MetaMask users lose more than $10 million due to an unknown exploit
The hacker targets experienced crypto users and attack addresses created between 2014 and 2022
19.04.2023 - 09:10
522
3 min
0
What’s new? Metamask crypto wallet developer Taylor Monahan discovered an unknown exploit that allowed the hacker to withdraw at least 5000 ETH (about $10,37 million at the exchange rate on April 19) and an unknown number of other coins and non-fungible tokens (NFTs) from 11 different networks since December 2022. In a series of posts on Twitter, she said that the attack was not related to a low-brow phishing site and was systemic in nature.
For the past 48hrs I've been unwinding a massive wallet draining operation 😳😭I don't know how big it is but since Dec 2022 it's drained 5000+ ETH and ??? in tokens / NFTs / coins across 11+ chains.Its rekt my friends & OGs who are reasonably secure.No one knows how. pic.twitter.com/MafntG7RkP — Tay 💖 (@tayvano_) April 18, 2023
What else is known? The hacker attacks exclusively experienced crypto users, with the MetaMask team still not understanding exactly how he does it and what specific bug he uses.
The only commonalities that the victims have in common include the fact that the private keys were created between 2014 and 2022 and that the users were fairly experienced.
It is also known that a few hours after the first hack, the attacker usually returns to steal the remaining funds. The first theft in this case occurs between 10:00 and 16:00 UTC. He usually exchanges various tokens for ETH inside the wallet and then converts them into BTC to send to the crypto mixer.
Monahan advised not to keep all of one’s assets in a wallet with one secret phrase and to distribute funds to different addresses to avoid losses. Another security option would be to buy a hardware wallet.
Как надежно хранить криптовалюту. Выбираем лучшие криптокошельки 2023 года
Подробно разбираем все типы криптовалютных кошельков, а также выбираем лучшие хранилища для цифровых активов, исходя из потребностей каждого отдельного пользователя
Earlier, ConsenSys, the developer of MetaMask, reported data leaks from more than 7000 customers around the world. Thus, between August 1, 2021, and February 10, 2023, third parties were able to obtain the personal data of users who contacted the MetaMask support service.
In January, the developers of MetaMask warned about a new scam scheme in which attackers substitute the address of a transaction, counting on users’ inattention when making further operations.
Useful material?
Market
Due to supply shortages, the asset’s pre-market exchange rate was climbing above $1000
Dec 16, 2024
Incidents
Reports about the hacking of the exchange with calls to withdraw assets began to spread on December 13
Dec 13, 2024
Crypto regulations
Stablecoins from issuer Circle will not be affected by the changes
Dec 12, 2024
Crypto regulations
The platform will launch after meeting the preconditions of the local exchange authority
Dec 9, 2024
Market
The $1,1 billion figure was reached after the bitcoin correction
Dec 6, 2024
Crypto regulations
By early January, all open positions and loans of local users will be closed and repaid automatically
Dec 5, 2024