For the First Time in 10 years, My very first Crypto Wallet was Hacked

70
a year ago
in
LeoFinance

When you noticed your borrowed funds were suddenly "burnt", you should have known something was wrong.

When I saw this sale this morning I was happily telling @elizacheng and @khimgoh about the good news.


I usually do not use credit card to purchase any new property tokens but use its borrowing service to get some xDAI over because bridging is kind of troublesome especially the multichain compromise of late.

I never had that problem before to be honest, until this week when I did something stupid to try to revoke some contract out of a support's advice on a site.

When the site was having unusual hanging I should have known something was up. But somehow my mind was foggy and I went to load my private keys on my Trust wallet to try and use the dapp browser to do so.

It was hanging still.

And because it was on the trust wallet unlike metamask I can just disconnect my wallet to the site, I left the site and totally forgotten about it as work was piling up during the day.

Little did I know when the site was hanging, my wallet was already being hacked.

Exactly during that time it was hanging, a few hours later my ETH was drained from it.


And to make it worse, I thought it was a Real T problem so I decided to bridge the amount over from another account in order to just pay up the invoice that is hanging there at the moment.

Lo and behold, 90% of the arrived wallet was GONE

It feels very painful because this is the first Ethereum wallet I ever had for years and I hardly use it except for RealT as I wanted to split my wallet in different usage.

Now all my RealT assets are stuck there including a hacked borrowed approximately 49 DAI.

Scammers are everywhere! No where is safe!


Ironically, over the official discord group when I was inquiring this issue at the support, this community moderator told me to message him to see the details

The conversation started normal but then when he kept saying "your account is just out of sync, just go to the website for Rectification" something triggered my trauma memory of a few days ago.

It felt like Déjà vu all over again when this happened and insisted me to key in the seed words...

And that's where all my 😨 🚨❌⛔️ senses all fired up!

This is exactly how the scammers did on the other protocol that I was inquiring to remove some contracts

Immediately I went to check from https://www.scamvoid.net/ recommended by search engine to find out, and when I showed this user this image , the scammer seems to be reading from the script

If I do as it is instructed, I WILL LOSE ALL MY FUNDS.

Immediately I just reply this kindly and learn to be patient and wait for official assistance because it is Thanksgiving holiday after all.

I have reached out to @bitrocker2020 for help to triple confirm that my account is compromised and I will not be engaging anymore of this current wallet until I can get RealT support team to officially move my assents out manually from their end.

A hard lesson learned. I have lost 0.05 ETH from this account and $100 over DAI from any transactions, with 50% of the DAI is stuck as borrowed and I have to pay them back later.

In a way, if I have never taken this trade today, I wouldn't have noticed that my account was compromised at all.

It is a super painful and expensive lesson to learn, but I hope those who read this will know how to detect any scammers who are getting better impersonating the real mods and admins with their way of talking now.

Somehow they the first scam in Telegram group that scammer managed to "hack as admin status" and that is why I didn't detect it; so in some ways, Telegram itself is greatly compromised too.

I guess that is part of the consequence of "open source". There are just **way more scoundrels than honest integrity people in the cyberspace.

Trust the people you know personally seems to be the way?

Or compromise and have KYC tied to it.


But the one thing I will NEVER DO right now is to consolidate everything into a single hardware wallet.

The Hardware wallet should be used as a wallet that is never going to be used for any contracts.

I personally remembered that the WalletConnect itself was also once compromised, that is why I ported this first wallet to metamask.

Another thing is IF EVER A SITE ASK YOU TO KEY IN YOUR SEED WORDS when it cannot connect to your hot wallet, know that IT IS A SCAM SITE

Now the scammers are very smart they will never ask your seed words directly anymore.

If you find this experience useful, please feel free to share it to your friends as much as possible to avoid horror.

Until Then

Stay healthy, stay curious and learn new things, and stay happy!

hive-167922
teammalaysia
qurator
ladiesofhive
aliveandthriving
waivio
neoxian
leofinance
hustle
a year ago
littlenewthings70
via ecency
$ 12.453
403
2
H2
H3
H4
3 columns
2 columns
1 column
Join the conversation now
Logo
Center