Before I get to the drama part, the amount is only about 260$ and I still have other funds in safer places than the address that got hacked.
Now let's get to the drama.
The address that got hacked is the one I whitelisted for the Runi minting, about 250$ was paid in vouchers in order to get that address whitelisted. That too is probably lost.
Splinterlands' team gave me hope that they might be able to whitelist another address instead. Cause, well, I still want to mint a Runi. wouldn't miss the chance for anything.
How did it happen?
That's the mysterious part. I guess someone has had access to the address for a long time and set a bot or something to automatically send eth to himself. The address was empty and inactive for nearly two years so the hacker was very patient or they only recently gained access.
How and when I knew about the hack:
On Sep 25th, I was preparing for the Runi mint. I sent 0.188 Eth from hive-engine (Tribaldex) to my (ex) Ethereum wallet 0xD3db849D7FDA42f16B37cB14840CBF6E1C9b4643 . I was watching the transaction and saw that it was confirmed but the Eth didn't show up in my balance. At first, I thought it was a bug from Metamask. I kept refreshing and rechecking. It took me more than two hours to get suspicious. Then I checked my wallet on Etherscan. There was a transaction I didn't sign, seconds after my withdrawal from hive-engine, that emptied my wallet and sent everything to this address (meet my hacker) 0x057576D81E5083A7cB507A480285A95Db693B39C
I don't know if there's anything that can be done about it now.
How did they have access?
According to Etherscan, I don't have any suspicious permissions. It has to be that someone had the private key. No idea how they got it, but I have some theories. Too many theories to actually know what really happened. I wasn't using the best strategies to keep that key safe. Maybe cause the wallet only had small amounts in it for over a year.
The purpose of this post
is more than ranting and playing the victim. I need advice about what precautions to do to avoid such unfortunate events in the future. I created a new Eth address so I won't have to use the hacked one again. But, is it safe to still use Metamask? is there a safer way? I'm gonna probably send another amount to the new Eth wallet (if the Splinterlands team accepts my request) to mint a Runi. So I wanna be sure this time.
I think I heard someone say that giving access to various different pools could also cause this issue. Basically, they changed the code to one of your approved pools and you allowed them access to touch your ETH. I don't know if it's that issue exactly though but I heard of a similar case in BSC but I don't remember the post.
Posted Using LeoFinance Beta
I see
some of the tokens I gave access to are now "dead" so it could be through those that I got hacked.
but I'm too scared to test the theory by revoking the access and trying if the wallet is safe. It's easier to forget about the wallet.
Metamask is "safe" to the extent a hot wallet can be. If you have any funds you would be better off investing in a cold wallet (one you can disconnect from the internet altogether, a ledger for example).
There are always going to be issues with hot wallets, onchain anything, hacking is a thing, and keeping your keys safe is the only way to protect your wallet. Ensure you WRITE the codes down, on paper, and keep them somewhere safe, not on a computer that has an internet connection, there are too many vulnerabilities.
Right.
So if one address is hacked it doesn't mean all the addresses on Metamask are hacked. At least the ones I created after the hack? I should have made the question clearer.
And yes I shouldn't be as lazy as copy-pasting my keys on my device instead of writing them down on paper.
Yes, other addresses should be fine, as long as they were created independently and have their own PK.
As a security, it might be worth moving any assets to "fresh" wallets just in case, if someone had access to one PK, it's possible they had access to more (especially if you copy and paste on a computer, lots of programs that can track this data for hackers if you have some bugs on your computer).
I see. Thank you :)
time for some cleaning
Dude fuck ETH and anything that looks like it😜😂
!PIMP
!PIZZA
!PGM
You must be killin' it out here!
@enginewitty just slapped you with 1.000 PIMP, @hazem91.
You earned 1.000 PIMP for the strong hand.
They're getting a workout and slapped 1/3 possible people today.
Read about some PIMP Shit or Look for the PIMP District
BUY AND STAKE THE PGM TO SEND A LOT OF TOKENS!
The tokens that the command sends are: 0.1 PGM-0.1 LVL-0.1 THGAMING-0.05 DEC-15 SBT-1 STARBITS-[0.00000001 BTC (SWAP.BTC) only if you have 2500 PGM in stake or more ]
5000 PGM IN STAKE = 2x rewards!
Discord
Support the curation account @ pgm-curator with a delegation 10 HP - 50 HP - 100 HP - 500 HP - 1000 HP
Get potential votes from @ pgm-curator by paying in PGM, here is a guide
I'm a bot, if you want a hand ask @ zottone444
haha exactly my thought after going back to eth after so many months of zero interactions with it 🤣
But I couldn't resist this Runi thing 😬
What I would suggest is that you reformat, in case you have a keylogger or anything else nasty lurking on your computer. Then make a brand new Eth wallet.
I can't say anything about Metamask, because I don't use it. But it was through Metamask that Dreemsteem lost a significant amount of money 😢
So sorry to hear you went through this :(
This post has been manually curated by the VYB curation project
yeah, I still remember the day she lost her money. what a sad day. luckily I don't use the hacked wallet as my main storage wallet, but I only wanted to use it for one transaction. Still, it sucks to lose money for no reason :(
thanks for the advice and the empathy.
Just be extra careful, if they have access to one, chances are that they can get into other things, and possibly even control your pc or device...
!PIZZA !ALIVE !LUV
@wrestlingdesires(2/5) gave you LUV.
tools | wallet | discord | community | <>< daily
HiveBuzz.me NFT for Peace
@hazem91! You Are Alive so I just staked 0.1 $ALIVE to your account on behalf of @wrestlingdesires. (6/10)
The tip has been paid for by the We Are Alive Tribe through the earnings on @alive.chat, feel free to swing by our daily chat any time you want.
I gifted $PIZZA slices here:
@enginewitty(1/10) tipped @hazem91 (x1)
wrestlingdesires tipped hazem91 (x1)
Please vote for pizza.witness!
Dear @hazem91, sorry to jump in a bit off-topic.
May I ask you to review and support the new proposal (https://peakd.com/me/proposals/240) so I can continue to improve and maintain this service?
You can support the new proposal (#240) on Peakd, Ecency,
Thank you!