I've been in crypto for a little while now... 5+ years easily. I'm no expert by any means (proven by the fact that I was somehow hacked) but I thought I was still pretty damn careful. Air gapped PC's, encrypted drives, etc... I take my security serious.
Somehow, someone was able to access the wallets on my phone as well as my Coinbase account. I had 2fa with Google authenticator on CB that they were somehow able to get by as well, allowing them to send my funds to their wallet. They also attacked my Metamask, MEW, and VeChain wallets- but luckily haven't been able to withdraw the bulk of my assets which are currently controlled on a Ledger- nor did they access my Pera Algo, which is also controlled by the Ledger.
I do not believe my seeds have been compromised simply because they didn't drain the Ledger account which is where most of my funds are, and also because they were able to get into my coinbase account somehow, purchase more crypto, and send everything that was on there to another wallet. It is because of this that I believe my phone was hacked somehow, as none of these wallets are on my PC.
At this point I am unsure how my phone would have been compromised but it's the only thing I can come up with as the MEW, metamask and VeChain wallets were limited to my phone and have never transacted with any smart contracts or anything. I run Malwarebytes on the mobile, utilize a trustworthy VPN, don't download apps that aren't well known and trusted- if I even download any at all, and I keep my phone locked and encrypted- and furthermore I even have my wallets and authenticators further encrypted in Samsung's "Knox" Vault which requires a second, different password to access. Nobody has access to my phone- it is on me at all times. I never connect to unknown wi-fi networks, and keep my network pretty secure I feel- again using a VPN in addition to WPA2 network encryption.
I've scanned my phone, reviewed my apps and permissions- and haven't found anything to reveal exactly how it happened. I have recently transferred these wallets from another mobile device I had, so I am in the process of checking that device too. I have contacted CB to have my account flagged and have decided to do a hard reset on my mobile device and just re-establish everything new from the ground up- but not knowing exactly how it happened to begin with has me pretty damn worried. I have to believe it originated online since I don't discuss my crypto with anyone irl. I lost a bit of money, a few random nft's, .eth domains, etc. but luckily it seems the majority of my assets have remained safe with the hardware wallet so I'm quite thankful for that little guy- more than I can tell you.
I will update if I figure anything out but be careful out here seriously guys as annoying as it is to hear it needs to be said- this is wild and if it can happen to me with as many precautions as I've taken, it can probably happen to a lot of other people who think it couldn't. I wish I could offer more to help everyone stay safe- but if you can learn anything from my story it would probably be to buy a hardware wallet to have somewhere truly safe that you can store your funds.
EDIT: Thanks for the awards and I really appreciate all of the suggestions helping me go about finding out what happened exactly, and will be sure to keep everyone updated on anything I find out and hopefully it can prevent this from happening to someone else.
EDIT 2: This post has a lot more replies than I was expecting and I can't get back to everyone individually so I'll address the most common things I've read, but I am reading everything and do appreciate all your thoughts.
One of the most common thing I've read is that someone got hold of my phone. I'll admit anything is "possible", but I keep it on me at all times when I'm not home. Realistically I can't think of one anyone aside from my wife that could have accessed my phone.
I'm old and have zero friends. I go to work and come home and that's it really. I've got family that knows I'm into crypto but my coworkers do not unless someone peaked at my phone while I was checking cb or something. And my wife doesn't know what crypto even is really, I love her but between 20 bucks and 20 eth, she would go for the 20 bucks.
I do use Bluetooth as well as NFC.
I lost relatively little money from the attack compared to the funds in total. The wallets didn't have very much in then simply because they were hot wallets. I do not trust hot wallets and therefore those losses were pretty small.
Coinbase was a larger loss but still small considering how bad it could have been. I HAVE LEARNED TO WHITELIST ON COINBASE GOING FORWARD.
While I can't definitively say I didn't click a bad link, I'm very cautious. But after reading a bit about Browser exploitation I will say it's some scary stuff.
I am leaning heaviest toward malware and according to some others it will be very hard for me to find at the "user level" and I totally understand that. I know a hacker could easily make a small change and go undetected by Anti-Malware too so I'm not sure how I might approach this entirely.
I'm not trying to shill for any hardware wallet in particular but I am shilling hardware wallets. Buy them if you don't want your crypto taken. It's the best investment I ever made and literally kept my funds safe during an actual attack. Or don't- your crypto isn't mine. But the helpful me really recommends that you do.
Still no response from Coinbase and I have to call a special number for my phone company which I'm getting ready to do when my kids go outside.
I do not have my sim locked- but the 2fa I use is Google authenticator not text message. I've heard a lot about cloned sim and cloned phones but i just don't see how it would give them access to my wallets or authenticator. Also my phone is not rooted.
UPDATE- likely solved.
I'm 99% sure I have figured out exactly what happened- and mistakes were definitely made, but I can't confirm it 100% until my wife goes back to work next week.
While I was trying to figure things out with my phone, my wife discovered her venmo balance was gone on hers. After seeing this I started asking the whole family questions thinking it was some kind of network infiltration. When I asked if anyone downloaded any strange attachments or found any USB drives or anything, my wife brought up a package we received a couple of weeks ago. I know I am going to get dragged through the mud for this but all I can say is hindsight is 20/20, and it wasn't like someone said "hey plug this in your phone" so I honestly just didn't see it coming.
My wife opens a package one day and sets the stuff on the counter thinking it's mine. The package was from Amazon but I didn't order it. This wasn't exactly strange because this isn't the first or even the second time this has happened- and much like the previous times, the stuff inside wasn't anything cool. It was a USB-C wall charger, a type c-c cable and a cheap set of dollar-store-quality wired earbuds (last time it was baby-proofing safety items). I had all the packages I was expecting that week and never gave it another thought- like I said, it's happened before. During some point she started using the charger, which means that I likely used it too since I am always unplugging hers and plugging mine up when it needs charged and I don't feel like getting my charger.
When she brought up the package I didn't think much of it. But then I found THIS: https://shop.hak5.org/products/omg-cable and after reading its capabilities its like someone watching over your shoulder AND having your phone in their hands COMBINED. The site says it's a keylogger, keyboard and mouse all in one and undetectable to security. The tech specs on this thing sound unreal and if you don't know why you shouldn't plug up to unknown items- EVEN JUST A SINGLE CABLE then you NEED to see this thing and be aware. I can't even explain everything it can do here and you wouldn't believe it if I could. It's literally just a cable. Someone mentioned a rubber ducky attack which I seen an item called a rubber ducky on the site, so that person wasn't far off.
My wife has the charger at work and doesn't return until Tuesday so I can't confirm 100% that this is what happened, but I am 99.9% sure. According to the website, the cable is indistinguishable from ordinary cables so I am contacting the company to tell if there is a way to determine if its what I think it is without destroying it in case there is any kind of useful data on it. But the website says that it can be wiped remotely and even be bricked so I don't know. Worst case scenario I just have to tear this thing apart and look inside to see if it looks crazy underneath. On the website there is an x-ray of the cable, showing an antenna. It has its own web server built in and can connect to the internet or something- I am still trying to learn about it so I am not completely sure.
I will continue to keep everyone posted about anything i find but so far my phone carrier hasn't been of any real assistance, Coinbase hasn't even responded back, and the main piece of evidence I need to confirm all of this is at my wife's work until she goes back Tuesday. If this is what happened hopefully I can figure out exactly how I was targeted. There are many posts suggesting this person knows me irl. I agree it is possible, but think that it is unlikely. I don't associate with anyone outside of my family let alone discuss crypto, but unfortunately I DO discuss it online and wonder if that's where the attack originated. Today I received an email from Samsung (supposedly- I don't even know anymore and at this point I'm too afraid to click on it) saying there was a data breach. LastPass had a breach, my phone carrier had a breach, you name it. Even Ledger, the company some of you claimed this is all a shill for- had a data breach (shill unshilled) and I have to wonder what information, and from what sources- was used to make me a target. This cable cost between $100 and $200 so I feel like they had to know I had enough to make it worth their risk of investing in something like that, just to be sending someone.
As soon as my wife brings the charger home I will inspect it and let all of you know what I come up with and critique all the mistakes that led me down this path and what I have learned so that maybe others who may not have considered this kind of attack can be more aware that it exist and can happen and maybe give them more reason to follow the rules. Like I said, I wouldn't go plugging my phone into any pc's- but yes, I was caught off guard and that's all it took.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments