HOW TO SURVIVE A PHISH! My Ether Wallet/OmiseGo Airdrop Scam Got Me!!

in #money7 years ago

steemit_phished.jpg

HELLO FRIENDS!

If you're new to crypto, or not, I hope what I share here is somewhat helpful. This is not financial advice, just opinions from experience.

On November 8, 2017, I was phished most of my alt coin holdings from MyEtherWallet (MEW). I was dumb and placed in what I thought was a secure OmiseGo airdrop, my private key to my MEW wallet. It was one of those stupid moments of not really thinking about what I was doing. In fact, I had not thought about cryptos for a couple weeks (I was fatigued from all the fork talk).

As soon as the screen refreshed and nothing happened, I knew something was wrong.

And then...the realization :(

I furiously tried to log back into MEW, but it was too late...all the coins were gone.

Below is the screenshot of the coins that were ripped off from me. As you might tell, it was a decent amount, especially now that many of those coins are pumping.

Screen Shot 2018-01-04 at 11.19.35 AM.png

Here's the MEW address of the thief: 0x4Bf722014E54AeAB05fcF1519E6e4C0c3F742e43

As you can tell, Etherscan has labelled this person as "Fake_Phishing250", and the comments on his wallet page are filled with people asking for their coins back. One guy even tried to dox him.

Screen Shot 2018-01-04 at 2.17.22 PM.png

Now as much as it hurts to see the actual numbers lost on paper, I didn't exactly feel totally destroyed. In other words, I knew I would survive this hit. And it's because I followed some basic but sound advice in the crypto space:

1/ Do not spend more than you're willing to lose!

Straight forward. Don't be stupid!

By following this basic principle, I was able to grow just a few hundred dollars of cash into thousands in a few short months. There's really no huge trick to it. The market of cryptocurrencies is exploding. So if you got in when I did (fall 2016 when BTC was $700) your holdings will have definitely increased as of today (start of 2018: BTC at $15k).

That being said, if you're going to participate in cryptocurrencies, especially the realm of alt coins, don't put in your rent money, life savings, food money, mortgage etc. on the line. It's just not smart.

Because let's be honest, the crypto markets are just bets on a computer screen at the end of the day. Unless you have personal relationships, good knowledge and faith in the people behind the companies launching ICOs or the big coins, the market itself is a crapshoot.

Screen Shot 2018-01-04 at 4.02.55 PM.png

This is perhaps the most important premise behind the lessons for how to survive a phish. Because had I placed more on the line, the effects would have been much more tangible and devastating for my family. That level of risk in this volatile time of cryptos is just not worth it. Especially since small amounts can create good returns if you wait and hold onto the right projects.

That being said, I am participating in cryptocurrencies, not as a goal to become filthy rich, but as a potential avenue to pay off some debt, with the goal of purchasing a home for me and my growing family. While these have been personal goals of mine prior to even looking at cryptocurrencies, I felt it couldn't hurt to experiment and see how it all operates.

The result has been the discovery of an opportunity to take advantage of this financial revolution. But I drew limits early on and stood by the rules I created for myself. By doing so, it wasn't even a consideration to, for example, throw in rent money to try to make a quick gain while the markets were pumping (which theoretically can be done with a profit in just a few minutes or hours time). Those dollars were off limits and reserved for the basic needs of life.

While higher risk = exponentially higher rewards, it's not worth risking your basic means for survival.

2/ Diversify your storage!

Early on, I realized that how you hold your coins, especially your Bitcion, was very important. My choice was to store BTC on a paper wallet that I can print from an offline computer. That way, the private key never touches the internet. https://bitcoinpaperwallet.com/

Other popular offline storage options like Trezor, KeepKey, and Nano Ledger work well also. But because my BTC holdings are in paper storage, none of it was touched by the phish.

In addition, I had a handful of coins that were sitting on exchanges that were not touched by the phish either. They included small amounts in Coinbase, Bittrex, Poloniex, Kraken and Binance.

When I scrapped back together my remains, I was pleased to learn that my total holdings after the phish still exceeded (barely) my total out-of-pocket investment. And although I lost a sizable stash of what I had built up, I was only out what I had gained. This made it a bit easier to take the hit because I was able to tell myself that this was a sort of "reset" and not a total loss.

Screen Shot 2018-01-04 at 3.41.32 PM.png

In hindsight, I do wish I would have diversified my token holdings into distributed MEW wallets. Instead of holding all the tokens in one MEW wallet, if I had distributed my holdings, even if I got phished, it would only be one or a few coins instead of a majority of them.

I know it feels better to have it all in once place, and eventually, projects like ETHOS will achieve a universal wallet with cold storage capabilities that will create a much better entry point than Coinbase or MEW. But in the meantime, it's better NOT to have all your cryptos in one place, especially when it comes to MEW.

Because of my, not so strategic diversification, I was able to retain some of my holdings apart from the theft. Today, I am much more deliberate about how, where, and why I place my cryptos where I do. An expensive lesson, but one that inadvertently saved me from losing everything.

3/ Always double-triple check your domains!


This is perhaps the most obvious way to avoid getting phished at all levels, including cryptocurrencies. The only reason why the phish worked on me, was because I was fooled by the website and didn't do my due diligence in checking if it was legit.

The first image is a screenshot of the real OmiseGo website:
Screen Shot 2018-01-04 at 3.33.22 PM.png

This is the phishing website:
Screen Shot 2018-01-04 at 3.33.33 PM.png

A few things should have clued me in. The fact that there is only a "Home" button on the phishing site. The fact that it asks for the amount of OMG in my account (shouldn't they know that when they see the wallet address?). And a quick google search would have shown me that the domain for the real OmiseGo site is different from the link provided by the phish, although it's a believable link: https://omise-go.tech/airdrop/ (don't go there...the site is still active!)

The point is, bookmark your pages, and double-triple check domains and links when you're about to do anything that moves cryptocurrencies around. This includes when you log into exchanges, online wallets and anywhere else where your cryptos are stored online.

4/ If you see PHISH, share it with the community!

If you run into a phishing scam, even if you're able to avoid it, share it with the community. Your tweet, blog post, Facebook post etc. could help others avoid falling for it. But even if you DO get phished, still share about it online (like me). This is a good idea for three reasons:

First, what good is a traumatic experience if you don't learn from it? And worse, what good is that knowledge if you don't share it? Mistakes are often said to be the best teacher, and it certainly has been for me. But the hope with posts like these, are that you can avoid the same mistakes all together!

Second, don't underestimate the online community! When I tweeted about the loss a couple weeks ago, Sean over @SGTreport mentioned it in one of his videos:

As a result, many folks blessed me and my family by throwing in a few bucks to help out. It didn't replace the lost crypto, but it felt good knowing that people had our backs! Other than my tweet, I had only mentioned what happened to a few people. But the generosity of the community was overwhelming, and the moral support more than just the financial support really helped get through those moments of anxiety.

And third, it's a great way to vent! It's been a few weeks now, and the thought of it certainly doesn't consume my everyday life. But I'd be lying if I said there aren't times when I look at the crypto chart, do a little math, and re-live the angst all over again. Which by the way, is going to grow exponentially as the price of these coins skyrocket. Talk about a thorn in your side that keeps getting worse :)

But hopefully writing this out will be as therapeutic for me as it is insightful for you!

Conclusion


So in summary; don't spend more than you're ok with losing; diversify your holdings; always check your domains and links.

If you follow these three basic principles, you're probably going to be ok. Of course, there are unforeseen levels of evil that could cause a new wave of phishing scams. But overall, these are good principles to stick by.

Be safe!

Although we are in a time when folks can make a lot of money with cryptocurrencies, the lack of regulation (which has its pros and cons) means no institutional justice to be served under circumstances like these.

Ultimately, as a Christian, I can't help but think how correct the Bible is when it states in 1 Timothy 6:10:

For the love of money is the root of all evil: which while some coveted after, they have erred from the faith, and pierced themselves through with many sorrows.

The lame folks behind these phishing scams are in love with money, and they value it higher than the lives of real people. In addition, these are probably miserable folks, scarring themselves with "many sorrows" where they might be rich in their MEW accounts, but empty inside with despair, angst, and shame having to live with knowing their wealth was stolen from innocent people.

I'm glad there is a God who will ultimately judge this world and all the injustices in it!

Hope you learned something from the post!

If you feel led to pitch in to help recoup the losses, thank you & God bless!

Paypal: http://bit.ly/2lX7LIQ
BTC Address: 13waWLWfRhxSoCPcf7MPg1VCATvvhVCHwZ
ETH Address: 0xc694cE688eFCB72ac1Af9e6529Ab778aDDDDd100
LTC Address: LhNBUQWs87oGTzwreZZ2a4ZFnr2JpKgmbK

Sort:  

Really well written article explaining all of this and letting people be warned.

"Don't learn from your own mistakes, learn from the mistakes of others" - Someone said that.

Peace, upvoted / resteemed

Amen. Thanks TitusFrost. Appreciate the support!

Sorry for your luck, Gonz. It's a steep price to pay to learn a lesson, and I have to say I feel lucky it hasn't happened to me. I know we all get excited in this space, but it's still pretty early and the usability is still not up to par, so we really have to pay attention to what we're doing.

Also, glad to see you posting on here again.

GOD BLESS BROTHER, sorry for the loss, and ty for the info

Hey Gonz,

Just got into crypto (and now steemit) last month, solid words my friend.

GOD BLESS!

The most secure place for your crypto is in STEEM POWER. I'm sorry to hear that a fraudster tricked you ... :-(

A frustrating loss, deeply appreciate you sharing your experience, this is valuable information for those of us learning the ropes. May you have a happy and abundant 2018!

Thank you for sharing this experience with us. Crypto is like the wild west, you always have to look out for bandits. Let us all grow without coveting the wealth of others and always being content with what God has given us and thankful for any increase. Even thankful for valuable lessons this one. @ironshield

Congratulation

Today one year ago you joined SteemIt
Thank you, for making SteemIt great and Steem on for more years to come!

(You are being celebrated here)

Congratulations! 🎉 Your Steemversay has arrived. One year ago today you made your steem account along with 218 others. You are one of 6 users who have posted in the last week. Well done you.

I've upvoted your post, I hope it helps. Happy Steemversay ✌️;

p.s I'm a new bot, I've only been alive 5 days :)
Learn more about SteemVersary and view awards at Steemversary

Thank you for sharing with us. I have run into a similar website (https://omisegotoken.com/blog/airdrop/) and your article helped me.

I also lost all of my crypto but only in one of 4 wallets... My supposedly unhackable Ledger Nano S hardware wallet just got cleaned out during the latest firmware update from Ledger, it is version 1.4.2

Here is the reference: https://ledgerwallet.us2.list-manage.com/track/click?u=bcc2126fb4bf3e02256d6c188&id=e11326e3e7&e=090fa3251a

O.K. Ledger recommended that the firmware upgrade be done to add new features so I went ahead and followed the instructions. All went well until I had to re-enter my password (passwords can be any combination of 4-8 digits... mine was 6 digits long) When you enter the password a string of 8 blank entry positions appears on the screen of the Nano. It used to be that you just entered your PW and any remaining blank entries would be checked and you were good to go. This changed during the upgrade so that you now have to manually check the first blank space after you enter your password, before you confirm the entry. Clear as mud... right?

Well, not knowing this I messed up the entry 3 times and the device reset itself. All was not lost because I had the 24 word "key" with which to recover my device... At least in theory according to Ledger.

I entered the key and restored the device only to discover that my various crypto wallets now had a zero balance! Whoa! what happened? Further checks revealed that the receiving addresses of the wallets on the restored Nano were different than before the update/reset/restore events. Hence no crypto or records of any transactions. The wallets had been wiped clean... and now had new addresses. I know what the addresses of the old wallets were because I have records of sending crytpo to them but researching these transactions on the blockchain has proved to be difficult using the search tools that I can find. If anyone out there has expertise on the blockchain and how to research transactions, please let me know by email: willie@startmail.com user Kenji.

People tell me that it is impossible for this to have happened but it did... confirming that old saying, "nothing is impossible". I sympathize with your loss as mine was not that great... I was just experimenting with the NanoS and learning use it so I had not transferred a great amount of crypto to it. As I have said: Crickets from Ledger so far but I will keep you all updated when I hear something.

My final advice is that crypto, at its current stage of evolution, is like the wild west in the USA used to be... a dangerous place for the unwary! So be careful. K

2018-04-22_19h20_44.png

2018-04-22_19h20_11.png