A victim here on Reddit recently lost 80K across Ethereum, Solana, and Cardano. There's a post he made a couple of weeks ago outlining the hack/scam. I didn't see any useful comments in the original post and he reached out to me looking for help. I focused on the Ethereum network as this appears to be where most of the activity takes place. I'm showing about 970K lost in stolen funds with numerous victims getting caught up in this scam. Below is my attempt to outline where the funds went as well as how the scam happened. Ethereum WalletsBelow are the main wallets associated from the victim who lost 80K and the main scammer wallets. The wallet labeled Reddit Sweeper was used to clean out about $25 in ETH. If it is in fact a sweeper wallet, that would mean a seed phrase compromise. Otherwise the victim may of never revoked access and the scammer could of just gone back and cleaned up a bit of leftovers a day after the scam.
Additional Wallets0xcf3BA5a31A376D01EbdcCad2b84Eb40D89EEdBA7 - 80k Scammer Reddit I marked off the below wallets as outgoing txns from the 80k Scammer wallet. Interestingly, almost all of the funds (about $950,000) are still sitting in these wallets. There's a strong chance of recovery if law enforcement is actively monitoring the movements of the below addresses.
Wallet of Interest0x418f6d0EE7aDF31Eaa757105980fa446a3D66a37 0x418f6d0EE7aDF31Eaa757105980fa446a3D66a37 funded 0xAC66519D0650Bd5163fa4a93737E660a780ACDae - 80K Scammer Reddit Sweeper? It's possible 0x418f6d0EE7aDF31Eaa757105980fa446a3D66a37 might also be a victim. If I had more time, I'd do a deeper dive to find out who this entity is. This wallet has a user name associated with their OpenSea profile. HitBTC Deposit Addresses
These deposit addresses don’t look like they belong to 0x418f6d0EE7aDF31Eaa757105980fa446a3D66a37. It looks like he was paying for some service. Possibly accounts or gift cards as the wallets in the deposit address appear to have no relation to each other. Wallet of Interest 20x1C1700B0dE3850AbA5ACfd38c3446b9b054e0715 - 80k Scammer Reddit 5 After further investigation, 0x1C1700B0dE3850AbA5ACfd38c3446b9b054e0715 - 80k Scammer Reddit 5 also appears to be a scammer wallet. I almost missed this one as this was the last incoming txn to 0xcf3BA5a31A376D01EbdcCad2b84Eb40D89EEdBA7 - 80k Scammer Reddit. Below is a user on Twitter reporting the wallet belonging to a hacker/scammer. Interestingly this victim also mention funds getting removed from his Ledger device. Movement of FundsIt seems the scammer took the following route to move all the stolen funds
Additional Wallets0x04d554f7f7163226A2CdFAcf127b7d5385576E79 0x1C1700B0dE3850AbA5ACfd38c3446b9b054e0715 - 80k Scammer Reddit 5 sent 2.5K to 0x04d554f7f7163226A2CdFAcf127b7d5385576E79. There’s a number of eXch Deposit addresses. 0x211172b638F73c1bd998E9f57f82E74A10FD0ed4 0x1C1700B0dE3850AbA5ACfd38c3446b9b054e0715 - 80k Scammer Reddit 5 sent 2K to 0x211172b638F73c1bd998E9f57f82E74A10FD0ed4. More MovementThe below can really open up the Rabbit Hole to find other hacks and deposit addresses. How the Scam HappenedLooking at the original Reddit post from the victim and the twitter user's post, it appears a bad actor is airdropping malicious NFTs to ledger users. I'm not sure the exact scenario that played out, but the victims could of received an unsolicited NFT that appeared to be a voucher promising "free money". The voucher could say something along the lines of "You WON 5000 USDC or USDT!" The voucher lures the victim to a website requiring you to approve the transaction. Once you sign the contract, your assets now belong to the scammer. How to Avoid Malicious NFT AirdropsUnfortunately, it's very hard to avoid someone sending you unsolicited NFTs. However, there are actions you can take to avoid engaging with any of these malicious NFTs.
Stay safe out there! Update: - I was able to get clarification from the victim on what actually happened. Apparently it was a seed phrase compromise which would explain the sweeper bot and assets drained across multiple chains. The attack required the user to follow step by step instructions to claim the reward which ended with the victim entering their seed phrase. [link] [comments] |
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments