Note-33420-29

Token ID: 1

ERC-721 1 Transfers

Metadata

{
  "title": "What Being Hacked Taught Me",
  "tags": [
    "post",
    "crypto",
    "wallet",
    "safety",
    "hacking"
  ],
  "summary": "Second time's the charm, huh?",
  "sources": [
    "xlog"
  ],
  "external_urls": [
    "https://somehacker.xlog.app/What-Being-Hacked-Taught-Me"
  ],
  "date_published": "2023-04-04T07:37:48.501Z",
  "content": "This is actually the second time that my crypto wallet was hacked. Last October, when I was still gathering myself from my mid-day nap, someone sent me a verification link via Discord. I couldn't muster enough suspicion to question its validity so I just followed through and gave away my seed phrases. It was immediately after that that I realised I was hacked. I created a new wallet and transferred everything over. Nothing was lost.\n\nThis time, it was more deliberate and thought through that I lost 2/3 of my crypto when I was just about to get happy.\n\nSo someone reached out to me via Twitter and said he would like to invite me to join their content creation team. I had half a mind to question his sincerity so I stretched our conversation to 3 days. When a preliminary deal was struck and we exchanged our Discord handle, I was still kinda suspicious.\n\nThen he asked me to download their meta world program via their website. I did a bit of scouting around their project and found nothing suspicious. I joined their Discord and found out that the one who contacted me was their MOD and their server had been active for almost 2 months. Why bother toiling through all this for a few thousand dollars?\n\nThe answer escaped me but it turned out, they thought it was worth it. I tried running the program and Kaspersky stopped it immediately. I was only mildly alerted since I've run other 'dangerous' programs before. He told me to disable everything before running and I did just that. There was no meta world, no GUI, just a command prompt window that keeps flashing 'No real roots'. I told him about this and he said he'll ask the developers and if it still didn't work, he'll record some gameplay footage for me.\n\nI spent the next day half happy, half on edge. I was worried I would get hacked when I was taking my mid-day nap and checked my account immediately after waking up. Nothing was stolen. I let my guard down a little.\n\nIt was sometime in the evening that I found out Clipper, a DEX that I once did a case study on, released an update on their pools. I logged on to their website to check out my $400 share only to be greeted with a 0 balance. I thought there may be something wrong with their website, so I opened up Debank and found 2/3 of my crypto gone. Etherscan and Arbiscan told me the hacker transferred all my funds (including the proceeds from flash selling my NFT) to another account just 1 hour ago. The only part left untouched was in Radiant Capital. I wanted to withdraw it as soon as possible but found no way to unlock and transfer it. That was probably why the hacker left that chunk almost untouched (he did withdraw my deposited ETH, but only a tiny fraction since Radiant does not allow health/leverage ratio to drop below a certain threshold).\n\nI did a recap soon after and asked around to see if others had the same experience before. There were. It was actually not uncommon when a stranger asked you if you would like to write for them via Twitter. The author of [this article](https://mp.weixin.qq.com/s/3WUBENxzxyhiPB1EV9gKvA) actually had it worse than I did.\n\nI understand there was no way to retrieve my lost funds so I also started patching things up immediately:\n\n* create a new wallet, install Metamask on Firefox, and use Firefox as my dedicated crypto browser;\n\n* keep doing a thorough scan across all my drives (had Kaspersky not intercepted the program when I started it, I would have reinstalled Windows completely) for several days;\n\n* switch all my crypto apps to iOS;\n\n* keep a somewhat close tab on the address my funds were transferred to. It's been flagged as 'Phishing' on Etherscan as of now;\n\n* write this article and tell you what I've been through.\n\nThe hacker's Twitter handle: @ebainaube\n\nHis Discord handle: Ebainaube#7625\n\nTheir project: https://linktr.ee/matrixmetaland\n\nI still haven't figured out whether their website/account was hacked or their project was built for this.\n\nP.S. You gotta be mega-bullish on RDNT since they could protect your funds even better than you could yourself!",
  "attributes": [
    {
      "value": "What-Being-Hacked-Taught-Me",
      "trait_type": "xlog_slug"
    }
  ]
}