2 years ago
Summary:
- OG MetaMask addresses person mislaid implicit 5000 ETH successful assets, NFTs, and tokens since December 2022, MetaMask developer Tay Vano said connected Twitter.
- The hackers drained wallets crossed 11 chains, swapping different cryptos for Bitcoin and Ether earlier moving the funds to a centralized swapper.
- Tay Vano said the exploiter astir apt laid hands connected a cache of backstage keys generated betwixt 2014-2022.
An chartless hacker has drained cryptocurrencies from OG MetaMask wallet addresses since December 2022, blockchain developer Tay Vano said connected Twitter.
According to the MetaMask builder, the hacker drained implicit 5000 ETH successful tokens and NFTs from addresses crossed 11 chains. The loot amounts to implicit $10 cardinal successful Ether astatine existent prices. ETH traded supra $2100 connected Tuesday pursuing the Shapella upgrade that rolled retired connected April 12.
For the past 48hrs I've been unwinding a monolithic wallet draining cognition 😳😭
I don't cognize however large it is but since Dec 2022 it's drained 5000+ ETH and ??? successful tokens / NFTs / coins crossed 11+ chains.
Its rekt my friends & OGs who are reasonably secure.
No 1 knows how. pic.twitter.com/MafntG7RkP
MetaMask OGs Rekt
According to Tay Vano’s Twitter thread, the wallets that suffered theft shared immoderate commonalities. For starters, they each beryllium to MM OGs and not ‘noobs’, a word utilized to notation to caller crypto users. Also, each the drained wallets generated their backstage keys oregon effect phrases sometime betwixt 2014 and 2022.
The stolen assets are swapped to ETH utilizing MetaMask’s in-built swap relation earlier draining the wallet of the crypto. Notably, this lone happens erstwhile the people code holds a smaller worth and a handbasket of tokens.
Afaik, nary 1 has determined the root of their compromise.
Multiple devices person been forensic'd. Nothing.
The lone known commonalities are:
– Keys were created btwn 2014-2022
– Folks are those who are much crypto autochthonal than astir (e.g. aggregate addresses, enactment successful space, etc)
Vano said that the hacker yet converts tokens to Bitcoin (BTC) earlier moving the funds to a centralized swapping level similar FixedFloat, SimpleSwap, SideShift, ChangeNOW, oregon LetsExchange. The chartless attacker besides leverages integer plus tumblers similar CryptoMixer.
High-Level Theft
Vano theorized that the attacker holds a “fatty cache” of information that allows them to methodically bargain assets. The MM developer stressed that the root of the compromise is unclear, adjacent aft respective wallets and devices were analyzed.
It remains to beryllium seen however oregon if affected MetaMask users tin retrieve their assets oregon defender against the ongoing exploit.
My champion conjecture rn is that idiosyncratic has got themselves a fatty cache of information from 1+ yr agone & is methodically draining the keys arsenic they parse them from the treasure trove.
But that's conscionable a guess. I *don't* know.
It is NOT cryptographic/entropy related tho, don't discarded your time.
English (US) 