PEOPLESECURITY

A story without an ending: MetaMask user loses 41 Ether due to hacking, still puzzled about the cause of the hack.

share
A story without an ending: MetaMask user loses 41 Ether due to hacking, still puzzled about the cause of the hack.

Investor Jonny Reid shared on Twitter his experience of having his encrypted assets in his MetaMask wallet stolen. Upon reflection, he considered himself to have a high level of security awareness and even with the assistance of friends in cybersecurity, he was unable to identify the security vulnerabilities that the hacker exploited. After the incident, he could only further enhance his security measures.

Original link: https://twitter.com/TheJonnyReid/status/1528350421047189506

On May 18th of this year, Jonny Reid discovered that 41 Ether in his MetaMask wallet had been transferred out. He emphasized that although he did not use a hardware wallet, he had been using wallets like MEW and MetaMask since 2016, with a high level of security awareness. He was very cautious about any social media platforms, phishing links, Discord, Telegram, etc., and to this day, he is still unsure why he was hacked.

Advertisement - Scroll down for more content

Potential Theft Reasons

1. One of the Web Page Refresh Applications

Reid needed to renew his passport for an upcoming trip and had to apply online through the UK government website by constantly refreshing the page to apply early, so he downloaded two Chrome extension applications on 5/16 to auto-refresh the page.

He didn't like the first extension app, so he deleted it and downloaded another one.

2. Second Web Page Refresh Application

The second one was "Easy auto refresh," and he used it for about 14 hours. The antivirus software did not detect any abnormalities, no strange pop-up windows, everything went smoothly.

Subsequently, until the hacking incident on 5/18, Reid, busy with wedding preparations, had not used his wallet for over three days. Afterwards, he continued to investigate the reasons, including whether the MetaMask wallet was logged in, or if he clicked on any strange links.

Hacker's Actions

Reid had around eight wallets in his MetaMask, totaling about $130,000. The hacker sold about $83,000 worth of 41 ETH.

Reid and his friends had never heard of the "FIXED FLOAT" exchange. He actively communicated with the exchange's customer service, but they could not provide any details.

Post-Incident Security Analysis

Reid had a cybersecurity friend check his computer, but neither his laptop nor personal computer showed any abnormalities.

After much thought, Reid changed all his passwords and discovered some traces. He noticed suspicious activity on his Gmail account, where his Google account was logged into on a device in Czech Republic before the hacking incident.

To this day, he still doesn't understand why his Gmail was hacked. He had set up 2FA, and found that the first web page refresh software he downloaded coincidentally had an update on the day of the hack, 5/18, while he was using the 04/11/2021 old version. But this may just be a coincidence.

Enhancing Security Further

After the incident, Reid purchased a cold wallet, Ledger Nano X, a laptop dedicated to cryptocurrencies, and reset two old computers.

Although the exact cause of the hack is unknown, the crypto community's response to this article, whether out of sympathy or to offer help, has sparked much discussion. Especially in situations where hackers can control MetaMask just by confirming that a Google account was hacked, leaving everyone surprised.

Reid also pointed out a scam in previous reports, where scam groups monitor all posts through the Twitter API. If a post contains words seeking help like support, help, or assistance, as well as crypto wallets like MetaMask, Phantom, Yoroi, or Trust Wallet, the post will receive a reply from a scam bot within seconds of posting.

Since his post, Reid has continually been tagged or received similar scam content on Twitter, urging everyone not to click on any links.