My BSC wallet was hacked and all my assets were stolen: Coping, Security and an expensive lesson

in LeoFinance3 years ago

Every time I experience a challenge in life, my mum always tells me that it's just the universe trying to harden me for the next phase of life. It's sparse consolation and doesn't reduce the pain but at least something good might come out.

Right now, I can't think of any positive from my situation and I've been very sad since yesterday. I logged into Cubfinance with Metamask as I always do and noticed that the number of LP tokens in the Cub/BUSD farm was zero, instead of 1891.

I assumed it was a network glitch, refreshed it over and over again, but it was still zero. I started panicking, and then went over to pancake swap to check my stable coin savings and it was also cleaned out.

On top of that, my DEC in the farm was gone. I also noticed that all the cake and cub I had staked in Kingdom was all gone.

So much pain

I'm writing this with so much pain in my heart because that was years of hard work just stolen in the space of 15 minutes.

On Metamask, there was nothing showing in my activity log but when I checked the BSC scan, everything was clear. I don't know how but someone swiftly pulled out all my assets worth roughly $10K from Cubfinance and Pancakeswap.

I've been asking questions and trying to figure out what happened. The possible reasons are that I either clicked a phishing link or inputted my keys somewhere.

Seeing as I've not actually used my keys for any transaction beyond logging into Metamask and that's a one-time thing, I don't think that's the case. However, if my metamask was compromised then I guess they could get my seed phrase.

How was my metamask compromised though? I don't click links and my discord is on my phone where there's no access to my BSC wallet.

I was also told that it could be a breach on my Google drive but that's also protected by 2FA and I'd have to approve it from my phone for anyone to access it. On top of that, I'll also get a notification email if anyone logs into my drive. I've deleted the document from my wallet key

The other possibility that I've heard is that there's a keylogger on my laptop.

I was also advices to run a full system virus scan to find out if there's a malicious program stealing my information. The only problem is that I use the basic windows defender but not for long, as I intend to invest in a proper antivirus.

On top of that, I've also ordered a hardware wallet to give me extra crypto security. Ironically, I even saw a tweet earlier today that mentioned that Hive is now supported by Ledger.

I'm paranoid

Right now, I'm very paranoid and it's hard to function properly. It was difficult to eat, sleep or think properly yesterday but thanks to the support I've gotten so far, I've been able to calm down a bit.

I didn't prioritise my security and it has come around to hurt me bad. I want to move on as fast as possible and take steps to ensure this never happens again.

I left the wallet untouched since I found out yesterday. I know it's a very long shot, but if it's possible to recover my funds, please help me out.

I appreciate every form of support and assistance I've gotten so far. I really want to put this behind me and continue building for the future.

Here's my wallet address that was hacked: 0xC75E34E3ee9a343041B3322E1bD97b4940Ed721d

Here's the wallet address of the person that robbed me : 0x158ccd4e081cb0701b724780042fef5bb963347e

I'll be back stronger

My mum didn't raise a quitter and I'm certainly not going to let this event destroy everything I've struggled to build in the past 4 years.

This is an expensive lesson that I'd have preferred not to experience but it has happened. Now I have to stay strong and keep moving forward.

I wanted to buy a Nano Ledger X but that's not available in any local store in Nigeria. I'm expecting the Nano S in a few days, and after that, I'll be back on BSC, doing my thing again.

Posted Using LeoFinance Beta

Sort:  
There are 2 pages
Pages


The rewards earned on this comment will go directly to the person sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.

I've been using Avast Antivirus for over 10 years.
It's free and it's been fairly good so far.

I also use a program called MalwareBytes to remove spyware and adware. Also free.

Posted Using LeoFinance Beta

I'm using some 360 antivirus, not sure if I got the name right, but it seems to be helpful in blocking Trojans...

Will check this ones out...

Sorry to hear the news that is grim.

I've got very paranoid since hearing it.

I secure my MetaMask with a Trezor - all my seed phrases are on two encrypted USBs (the data gets wiped after 6 incorrect attempts). (You might find the NANO interface infuriating btw, you'll see what I mean when you start having to deal with the piddly little toggle keys on the device).

Those seed phrases are the things to keep really secure and defo nowhere on your computer.

Glad to hear you're bouncing back immediately, it's all you can, do, get a plan to earn back those funds.

Posted Using LeoFinance Beta

Be also very careful with any spending approvals that you authorise as well... they don't need a seed phrase if you have given the okay to spend everything!

Fair point, I've been through everything on my non Trezored MM accounts and revoked most authorities.

Posted Using LeoFinance Beta

I got Nano because it now supports Hive and it's the only one I can get within a week. The alternative is to wait for weeks or months for international shipping

Ah fair enough, well it will still work!

Posted Using LeoFinance Beta

Broski, just heard this from ebi and Karina, sorry man. You go make am back! I believe you die!

Thanks man. E pain me but na so e just be. We gotta keep going

We gats to! Feh follow me back make you dey see my posts 😁

I've been following you since. You no dey post regularly

I been dey loose guard. But I am here to stay!

I'm so sorry to hear what has happened.

As you said, you will become stronger and smarter because of this experience.

Posted Using LeoFinance Beta

Fucking sucks men! Fucking sucks! Men! So sad. I really don't know what to say. 'Sorry' won't even cut it. This is a rude awaking for us all. Security is key and we should all take it a lot seriously. Sorry mate.

I want to believe better things will come after this incident. @wolfofnostreet take care of him.

For sure. Thanks.

It is unfortunate to read about this case and I am sorry for the loss of your assets. It is also good that you have shared it although you leave us with many doubts as to how it could have happened and thus have references as to how we could better protect ourselves. From what you share, I get the idea that someone close to you is involved in your loss, you should be aware of that as well. On that note, I am very jealous of my PC and I don't allow anyone strange to use it, only my immediate family and even then, I also have my security protocols. All the best my friend.

Very sorry to hear that. I hope you can recover and come back stronger like you said. Good luck, I keep reading your posts and like it.

Posted Using LeoFinance Beta

This is so sad to hear, am so sorry this happened to you. I’m being vigilant now, stay strong brother.

My mum didn't raise a quitter and I'm certainly not going to let this event destroy everything I've struggled to build in the past 4 years.

💪💪

I wonder if you are rootkitted/keylogged... if that was the case, your HIVE account should also be compromised?

Anyway, try to also remember back to see if you approved any funny tokens as well... I saw something for BSteem that I don't know if it is a legitimate thing or not? Some of the scam tokens unlock a bit more authority than you realise (I think that if contracts are upgradable that is even worse?), so when you go to dump/use them you might find that you have signed away something that you didn't want to.

You don't need to have exposed your seeds if you approved spending... that said, doesn't hurt to check if your are infected!

You literally could be telling the EXACT same thing that happened to me. EXACT.

EVERY SINGLE thing you said above - happened to me at the end of April. I logged on - all my wallet was cleared. 0. I cried my eyes out. It was $18000 USD. (and now -worth almost double because it was in ETH)

I never figured out how - they had to have gotten my seed phrase. and how???? I could have clicked a phishing link too - but there were several things I did that day that were new. I also thought - Google ??? But how???

My thoughts spun around and around - I wrote several posts here tracking everything that happened in the hopes that SOMEONE... ANYONE could help.

Nothing. Hackers are too good.

I traced the money going from my wallet (and 6 other wallets got hacked at the same time and into the same wallet that stole from us) and when you followed it out - it ended up in one wallet with millions of dollars.

I contacted the FBI - I contacted the police. No one will help - the money is gone and the only choice I had was to just move on, like you.

And same as you - I STILL get paranoid any time I need to go near Metamask or any wallet other than Hive. I feel like the hackers are just watching me all the time. It's the craziest feeling ever. and its been 6.5 months now!!!

I feel so bad for you - cuz I know the terrible pain. I upvoted with all my accounts and sent a tip - even though its nothing compared to what you lost. But it's a little something.

And you will rebuild. Because that's what we do. I'm so terribly sorry that this keeps happening to so many people and there is nothing we can do about it. Just so sorry.

Thank you so much. It's such a painful feeling. The worst part is that paranoia and always looking over your shoulder. I've gotten a new address and I'm expecting a ledger wallet but nothing is the same. I have to get back on the horse because it's the best thing to do, even though it's hard.

I appreciate the tip and the thank you for the upvote. I'll just keep pushing it one day at a time. That's all I can do now

I still haven't opened up a new wallet on Metamask - I don't want anything to do with it. lol

and the paranoia - that does decrease a little but - it still bothers me now and then!

but youre right - get back on the horse. Penderis has always talked so highly about you to me :) I've never really talked to you much before, and I'm sad that now we have something so traumatic and horrible to link us.

but you're so right - I felt the same way - we MUST take this as a lesson for the future.

We may have two, three, FOUR times the amount in our wallet in the future??? And now??? we will be MORE cautious. Not sure what we did - but we will be MORE cautious to protect every bit of it in the future.

Painful, expensive lesson learned.

One of the things that Penderis always told me about you is what a hard worker you are. That is very high praise coming from him! hahaha Because he doesn't say good things about many people - but he only always had great things to say about your work ethic.

So I have no doubt that you will achieve even greater success in the future. I have no doubt!!!!

I will tell you this... it WILL be ok. It takes time but it WILL come.

Sending love, Dreem

I'm not a crypto expert, but just wondering why you put your ETH and BSC wallet address at the end of your posts, that's an invitation to hack it. Also, how is it that you ask for support when you are dealing with $10,000 worth of crypto? That's not a terribly big amount of money in my country, but I guess it's a fortune in yours. For me, that's another reason why the address shouldn't be there.

Also, if you got money on the Cub/BUSD farm and so on, it occurs to me the hacker must have known that you were investing in those places in order to withdraw the money and, therefore, is either someone close to you or a member of the community.

Although it isn't a great idea to advertise your public addresses, it doesn't really make a difference as it is all publicly available information anyway.

Likewise, it isn't too hard to look up the token contracts to figure out the Cub farms. It doesn't rule out a connection, but it doesn't point to one.

you can get all the rich addresses on ethereum based networks without any problem, it is not a matter of sharing address or not.
it may bring unwanted attention, yes.
still I believe it was an opportunistic hack, not a targeted one

Well... again, $10,000 is not a terribly big amount of money to bother about. Also, how did the hacker know he had invested in Cub and so on? Am I missing something?

Yup, definitely missing stuff.
For starters, yea, 10K is a lot of money. In Nigeria, in Spain and in Switzerland. WTF.
Also, there are a gazillion of LP and position aggregators in ETH BSC and every L1 which display all your positions for a given wallet. Cmon show some empathy ffs.

$10,000 not $10

once you have private key, you have address and you can check history of the account.

there is cub finance text on page 2 straight away + lots of interactions with contracts from cub finance (you need to get into contract) everywhere
https://bscscan.com/txs?a=0xC75E34E3ee9a343041B3322E1bD97b4940Ed721d&p=2

Sorry for your loss dear :(

We all lose somehow in crypto due to the increasing frauds. I am sure that it will bring you more wealth and experience for your crypto journey.

Take care…

Hope the best for you. If you still got hacked after all that there's good reason to be paranoid. There's still time to earn a lot more in crypto. Really wish you the best man. You don't deserve to be robbed.
!PIZZA

I'm so sorry this happened to you. I hope you can get this resolved as soon as possible. As you have rightly said in your post, you are not a quitter so you'll get through this💪

Very, very sorry to hear this man; I read your original post yesterday and I hoped it was indeed a glitch ... but it wasn't.
I'm positive you'll get out of this 100X the wiser, but it sucks immensely nonetheless.

Bro... Sorry for your loss

These hackers are already roaming around in search of whom to demoralize, but their actions won't hold you down.

I believe that you will make a quick comeback. Everything will be okay.

I feel sad for you man. BSC and Polygon are full of scams and hackers, so bad.

You are awesome, and a hard worker, you'll recover from this.

Posted Using LeoFinance Beta

These types of experiences, far from discouraging, encourage you to stay strong.

I hope you can solve your situation soon, and if not, you will have the moral support of a community that will always tell you, keep going.

Posted Using LeoFinance Beta

But still the question is that how did he get the access of your wallet? And how did he come to know that you don't use any internet security except basic windows defender?

I'm really sorry ... if it happened to you it could happen to everyone

Sad stuff 😞
Am sorry about this bro

Posted Using LeoFinance Beta

sorry to hear that mate..
everything happen for a reason even the bad thing..
good luck to you

Check for any scam websites that are connected to your metamask. Fake airdrops + logging on their website = empty wallet, or maybe you used a scam dex before.

sorry for the loss!

what troubles me is that you don't know how it happened....

@tipu curate

En la vida se lleva golpes y tropiezos unos mas duros que otros, cada unos de estos deja una enseñanza para no tropezar dos veces con la misma piedra. La diferencia entre una persona y otra es saber levantarse después de un tropiezo y seguir con mas fuerza porque hermano la vida sigue. Siga para adelante hermano no se detenga.Saludos.

Be strong Sir @belemo, help is coming your way, and you'll come out stronger.

This is a painful experience but you have to be strong and never stop building..

Posted Using LeoFinance Beta

Thanks bro. I have to keep pushing. It is what it is

Posted Using LeoFinance Beta

So sorry for the lost. Most times, even our clipboard gets attacked by bugs and those bugs could be a way hackers make their way into wallets.

You'll bounce stronger

Posted Using LeoFinance Beta

Too bad. Sorry for the loss bro. It's a sad experience having worked hard and acquire much and someone out there steal it. Be strong.

I need to learn proper security now before I have a lot and lose it all. I'd hate to learn this the hard way. It sucks but it's a lesson for many of us.

Posted Using LeoFinance Beta

From all the information I've gotten so far, I think your best bet is to buy the Ledger Nano S hardware wallet to protect your assets.

With that hardware wallet, you need to physically conform every transaction. I should have gotten it since but I dey slack. It is about 79k on Jumia sha

I'll add that to my projects I guess, for now, I feel like having most of my funds here on the blockchain can suffice.

Posted Using LeoFinance Beta

Bro let me contact Chuta and see if he has one, I bought mine from him

Posted Using LeoFinance Beta

I'm so sorry about this. I don't know if it'll help to ask on reddit as well.

I spoke to some devs already and it doesn't seem like there's any hope to retrieve the funds. However, at least I know what may have happened and I'm learning from it.

It's hard to feel your pain, my regrets!

So what were the scammers' options? Or share when switching to Ledger Nano S?

It might be an expensive lesson, but we do have these moments to ensure we rise higher then before

We the hive community will look after each other

I really appreciate the support. Thank you kind sir

Also, I just contacted you on Twitter

It been sent :)

I thought the title was a joke or the long shot to the real news. You have no idea how shocked I feel. I'm terribly sorry but you'll bounce back. And now, the next 79k I'll have is to get the Nano ledger. I really wouldn't like this to happen to me. But is there really no concrete speculation as to what happened?

I think a smart contract I used might have been the reason. I scanned my computer and there's no threat.

I am deeply sorry for your loss but like the strong person i know you to be, you'll bounce back.

Hopefully, the mystery will be deciphered by someone in order to offer some points for others to consider and be safer when interacting with cryptocurrencies. Has somebody else accessed any of your device(s), did you use any free wireless network that might have captured your traffic?

Posted Using LeoFinance Beta

Sorry about this bro. I feel so sad that I can’t do anything to help. You’ll def come back stronger.

Thanks man. I'm just going to slowly build back and try to make the best out of the situation.

Fuck bro🤦🏾‍♂️🤦🏾‍♂️

That's the only way to describe the feeling man. FUCK!!!

I am so sorry for you! I do hope something can be done, it is quite a big amount of money......

What a low blow....I am so sorry to hear of this. My heart goes out to you and I hold onto that thin thread of hope that you will be recovered. You have worked so very hard to get to where you are now...a juggernaut. Do not fear and trust what your mother has taught you. You are being conditioned to govern over ever growing wealth and now you have a much healthier respect for security. Big hugs!

Thanks Tamara. I just have to keep my head down and keep pushing.

PIZZA! PIZZA!

PIZZA Holders sent $PIZZA tips in this post's comments:
d-zero tipped belemo (x1)
@vimukthi(7/10) tipped @belemo (x1)

Learn more at https://hive.pizza.

I am so sorry for what happened to you, unfortunately there are people who I find it difficult to call them such because they live to rob others ... ugly people with no soul ...
A short time ago something similar to yours happened to a good friend of mine who lost over 50k of Splinterlands cards.
I advise you to find out what happened and maybe hire an expert so that what happened to you doesn't happen again.
A big hug
@tipu curate

Thanks mate. Holy crap, how's your friend doing? Was it resolved? Were the cards returned?

He still hasn't fully recovered from the blow he suffered but he is strong and will recover.
He could not recover any cards, Splinterlands blocked the thief's account but the thief used third party marketplaces to sell and transfer the cards.
In his case, the problem was that his email was hacked and he had sent his passwords by email to keep them available in his email account.
I dedicated a post to him in which I told him about his bad experience and tried to give advice on how to make his pc safe, if you like you can read it: https://peakd.com/hive-146620/@libertycrypto27/the-hard-hit-suffered-by-mad-ranner-dollar50k-stolen-by-hivewallet94-keep-your-passwords-safe-il-duro-colpo-subito-da-mad-ran

At this time it is very important for you to find out how you were attacked.

It's so sad to loose all your hard earned money in a wink of an eye. The same way you beat all odds to make the first you'll do better and will come out stronger but be real security conscious this time.

You'll come off better, it's just fuckin sad, but no pressure, better days ahead...

That's really terrible to read..., especially how much time and effort you've put into your portfolio. I would get suspicious of everything also, so don't blame you.

Hope you'll be able to get your funds back.

So sorry about that bro, I know how much this hurt, although mine wasn't hack but I was also scammed of all my assets sometime last year.

My mum didn't raise a quitter and I'm certainly not going to let this event destroy everything I've struggled to build in the past 4 years.

You mum definitely didn't raise a quitter because you're still despite the heartbreak, you will make your $10k back and more bro.

Very sad news indeed. Hope you can get on your feet’s fast again

Ouch That's hard to deal with, When I got into crypto I got hacked, found it was a key logger and ever since I use melware bytes.

Hope the best but that's one hell of a loss

Also drop me a ledger code and I'll use it. Been planning for months to get one and now I am thinking I should more than ever haha

Take heart man, @belemo I sent you some Hive, its not going to compensate for the loss, but take heart.

Thanks bro. I appreciate that.

No wahala, things go set soon

There are 2 pages
Pages