Crypto veterans targeted in mysterious wallet heists – up to 5k ETH allegedly stolen
A sophisticated hacker has drained more than 5,000 Ethereum using an unknown method of attack, according to a MetaMask developer.
More than 5,000 Ethereum (ETH) and an undetermined quantity of tokens and NFTs have been stolen across multiple chains in an ongoing hack since late last year, said MetaMask dev @tayvano_.
“I don’t know how big it is but since Dec 2022 it’s drained 5000+ ETH and ??? in tokens / NFTs / coins across 11+ chains.“
The dev added that they had been investigating for the last two days but cannot determine how the attacker is carrying out the thefts. Moreover, the victims are all “OGs who are reasonably secure.”
OGs targeted in sophisticated wallet heist
@tayvano_ pointed out that this is a sophisticated attack deliberately targeting OGs, reiterating that no one can work out where the exploit lies.
“This is NOT a low-brow phishing site or a random scammer. It has NOT rekt a single noob. It ONLY rekts OGs.”
Forensic device examination has led nowhere — further stumping investigations into the method used to access the victims’ wallet.
The commonalities between cases were the keys were created between 2014 and 2022, and victims are “crypto native,” such as possessing multiple addresses and working within the crypto industry.
The hacker will commit “primary” thefts, with “secondary” thefts following hours later to collect assets and dust missed during the initial heist — sometimes weeks or months later.
In the case of large thefts, the attacker will swap assets into ETH inside the wallet, then send the tokens to a centralized swapper, including SimpleSwap and ChangeNOW — always swapping into Bitcoin (BTC).
Sitting on the swapped BTC for a week, the funds are sent to a mixer for address obfuscation.
Tips on staying safe
@tayvano_ speculates that the attacker has acquired a data cache from the victims’ device. Using this, they can abstract the wallet keys — but the dev stresses that this is “just a guess.”
“My best guess rn is that someone has got themselves a fatty cache of data from 1+ yr ago & is methodically draining the keys as they parse them from the treasure trove.“
The dev cautioned users to avoid storing all their digital assets on a single wallet key. Instead, people should split their crypto across multiple keys or hold assets on a hardware wallet.
“PLEASE DON’T KEEP ALL YOUR ASSETS IN A SINGLE KEY OR SECRET PHRASE FOR YEARS. THE END.“
ConsenSys contacted CryptoSlate to clarify that multiple chains and wallets have been affected by the ongoing hack. MetaMask’s role in this is in taking the investigative lead.