I'm an idiot, no doubts about that. For more than a decade in crypto, I managed to survive* (almost) without losing a dime to multiple hacks/scams/losses/thefts.
On Friday they caught me off guard. Here is how it happened, so you can avoid it if the same happens to you:
I was traveling together with my family, away from my laptop, and with my mind focused on other things and priorities.
A trusted friend who knows me well, sends me a telegram message with the following text: "Check this out" -> link to a tweet".
The tweet was talking about the zkSync airdrop, which I was very much looking forward to, and which I told him some weeks ago. I was aware that no airdrop had been announced and that multiple scam attempts were around.
A few weeks earlier, I used my main ETH hot wallet to perform a whole bunch of actions to interact with zkSync (1 and 2), just to play around with it.
So as I was in the car, and since I was anxious to know if that was the real airdrop, I opened the tweet (which btw is still online as of now, 5 days later ---> https://imgur.com/a/ITBH31u
I read the tweet, and on a quick first look it seemed very legit: it came from what seemed to be a dev: blue checkmark (FU Elon), Twitter account joined in 2012, 300k followers, 900 retweets.
FOMO kicked in. Fuck me. This must be IT, everything checks. A trusted friend sent it to me, and the Twitter account is real.
I already performed most of the actions required to participate in "the airdrop" (interact with zkSync in different ways). All I have to do is just go to the website, connect with Metamask and join the whitelist.
I wanted to get it done as fast as I possibly could, so I could forget about it and go on with my family trip. No need to check further. (took me off guard, told you).
So I went on the website (if I only paid more attention to the URL... ), and connected my Metamask mobile wallet to it. He asked me to sign something to join the white list. Then nothing happened. OK, I made it!
My wallet was fully "loaded" as I was gathering liquidity to start a minipool on the next week :(.
1 hour later I receive an alert from a watched wallet on etherscan. And I could see my whole ETH balance leaving my wallet using the function "SecurityUpdate" going out to https://etherscan.io/address/0xd13b093eafa3878de27183388fea7d0d2b0abf9e .
I knew what happened immediately. Reported the tweet, reported the address on etherscan, and watch my ultrasound money flying, along with thousands of other incoming transactions from other people.
This person/group is making millions as I type, and it seems unstoppable. To see his funds moving OUT, he is using some sort of internal transactions -> https://etherscan.io/address/0xd13b093eafa3878de27183388fea7d0d2b0abf9e#internaltx
So, I have ONE important question now: should I burn my Ethereum address now and never use it again? If I move ether on it, will he/she be able to steal it from me again, or was it just a one-off bundle tx he signed? He didn't take my NFTs or my ENS. He didn't take my ERC20 tokens (not much).
FML, don't FOMO. Don't interact with web3 from a smartphone. Don't keep funds on a hotwallet that you can access from a smartphone. Don't trust Twitter followers/retweets/creation date/ and don't trust the blue checkmark.
- EDIT: I saved the ENS, but a "valuable" NFT was also stolen in the hack
- EDIT2: can't move the signed copy of the Proof Of Stake book by vitalik
- EDIT3: can't move the well-earned POAPs :(
- EDIT4: what fucked with my brain the most is the Twitter Blue Checkmark. Twitter trained my brain to trust those things for more than 10 years, and now in two weeks required my trust system to adapt to it. I'm in my mid-thirties I don't have enough neuroplasticity to change my brain on the spot.
- EDIT5: Most funds end up here (900 ETH+ and counting) -> https://etherscan.io/address/0x84527b5949d479c879b8dd71cd8f79048cdf6fb8 . being washed via tornato and defi
- EDIT6: the scammer also started selling off stolen NFTs all over the place a few minutes ago https://etherscan.io/address/0xef0159e704d06c888a140a50e06b3eab8375b538
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments