The founder of Ethereum wallet manager MyCrypto, Taylor Monahan exposed a sneaky cyber attack that reportedly drained over $10 million from OG crypto users since December that shook the entire crypto space.
She said that around 5000 ETH tokens have been stolen, whose current valuation stands at around $10.4 million.
What makes this attack more devastating is that it even targeted the hardware wallets, the so-called most secure wallets to store crypto.
Surprisingly, the roots of an attack that targets only pro-crypto users “who are reasonably secure” is still unknown.
“This is NOT a low-brow phishing site or a random scammer. It has NOT rekt a single noob. It ONLY rekts OGs.”
However, common patterns were found across all affected users. The private keys of all affected wallets were created between 2014 and 2022, holding long history in the crypto space such as multiple addresses and so on.
The only piece of advice she attached in a tweet is not to hold all crypto assets in a single key or to keep secret phrases for more than one year. It is advisable to split crypto assets into different wallets to mitigate damage in such cyber attacks.
Taylor Monahan says possibly someone gathered enormous data over the years, which he is using methodically to exploit private keys to steal funds.
As per the current info about the attack, the cyber attack seems quite unique and executed by an excellent mind.
1. Primary theft transactions (first direct attack on the wallet) are mostly happening between 10 am–4 pm UTC.
2. Secondary theft transactions (transactions after attacks) are commonly executed between 4 pm-10 pm UTC.
3. The attacker swaps users’ tokens inside the users’ wallets before stealing. For that instance, it uses MetaMask Swaps, Uniswap, or 0x.
4. Users’ staked tokens, NFTs, and less popular tokens stay untouched.
5. The attacker transacts a small number of tokens between different affected wallets and when there are enough amount in one address, it finally moves out.
6. The “out” transactions were made through centralized swappers, like FixedFloat, SimpleSwap, SideShift, and many more.
7. All stolen funds were ultimately converted into Bitcoins, which transaction mostly happens in the day.
8. Surprisingly, the attacker has utilized the MetaMask wallets to transact. However, Taylor Monahan made clear that not only MetaMask but all types of wallets are compromised in the attack, so, it is not only a MetaMask attack.
9. After the first attack, the attacker came back 80 days after to steal the remaining amounts of tokens.