My BSC wallet was hacked and all my assets were stolen: Coping, Security and an expensive lesson

1 yr
LeoFinance
4 Min Read
720 words

Every time I experience a challenge in life, my mum always tells me that it's just the universe trying to harden me for the next phase of life. It's sparse consolation and doesn't reduce the pain but at least something good might come out.

Right now, I can't think of any positive from my situation and I've been very sad since yesterday. I logged into Cubfinance with Metamask as I always do and noticed that the number of LP tokens in the Cub/BUSD farm was zero, instead of 1891.

I assumed it was a network glitch, refreshed it over and over again, but it was still zero. I started panicking, and then went over to pancake swap to check my stable coin savings and it was also cleaned out.

On top of that, my DEC in the farm was gone. I also noticed that all the cake and cub I had staked in Kingdom was all gone.

So much pain

I'm writing this with so much pain in my heart because that was years of hard work just stolen in the space of 15 minutes.

On Metamask, there was nothing showing in my activity log but when I checked the BSC scan, everything was clear. I don't know how but someone swiftly pulled out all my assets worth roughly $10K from Cubfinance and Pancakeswap.

I've been asking questions and trying to figure out what happened. The possible reasons are that I either clicked a phishing link or inputted my keys somewhere.

Seeing as I've not actually used my keys for any transaction beyond logging into Metamask and that's a one-time thing, I don't think that's the case. However, if my metamask was compromised then I guess they could get my seed phrase.

How was my metamask compromised though? I don't click links and my discord is on my phone where there's no access to my BSC wallet.

I was also told that it could be a breach on my Google drive but that's also protected by 2FA and I'd have to approve it from my phone for anyone to access it. On top of that, I'll also get a notification email if anyone logs into my drive. I've deleted the document from my wallet key

The other possibility that I've heard is that there's a keylogger on my laptop.

I was also advices to run a full system virus scan to find out if there's a malicious program stealing my information. The only problem is that I use the basic windows defender but not for long, as I intend to invest in a proper antivirus.

On top of that, I've also ordered a hardware wallet to give me extra crypto security. Ironically, I even saw a tweet earlier today that mentioned that Hive is now supported by Ledger.

I'm paranoid

Right now, I'm very paranoid and it's hard to function properly. It was difficult to eat, sleep or think properly yesterday but thanks to the support I've gotten so far, I've been able to calm down a bit.

I didn't prioritise my security and it has come around to hurt me bad. I want to move on as fast as possible and take steps to ensure this never happens again.

I left the wallet untouched since I found out yesterday. I know it's a very long shot, but if it's possible to recover my funds, please help me out.

I appreciate every form of support and assistance I've gotten so far. I really want to put this behind me and continue building for the future.

Here's my wallet address that was hacked: 0xC75E34E3ee9a343041B3322E1bD97b4940Ed721d

Here's the wallet address of the person that robbed me : 0x158ccd4e081cb0701b724780042fef5bb963347e

I'll be back stronger

My mum didn't raise a quitter and I'm certainly not going to let this event destroy everything I've struggled to build in the past 4 years.

This is an expensive lesson that I'd have preferred not to experience but it has happened. Now I have to stay strong and keep moving forward.

I wanted to buy a Nano Ledger X but that's not available in any local store in Nigeria. I'm expecting the Nano S in a few days, and after that, I'll be back on BSC, doing my thing again.

Posted Using LeoFinance Beta


My mum didn't raise a quitter and I'm certainly not going to let this event destroy everything I've struggled to build in the past 4 years.

💪💪

1

https://twitter.com/belemo__/status/1458319420187623424
The rewards earned on this comment will go directly to the person sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.

2

This is a painful experience but you have to be strong and never stop building..

Posted Using LeoFinance Beta

0

Thanks bro. I have to keep pushing. It is what it is

Posted Using LeoFinance Beta

2

So sorry for the lost. Most times, even our clipboard gets attacked by bugs and those bugs could be a way hackers make their way into wallets.

You'll bounce stronger

Posted Using LeoFinance Beta

0

Thanks bro. I will

2

Too bad. Sorry for the loss bro. It's a sad experience having worked hard and acquire much and someone out there steal it. Be strong.

0

Have to keep moving forward.

2

I need to learn proper security now before I have a lot and lose it all. I'd hate to learn this the hard way. It sucks but it's a lesson for many of us.

Posted Using LeoFinance Beta

0

From all the information I've gotten so far, I think your best bet is to buy the Ledger Nano S hardware wallet to protect your assets.

With that hardware wallet, you need to physically conform every transaction. I should have gotten it since but I dey slack. It is about 79k on Jumia sha

2

I'll add that to my projects I guess, for now, I feel like having most of my funds here on the blockchain can suffice.

Posted Using LeoFinance Beta

0
1 yr (edited)

Bro let me contact Chuta and see if he has one, I bought mine from him

Posted Using LeoFinance Beta

0

I'm so sorry about this. I don't know if it'll help to ask on reddit as well.

0

I spoke to some devs already and it doesn't seem like there's any hope to retrieve the funds. However, at least I know what may have happened and I'm learning from it.

2
1 yr

It's hard to feel your pain, my regrets!

So what were the scammers' options? Or share when switching to Ledger Nano S?

0

It might be an expensive lesson, but we do have these moments to ensure we rise higher then before

We the hive community will look after each other

0

I really appreciate the support. Thank you kind sir

2
1 yr (edited)

Also, I just contacted you on Twitter

3

It been sent :)

0

I thought the title was a joke or the long shot to the real news. You have no idea how shocked I feel. I'm terribly sorry but you'll bounce back. And now, the next 79k I'll have is to get the Nano ledger. I really wouldn't like this to happen to me. But is there really no concrete speculation as to what happened?

0

I think a smart contract I used might have been the reason. I scanned my computer and there's no threat.

1

I am deeply sorry for your loss but like the strong person i know you to be, you'll bounce back.

0

Hopefully, the mystery will be deciphered by someone in order to offer some points for others to consider and be safer when interacting with cryptocurrencies. Has somebody else accessed any of your device(s), did you use any free wireless network that might have captured your traffic?

Posted Using LeoFinance Beta

0

Sorry to hear the news that is grim.

I've got very paranoid since hearing it.

I secure my MetaMask with a Trezor - all my seed phrases are on two encrypted USBs (the data gets wiped after 6 incorrect attempts). (You might find the NANO interface infuriating btw, you'll see what I mean when you start having to deal with the piddly little toggle keys on the device).

Those seed phrases are the things to keep really secure and defo nowhere on your computer.

Glad to hear you're bouncing back immediately, it's all you can, do, get a plan to earn back those funds.

Posted Using LeoFinance Beta

2
1 yr

Be also very careful with any spending approvals that you authorise as well... they don't need a seed phrase if you have given the okay to spend everything!

3

Fair point, I've been through everything on my non Trezored MM accounts and revoked most authorities.

Posted Using LeoFinance Beta

2

I got Nano because it now supports Hive and it's the only one I can get within a week. The alternative is to wait for weeks or months for international shipping

2

Ah fair enough, well it will still work!

Posted Using LeoFinance Beta

0

What would you put into that Nano thing now —a hive shitcoin? 😏

1

Sorry about this bro. I feel so sad that I can’t do anything to help. You’ll def come back stronger.

0

Thanks man. I'm just going to slowly build back and try to make the best out of the situation.

2

Very sorry to hear that. I hope you can recover and come back stronger like you said. Good luck, I keep reading your posts and like it.

Posted Using LeoFinance Beta

1

This is so sad to hear, am so sorry this happened to you. I’m being vigilant now, stay strong brother.

1
1 yr

I wonder if you are rootkitted/keylogged... if that was the case, your HIVE account should also be compromised?

Anyway, try to also remember back to see if you approved any funny tokens as well... I saw something for BSteem that I don't know if it is a legitimate thing or not? Some of the scam tokens unlock a bit more authority than you realise (I think that if contracts are upgradable that is even worse?), so when you go to dump/use them you might find that you have signed away something that you didn't want to.

You don't need to have exposed your seeds if you approved spending... that said, doesn't hurt to check if your are infected!

1

Fuck bro🤦🏾‍♂️🤦🏾‍♂️

0

That's the only way to describe the feeling man. FUCK!!!

6
1 yr (edited)

I'm not a crypto expert, but just wondering why you put your ETH and BSC wallet address at the end of your posts, that's an invitation to hack it. Also, how is it that you ask for support when you are dealing with $10,000 worth of crypto? That's not a terribly big amount of money in my country, but I guess it's a fortune in yours. For me, that's another reason why the address shouldn't be there.

Also, if you got money on the Cub/BUSD farm and so on, it occurs to me the hacker must have known that you were investing in those places in order to withdraw the money and, therefore, is either someone close to you or a member of the community.

2
1 yr

you can get all the rich addresses on ethereum based networks without any problem, it is not a matter of sharing address or not.
it may bring unwanted attention, yes.
still I believe it was an opportunistic hack, not a targeted one

0
1 yr (edited)

Well... again, $10,000 is not a terribly big amount of money to bother about. Also, how did the hacker know he had invested in Cub and so on? Am I missing something?

0
1 yr

once you have private key, you have address and you can check history of the account.

there is cub finance text on page 2 straight away + lots of interactions with contracts from cub finance (you need to get into contract) everywhere
https://bscscan.com/txs?a=0xC75E34E3ee9a343041B3322E1bD97b4940Ed721d&p=2