MetaMask users lose more than $10 million due to an unknown exploit
The hacker targets experienced crypto users and attack addresses created between 2014 and 2022
19.04.2023 - 09:10
493
3 min
0
What’s new? Metamask crypto wallet developer Taylor Monahan discovered an unknown exploit that allowed the hacker to withdraw at least 5000 ETH (about $10,37 million at the exchange rate on April 19) and an unknown number of other coins and non-fungible tokens (NFTs) from 11 different networks since December 2022. In a series of posts on Twitter, she said that the attack was not related to a low-brow phishing site and was systemic in nature.
For the past 48hrs I've been unwinding a massive wallet draining operation 😳😭I don't know how big it is but since Dec 2022 it's drained 5000+ ETH and ??? in tokens / NFTs / coins across 11+ chains.Its rekt my friends & OGs who are reasonably secure.No one knows how. pic.twitter.com/MafntG7RkP — Tay 💖 (@tayvano_) April 18, 2023
What else is known? The hacker attacks exclusively experienced crypto users, with the MetaMask team still not understanding exactly how he does it and what specific bug he uses.
The only commonalities that the victims have in common include the fact that the private keys were created between 2014 and 2022 and that the users were fairly experienced.
It is also known that a few hours after the first hack, the attacker usually returns to steal the remaining funds. The first theft in this case occurs between 10:00 and 16:00 UTC. He usually exchanges various tokens for ETH inside the wallet and then converts them into BTC to send to the crypto mixer.
Monahan advised not to keep all of one’s assets in a wallet with one secret phrase and to distribute funds to different addresses to avoid losses. Another security option would be to buy a hardware wallet.
Как надежно хранить криптовалюту. Выбираем лучшие криптокошельки 2023 года
Подробно разбираем все типы криптовалютных кошельков, а также выбираем лучшие хранилища для цифровых активов, исходя из потребностей каждого отдельного пользователя
Earlier, ConsenSys, the developer of MetaMask, reported data leaks from more than 7000 customers around the world. Thus, between August 1, 2021, and February 10, 2023, third parties were able to obtain the personal data of users who contacted the MetaMask support service.
In January, the developers of MetaMask warned about a new scam scheme in which attackers substitute the address of a transaction, counting on users’ inattention when making further operations.
Useful material?
Technologies
Network fees will be integrated into the cost of swaps
Nov 22, 2024
Market
The company’s unrealized profits from investing in its first cryptocurrency approached $14 billion
Nov 19, 2024
Incidents
The search, the reason for which was not announced, took place a week after the election, the results of which Polymarket users predicted quite accurately
Nov 14, 2024
Market
Analysts point to the growing popularity of the first cryptocurrency as a safe haven asset
Nov 13, 2024
Market
The product will begin trading on the Swiss Exchange on November 19
Nov 12, 2024
Market
The company’s unrealized profits from investing in the first cryptocurrency approached $13 billion
Nov 12, 2024