I have been (regrettably) part of various hacker forums for like six years or so. I have quit hacking long ago, but still have access to pretty much exclusive hacking methods/software (I'm a paid member on those forums).
In this post, I will share with you some insight I found on those forums about how some hackers can steal your Metamask funds, and how you can protect yourself:
So Metamask has put up some methods for recovering your wallet without using the seed phrase if you still have access to your password and your browser files. Here's the link
Hackers took note of this method and started exploiting it to withdraw people's funds without using the recovery phrase(which most people don't store on their computer, so is less prone to their attacks).
First, the hacker will infect your computer with some kind of malware that forwards all your confidential info to the hacker (especially browser logs/files). They usually do this on a large scale, infecting thousands of computers.
The browser logs contain a code that can be used to reveal the seed phrase. Hackers are automating this to reveal if the Metamask wallets have funds or not. Here's an actual hacked wallet log:
C:\Users\Administrator\Downloads\Telegram Desktop\3\VIOLET LOGS CLOUD - 817 PCS\PH[16A77B563282F894DD4590E6787BDD93] [2022-12-09T20_37_09.0643912]\Wallets\Microsoft_[Edge]_Default_Metamask\000970.log 0x67649a341fa0b2e31ec29820e13625e1fcbe81b7 ETH Balance: $0.00 | ETH Tokens Balance: $0.00 BSC Balance: $7.60 | BSC Tokens Balance: $16.45 AVAX Balance: $0.00 | AvAX Tokens Balance: $0.00 POLYGON Balance: $17.96 | POLYGON Tokens Balance: $0.00 Fantom Balance: $0.00 | Fantom Tokens Balance: $0.00 -----Vault----- {"data":"DN6bvdnH+x7uu6S5SfnTydo2YWNhk14qAAhYC0LC5LEPVLzGSSwzNn2CFNPQIpX/OMFSy5tayLA0ejiRthQk4mS2Cgx+/1MAsleIJvjjDEqkMo/UfYKIk88LXk8uS5aS7ASFUjBLO0SRiQ2JRwYZAYlxVognpvIybXtppLaTy6uJXQcvooFB5SJNx/76QwBwSe+oKq6rRXQ531/M4m/EkCKdCKUtDad4R6XOzFR2ihC+K2uLZz0Z8/fwNOsAK6kz8G869+wINpDnvsh2t+b9iJLYLtWDPjaUVaxxXbTkCTqxwdDkjDmcAFmMabef4I9LeyeNOqkxrdv4Wlhi0rblc+IuLAxnfeu8SjzZcq/5+cZEdNhnU3oR4idq/zgir8L2ee2xig5GEdztnsxx4qftj5lDyrUk/tnFepNqKCn5ELggDpZOKk8qwJE7zTddmUxtuU4JS3/8hUWXHvZjbLG8hpLKilg3z+rsC85swxVwvx92DP13So0=","iv":"9awnWSHD4osbS+aY+e66Wg==","salt":"aUmUeTwIK0oqk4auXgdrUvyoEPKyS1X9ibAHoSTsCzk="} -----Passwords----- cbgtng07 cbgtng@0797 Cabigting123 adminHW As you can see, the log contains the balances of the wallet, as well as a vault info, and passwords.
Using this tool provided by Metamask, hackers can recover your seed phrase by decrypting that vault using the passwords they stole from your computer. So now, how can you protect yourself form this scenario?
First, you should prevent your computer from getting infected in the first place. Use a reputable antivirus and don't download sketchy files.
But even if you actually get infected, you can manage to keep your funds if you don't have your Metamask password stored inside the browser. Just write it in a piece of paper if you think you'll forget it. Add to that, keep your Metamask wallet password original because hackers might find your password stored in the browser, if you use it for any other website.
That's it for today, and if I manage to get new inside info, I will share it with you guys. Be safe!
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments