A story without an ending: MetaMask user loses 41 Ether due to hacking, still puzzled about the cause of the hack.
Investor Jonny Reid shared on Twitter his experience of having his encrypted assets in his MetaMask wallet stolen. Upon reflection, he considered himself to have a high level of security awareness and even with the assistance of friends in cybersecurity, he was unable to identify the security vulnerabilities that the hacker exploited. After the incident, he could only further enhance his security measures.
Original link: https://twitter.com/TheJonnyReid/status/1528350421047189506
On May 18th of this year, Jonny Reid discovered that 41 Ether in his MetaMask wallet had been transferred out. He emphasized that although he did not use a hardware wallet, he had been using wallets like MEW and MetaMask since 2016, with a high level of security awareness. He was very cautious about any social media platforms, phishing links, Discord, Telegram, etc., and to this day, he is still unsure why he was hacked.
Advertisement - Scroll down for more content
Table of Contents
Potential Theft Reasons
1. One of the Web Page Refresh Applications
Reid needed to renew his passport for an upcoming trip and had to apply online through the UK government website by constantly refreshing the page to apply early, so he downloaded two Chrome extension applications on 5/16 to auto-refresh the page.
He didn't like the first extension app, so he deleted it and downloaded another one.
2. Second Web Page Refresh Application
The second one was "Easy auto refresh," and he used it for about 14 hours. The antivirus software did not detect any abnormalities, no strange pop-up windows, everything went smoothly.
Subsequently, until the hacking incident on 5/18, Reid, busy with wedding preparations, had not used his wallet for over three days. Afterwards, he continued to investigate the reasons, including whether the MetaMask wallet was logged in, or if he clicked on any strange links.
Hacker's Actions
Reid had around eight wallets in his MetaMask, totaling about $130,000. The hacker sold about $83,000 worth of 41 ETH.
- First Sale
- Second Sale
- 41 ETH Transferred to the "FIXED FLOAT" exchange
Reid and his friends had never heard of the "FIXED FLOAT" exchange. He actively communicated with the exchange's customer service, but they could not provide any details.
Post-Incident Security Analysis
Reid had a cybersecurity friend check his computer, but neither his laptop nor personal computer showed any abnormalities.
After much thought, Reid changed all his passwords and discovered some traces. He noticed suspicious activity on his Gmail account, where his Google account was logged into on a device in Czech Republic before the hacking incident.
To this day, he still doesn't understand why his Gmail was hacked. He had set up 2FA, and found that the first web page refresh software he downloaded coincidentally had an update on the day of the hack, 5/18, while he was using the 04/11/2021 old version. But this may just be a coincidence.
Enhancing Security Further
After the incident, Reid purchased a cold wallet, Ledger Nano X, a laptop dedicated to cryptocurrencies, and reset two old computers.
Although the exact cause of the hack is unknown, the crypto community's response to this article, whether out of sympathy or to offer help, has sparked much discussion. Especially in situations where hackers can control MetaMask just by confirming that a Google account was hacked, leaving everyone surprised.
Reid also pointed out a scam in previous reports, where scam groups monitor all posts through the Twitter API. If a post contains words seeking help like support, help, or assistance, as well as crypto wallets like MetaMask, Phantom, Yoroi, or Trust Wallet, the post will receive a reply from a scam bot within seconds of posting.
Since his post, Reid has continually been tagged or received similar scam content on Twitter, urging everyone not to click on any links.
Since posting this i have been spammed out with tags / pms of stupid shit like this.
NEVER FALL FOR THIS NONSENSE NOR CLICK ON IT PEOPLE. pic.twitter.com/sZ2oJ4KLO2
— JonnyReid (@TheJonnyReid) May 22, 2022
Related
- Andre Cronje Discusses Appchains: Innovation or Over-Engineering?
- Reviewing the collapse of TonUP, the high-profile Launchpad plummeted 99%. Does this symbolize the demise of TON?
- Executive Board member of the European Central Bank advocates for establishing a "European ledger", pushing for DLT to improve market fragmentation