MultiversX Tracker is Live!

I was scammed, I lost most of my portfolio from 1 click, and this is what I learned from it

All Cryptocurrencies

by COINS NEWS 118 Views

I was scammed, I lost most of my portfolio from 1 click, and this is what I learned from it

I was scammed on 7/26/23 while doing a Mastercard event. I'm in extreme poverty, I don't have actual income because I'm disabled, and due to this event I lost the bulk of my value. They stole from me $267.93 in a matter of a click. While it might not sound like a lot to some. It's the majority of a years income worth for me. So this was a big hit.

Note the story on this shouldn't be don't do a noob move. Some might recognize I have been around crypto for a while, I promoted air gap wallets, using multiple wallets, etc.) And while something in the back of my mind didn't seem right at first and I shouldn't have ignored it.

The learning lesson should be 2 things.

  1. I did do a few things right which ended up protecting me from a complete lost in funds. I will show you how to setup alerts.
  2. I revoked the contracts as soon as I figured out what was going on.

I'm not asking for anyone's pity, or anyone to help me out. It is welcome, but not expected. Thank god I have Moons, or I would've ended things by now. They took a bit of my passive income, and that hurts a lot. As someone who is disabled and can't work. I highly depended on it. I'm just taking this 1 day at a time.

What happened:

In short, Mastercard and a crypto company had a NFT promotional thing, and I interacted with it. I was trying to find a way to link my wallet to the account so I can mint the NFT to my wallet. I couldn't find a way, and remembered in some places you can link it by Discord.

I scrolled down to the bottom of their website, and clicked the Discord button. Everything seemed legit and I had no reason to think it was otherwise because I was coming directly from their website. It wanted me to do the verification process, and it asked me to sign with the wallet. This isn't out of the norm since in many places you sign to let it know who you are. Basically, it is heavily used in web3. Afterwards, it wanted me to switch networks and do it again. Again, some web3 places do this when you have a multi chain.

At this point I was getting a number of alerts. And at this point, I knew I was screwed.

https://preview.redd.it/wf2jmu9hrjfb1.png?1277&format=png&auto=webp&s=1b2ea0b04d5c5d9904aacf5f74988a9199d69114

Because of the alerts, I first revoked any contracts made from this. I used https://revoke.cash/Just to show what it looks like. You can see what contracts you allowed at

https://preview.redd.it/8y4ntvpmrjfb1.png?1787&format=png&auto=webp&s=ff2123c38cd2ea4ca833a0766cdfd851de5d1b95

Note the thing in the image is just an example. That wasn't the scam contract. I already revoked it by the time I took a screenshot of this for the write up.

The next thing I did was contact the crypto company itself. To be honest, I tried to contact the scammer to beg for at least some of my stuff back because it is really that big of a blow. But I contacted the company because this scam was caused directly due to their site being screwed up.

Next I reported the scam page to Discord company themselves to stop it from scamming others. But they basically blew me off.

Something to note, one of the accounts it went into had the size of $700k. So this wasn't a small-time scammer that did this.

Beyond that, I started to document everything so I can be as accurate as possible. After I started investigating this problem, I found a few problems. While the discord button on the site and the Mastercard's event page on the site went to a scam discord page. The discord button on the promotional email for the Mastercard event, it went to the crypto companies actual discord page. From here I found they were aware of the problem hours prior to what happened to me.

During this past week, once this was fixed on the site itself. The scammers moved to another company all together. Same exact thing where the discord button on the page linked to the scammers discord pages (which they change the name and logo). After a bit, this was fixed and the scammer jumped to what appears to be a dead coin's page. This is a screenshot of their current page

https://preview.redd.it/d3gmprayrjfb1.png?1058&format=png&auto=webp&s=e371e4a08308d45f865aa210e9aecbe9039dcfc4

What is odd about this last one is the discord link in the promotional from last year stuff on the site (some web 3 gaming company that has a dead coin), the discord link there is the same one they used for the current scam. Which makes me wonder if FBI or whomever with the power looked at the site itself. If it turns out the site is own by the scammer. Sadly, I will never know since it will take a legal force to get discord to show dates and what not to prove or disprove this.

Here is what I did right:

The first

I signed up and used this to watch my accounts. I also have it on my phone. https://app.zerion.io/

Basically, you can tell it to watch given accounts and it will alert you when there is a transfer or something going on. It's free, and honestly everyone should use them for this feature alone. They have other things, but IMO this hands down is worth it.

Next

I revoked the smart contract as soon as possible. In fact, I did it before I checked my balance. The faster you can do this, the quicker you can stop the pain given they didn't take everything all at once. There is a few services that does this. Basically it changes the limit to how much it can take from unlimited to 0. Which kills the smart contract.

What I did wrong:

The first and biggest is ignoring red flags. I didn't need the NFT in my air gapped wallet and I was just tired and wanted to move on to something else. I should've took more time and asked questions on our discord or other places if I had them. Even more since I can screenshot the thing and show the smart contract on there and ask.

Like spending a few seconds longer when a red flag comes up, any red flag. It doesn't hurt anything because it isn't urgent.

The next is that I should've used my daily. It didn't even cross my mind at the time. I've been working on my air gap and maybe if I put it up it I would've grabbed my daily and still had my funds.

For those of you who doesn't know, I have an airgap wallet and a USB wallet. The USB wallet is my daily because it holds almost nothing, and if something happens I don't really lose anything. But, my air gap is meant for long term holding only. Not to be my personal ID and everything. That was the point of the daily.

What you should learn from this:

At the end of the day, 1 user error is all it takes. 1 just trying to get done. 1 little screw up is all it takes. It doesn't matter if you have 1 second of experience or been around since the start. And while some of this seems like noob errors. I literally have a degree in cyber security, I have a ton of papers in it, a number of years back I teach blockchain and cyber security. And while I had to give this up due to my disability and ended up losing everything due to it. It isn't like I stopped interacting and studying cyber security.

1 mistake is all it takes. And 1 mistake can happen to anyone. In short, you have to be right 100% of the time, and since this is impossible. You need to have a plan in place for when something happens.

What developers should learn from this:

  1. Actually take security threats seriously. Like in this case the attack was brought to their attention a good while before what happened to me. But the question goes into, how did the attack happened. At first I thought it was internal, but from how the scammers jump from place to place and they were replacing the discord button at each place. It's more likely a service used for the site has problems.
  2. Audit your site once in a while. Audit the logs also. But make sure the social media links are what they need to be.
  3. As mention, when people bring up cyber security threats. Don't brush it off. If your company doesn't have a plan on how to deal with this when you are alerted on anything to include reddit. Then develop a plan. It should've automatically be brought up the chain and customer service should've been notified to keep an eye out on anything. Social media and customer service is your eyes and ears when it comes to seeing if anyone was messed over, and it shouldn't be a shock for the customer service that it is happening.

What I'm doing now:

As mention I have a daily and an air gap. I'm putting the air gap up where it won't be touched outside of storage. That away it isn't just by habit or whatever I grab it and I have to think about what I'm doing.

Following this, if there is any question on things I am going to start using the tools I have. Simply stop for a second, take a screenshot, send it to the CC discord, and say I'm getting a red flag in the back of my mind but IDK why and ask if someone can double check things.

Sadly, there isn't much else I can do other than try to rebuild and cry. My hope one day is I can look back and wonder why I cared so much about so little. But being in extreme poverty it hurts a lot and I have my doubts.

My hopes is others can learn from this.

submitted by /u/crua9
[link] [comments]

Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Comments