804 transferred HAPE 1804 is transferred from the MetaMask account of Baconm77 is transferred to an unknown address.
May 17th, 2022 8:07:15 AM MDT Lazy Lion 1640 transferred The stolen Lazy Lion 1640 from the MetaMask account of Baconm77 is transferred to an unknown address.
May 17th, 2022 8:09:23 AM MDT Bunny Buddy 980 Transferred Bunny Buddy 980 is the last NFT transferred from Baconm77 to an unknown address.
May 17th, 2022 10:28:00 AM MDT Baconm77 OpenSea Theft Post Baconm77 reports that their MetaMask account was hacked and provides a photograph of their computer with a list of NFTs which were taken.
May 18th, 2022 12:21:00 PM MDT Response To Victim MrRayG responds to Twitter user Baconm77, who reports that their MetaMask account was hacked. "Can you connect with me on DM? I bought your Lazy Lion and didn’t know your account was hacked or compromised. Happy to sell it back to you as i see you flagged it with @opensea and now it doesn’t allow me to sell it." In MrRayG's tweet, it is again mentioned here that the NFT has been "flagged by @opensea" "a day later" "after it was transferred".
May 21st, 2022 10:36:00 AM MDT Acknowledgement Baconm77 tweets that he "want[s] to ta[ke a] second to recognize [MrRayG]". "This man spent his own money to buy it not knowing it was from a hacker. He just sent it back to me. Please go follow and acknowledge this man. Thank you[.]" He references MrZombieApoc, which appears to be a former handle of MrRayG.
May 22nd, 2022 11:01:49 AM MDT NFT To MrRayG MrRayG purchases LazyLion 4147, which is pictured in the post about the stolen NFT, appears to come into the possession of MrRayG.
May 23rd, 2022 9:44:37 AM MDT New Wallet Transfer Baconm77 appears to have set up a new wallet (michaelbode.eth) and starts to transfer the remaining NFTs there.
May 26th, 2022 7:09:00 PM MDT Safety Recommendation MrRayG recommends users to "[c]heck activity to avoid purchasing a stolen NFT" in response to another user.
May 26th, 2022 8:58:00 PM MDT Reply To Seth Green MrRayG reports that he "bought a stolen NFT shortly after it was transferred" "with NO knowledge it was stolen". He also states that he "found the original owner and gave it back" and is "back with this beauty", referencing Lazy Lion 4147, which he recently purchased.
May 26th, 2022 9:27:00 PM MDT Question About Return Twitter user EMPStudio4 questions MrRayG as to whether he "g[o]t the eth [he] used to purchase [the NFT] refunded back to" him when he gave "it back to the original owner". This question is unanswered.
May 27th, 2022 8:14:00 AM MDT Reply To OpenSea "Do you really care about Web3 with your “GM”? I beg to differ. Protect your users! Build better! Build safer!"
May 28th, 2022 11:08:00 AM MDT Crazy Space Out There MrRayG tweets to "[b]e careful out there creators, collectors, and traders. Its a crazy space but we are building better! #AAPES is here to stay. Transparency is the only way."
May 31st, 2022 10:46:00 AM MDT Exciting Accountability "What excites [MrRayG] the most [about Web3] is for pioneers like @opensea to be accountable in building a safer and more welcoming future for new users."
June 10th, 2022 10:33:00 AM MDT Praise To LooksRare MrRayG praises LooksRare "for adding the warning of an NFT being untradable on @opensea" and "being part of the solution".
July 25th, 2022 6:56:00 AM MDT Shared Experiences MrRayG responds to user B0x182 about a compromised NFT, to share his experiences. He suggests that their "stolen NFT process and policy needs to be revisited".
August 7th, 2022 10:00:00 AM MDT OpenSea Criticism MrRayG posts another criticism of OpenSea for their poor handling of thefts.
August 11th, 2022 7:41:00 AM MDT OpenSea Support MrRayG praises OpenSea for posting a new policy on handling of thefts in the platform, calling it "a great post to address the [elephant] in the room" and that enabling sales of potentially stolen NFTs if a police report isn't received within 7 days is "a GREAT first step".
October 17th, 2022 5:00:00 PM MDT Debate About Ownership "I rather imagine that the solution to NFTs getting stolen is near!"
January 14th, 2023 10:19:47 PM MST NFT Resold According to the blockchain record, the NFT is resold to the user 0_oRare.
January 20th, 2023 6:08:00 AM MST OpenSea Did Nothing Another user franklinisbored reports that a stolen ape was sold to their current active bid offer. MrRayG responds that it also "[h]appened to [him] and @opensea did nothing."

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

At least Lazy Lion 1640.

The total amount recovered is unknown.

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. @MrRayG Twitter (Feb 5, 2023)
  2. @MrRayG Twitter (Dec 4, 2023)
  3. Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 4, 2023)
  4. https://opensea.io/assets/ethereum/0x8943c7bac1914c9a7aba750bf2b6b09fd21037e0/4147 (Dec 4, 2023)
  5. Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 4, 2023)
  6. Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 4, 2023)
  7. @MrRayG Twitter (Dec 4, 2023)
  8. @MrRayG Twitter (Dec 5, 2023)
  9. @MrRayG Twitter (Dec 5, 2023)
  10. @EMPStudio4 Twitter (Dec 5, 2023)
  11. @MrRayG Twitter (Dec 5, 2023)
  12. @MrRayG Twitter (Dec 5, 2023)
  13. @MrRayG Twitter (Dec 5, 2023)
  14. @MrRayG Twitter (Dec 5, 2023)
  15. @Baconm77 Twitter (Dec 5, 2023)
  16. Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 5, 2023)
  17. Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 5, 2023)
  18. Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 5, 2023)
  19. Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 5, 2023)
  20. NFT Transfers | Etherscan (Dec 5, 2023)
  21. #1640 | Lazy Lions | Etherscan (Dec 5, 2023)
  22. https://nft.coinbase.com/@baconm77 (Dec 5, 2023)
  23. Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 5, 2023)
  24. https://nft.coinbase.com/nft/ethereum/0x4db1f25d3d98600140dfc18deb7515be5bd293af/1804 (Dec 5, 2023)
  25. @Baconm77 Twitter (Dec 5, 2023)
  26. @MrRayG Twitter (Dec 5, 2023)
  27. @MrRayG Twitter (Dec 5, 2023)
  28. @Baconm77 Twitter (Dec 5, 2023)
  29. @MrRayG Twitter (Dec 5, 2023)
  30. @MrRayG Twitter (Dec 5, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=MetaMask_Wallet_NFT_Theft_Baconm77/Michael_Bode&oldid=5282"