$73 000 USD

DECEMBER 2021

CANADA

MULTIPLE

DESCRIPTION OF EVENTS

"I feel your pain. The morning after christmas 12/26/21, I got hacked as well for 73k." They took "62k from my metamask + an additional 10k from my hotbit account." "They did try to get into my coinbase account as well, which i dont use anymore and is pretty empty." "But I do have my bank account linked on there, so that worries me. I got the text for the code. I immediately changed my password via desktop pc." "Like many of you, I thought my funds were safe." "Thought my metamask was safe. My fault."

 

"The only thing I can think of is that the cell phone repair shop, cloned my phone (my touchscreen needed a replacement)." "I remember when I dropped my phone the screen broke and i got it repaired at a ubreakifix shop. Its showing the same day Nov. 9 it first connected, as my [PayPal] receipts." I "still don't know how they got into my metamask and my hotbit account as it requires fingerprint and 2fa for funds going out."

 

"Woke up to a notification from hotbit saying that I have a withdrawal success for 6k. Went to go check it and there was another one that was made for 4k a few minutes earlier. So I changed my hotbit password and email as well. Went to follow the tranasction id, found that address. Looked at it. Showing 62k in shib. Which i had in my metamask. Opened my metamask and there it wasnt. Gone 62k, just like that." "They sold assests in hotbit, converted it and withdrew it to that address. In metamask they unstaked my xshib to shib, and moved that as well."

 

"There was unrecognized phoned signed into my google email account, I signed that out immediately and changed the password." "I checked my google account to see what device was connected. And there was this ROG phone 2 connected on Nov. 9 that i dont recognize. I only owned samsung phones." "My google 2fa is strictly on my phone, so it has to be where they gained access. Downloaded and scanned for spyware, but didnt find anything."

 

"I also had a weird phone number text me the same day my account got hacked. It was in croation. I googled translated it, but didnt reply back to the text. (585) 733-8815 Tata samo da vam javim da nisam kod kuce That was the random text at 7:49pm EST. Translates to 'Dad just to let you know im not home.' Didnt think too much of it, as it was the same area code. Must be a wrong number im thinking. Too many coincidences."

 

"I tried to search for a crypto recovery solution. Checked out cncintel, spoke to them on the phone. But I fear that it is a scam. They wanted $5500 upfront and 20% of recovered funds. I told them I dont have that much, then they asked for $1500 upfront and 10% for the basic plan." "I tried to recover my hotbit funds, but they said they couldnt do anything."

 

"I already lost all hope. I dont make much, those were all gains, after I took my initial 5k investment out. I felt lucky for awhile. But it doesn't hurt any less, 73k is a lot. I had a feeling it's going to 4x by end of 2022." "If I were to do it again, I would make multiple wallets, split up funds.

 

"You phone/pc was hacked. Your email was hacked. Most likely they screen logged your 2fa seed for your metamask or exchange. Since you didnt use a hardware wallet the funds were easier to steal from metamask. Since they have your email, password and 2fa they have everything. I've heard people getting hacked in 2021 despite using google 2fa. This is why I have disabled google 2fa, moved to yubikey and whitelist address only for withdrawals."

 

"I haven't tried fil[l]ing a police report. I wouldn't know where to begin, what to say, or how I can prove anything..."

 

"It's all gone now. Still feeling it. Discouraged from future crypto investments, but I will find my way back in, somehow, someway."

 

"Anyways, easily the worst christmas present for me or a great one to whoever owns that address. Learn from my mistake get a hard wallet. I dont even know what I did wrong. This sucks man, really does."

On November 9th, Reddit user hoangs2k took his cell phone with a broken screen to get repaired at the UBreakIFix cell phone repair shop. He reported finding that a new device had been hooked up to his Google account on November 9th, the same day that his cell phone was being repaired. On December 26th, he found that his HotBit account and MetaMask wallet were both emptied out. His HotBit account was protected by his Google Authenticator with the backup information stored on his cell phone. It's unclear where the MetaMask wallet was accessed from, but conceivable it may have been on his phone as well.

 

$73k was taken between the Hotbit and MetaMask wallets. It is possible that the information on the phone was extracted during the repair process, with the new device added to the Google account, and this was later used to perform the theft. hoangs2k reportedly has not filed any police report, and it appears no funds have been recovered in this case.

HOW COULD THIS HAVE BEEN PREVENTED?

Keep the majority of funds stored offline with all seed phrases and private keys in your possession. It is a good idea to remove wallets or two-factor authentication from any devices prior to sending them for repair.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.