Metamask got hacked

Janos_Barna · April 9, 2020, 2:39pm

Please help(or learn from my mistake),

I wanted to send 0,56 ether to my argent wallet txn(https://etherscan.io/tx/0x9bd2765cd7d15d79372c66a97cf8e05a0c7d498f97ca01c9f0e7916dbe9e3e2f)
it has been dropped and replaced to another account, and than another transaction has been started from my metamask wallett, with the rest of my ether.
Check my account: https://etherscan.io/address/0x9b98012775e45e92cd1a03e5a2d0570183a7f35f
I never started the last two transactions to the address: 0xDeA08488B4E2E5b303AEACA53E0f1938FD92A118

FaierPlay · April 9, 2020, 2:49pm

Sorry to hear that this happened to you Janos. I doubt there is any way to get the funds back, unless MetaMask is willing to pay the bill.

I tried looking it up online, and others have claimed the “hacking”, but no one seems to have an explanation as to how it happened.

Maybe it was a fake version of MetaMask? Where did you download yours?

Mauro · April 10, 2020, 12:34pm

Probably a fake metamask or a virus on your computer redirecting to another ETH address. Your funds are lost. Start using a hardware wallet. Even if you have a virus on your computer or a fake wallet the transaction needs to be approved on the hardware device itself. If the device reads a different address than one you put into the computer you can stop it as the hardware wallet won’t sign anything without you confirming the action on it first.

Kerry_Bul_run · April 10, 2020, 5:08pm

this is disconcerting

gabba · April 10, 2020, 5:39pm

Hi @Janos_Barna

First of all sorry for your loss… It’s weird because the new address didn’t touch the fund yet and no funds were sent to it before. Hacker will have scripts to move the funds quickly before they get track and mix it.

If it’s a virus and the destination address is hard coded the user will have more fund, If the address is generated by the virus he will have to send the private key from your computer to his computer.

You can try to record your traffic with wireshark and do a transaction on the ropsten testnet to see if your testnet funds are also highJack. Maybe you ll get an ip or see the generated key on the network if the virus is not using an https endpoint.

If you get lucky this virus could generate the same private key for the testnet network and you can catch it.
If it s a virus which derive the private key from your, you can also try to create a new address in metamask, they are all derived from each other.

I don’t want to give you false hopes, there’s a big chance that it is lost.

Btw on the Argent wallet website they recommend you to use 23.300 gas

Your first transaction has a gas limit of 21000

Janos_Barna · April 14, 2020, 8:53am

“If it’s a virus and the destination address is hard coded the user will have more fund,” they got all my funds from metamask (1,56ETH), i don’t think that’s the case. “he address is generated by the virus he will have to send the private key from your computer to his computer.” this is more likely, because if you check my transactions(https://etherscan.io/tx/0x9bd2765cd7d15d79372c66a97cf8e05a0c7d498f97ca01c9f0e7916dbe9e3e2f), you can see that this has been dropped and replaced (is it happens often?) with a new one with a new address, and right after another one to the same address with the rest of my funds.

bart73 · August 14, 2020, 5:38pm

Does anyone know a case where tokens were stolen from a METAMASK wallet? Luckily my account only contained a few hundred dollars of Unibright and MANNA(both now on 0). Strangely enough my REN is still there. On my ETHERSCAN there are 2 actions OUT yesterday via UniSWAP. I secured my metamask as much as possible, but still, they don’t have 2-factor etc. Just want to warn everyone that holding your tokens on a hot wallet is very risky

BEANTWOORDEN

Faisal2000 · December 18, 2020, 8:08am

This happened to me as well. I am desperately trying to figure out how to protect myself from future losses like these. What puzzles me is that if blockchain is supposed to be so transparent that every transaction is immutable, then should it not be easy to track the person or program that is doing this and recover the funds? Does’nt this defeat the purpose of a decentralized network? If I deposit $100 in my bank account it is there the next morning. If I move ETH worth $100 in my metamask and the next morning they are gone, why am I doing “this” if its so easy for someone to steal my hard earned money? This should not be possible! If we are to move from traditional finance to blockchain then it should be better and safer, don’t you think?
Faisal

Faisal2000 · December 18, 2020, 8:11am

How do I know it is a fake metamask? Can you help me figure this out?

Faisal2000 · December 18, 2020, 8:14am

Mine had $165 worth of ETH, I did a uniswap transaction to buy Ankr and when that transaction went thru the $165 of ETH vanished from my account. Trying for months to understand and figure how this happened.

Alan_Chua · January 28, 2021, 12:34am

Just happened to me too. Some ETH got sent into my MM wallet and then they changed my other tokens into ETH and sent everything out. I lost around 1.2 ETH. I don’t think MM is safe. I keep my seed phrase written down and I have checked around and seems like many people are having the same issue. Not sure what I can do but MM is NOT SAFE.