Try Quests to earn cryptoThe data driven investigation of a phishing scam
In this dashboard I investigate the transfers in and out of a hacker's wallet that received stolen tokens, which were taken from my Metamask wallet on Ethereum, Polygon, and Binance Smart Chain.
Context
On New Year's Eve in 2021, I returned home from a long trip and discovered that my metamask wallet was empty. As a relatively new user of cryptocurrency and decentralized apps, I was shocked and couldn't believe that all my assets on Ethereum, Binance Smart Chain, and Polygon were gone. Initially, I mourned the loss and wondered how it could have happened, questioning whether my computer had been hacked and if my other wallets, such as Phantom Solana, were also compromised.
After pondering the situation, I recalled receiving an email from what I believed to be Metamask's support team. However, upon further examination, I discovered that it was a fake email and that I had indeed fallen victim to a phishing scam. Over a year later, I revisited this story and decided to investigate the hack using Flipside data.
This dashboard will provide a brief overview of the stolen tokens and how they were taken, examine the transfers in and out of the hacker's wallet, and attempt to identify the final destination of the tokens before they were cashed out. Join me on this journey to uncover the details of my experience with cryptocurrency theft and learn what hackers do with your stolen wallets.
My Metamask wallet contained assets on three chains: Ethereum, Polygon, and Binance Smart Chain (BSC). Specifically, I had ETH ⟠ on Ethereum, assets deposited in pools on SushiSwap and Hop on Polygon, and WMatic and BNB on Binance.
Unfortunately, the theft occurred within a 10-minute window and resulted in the loss of all my assets, including those in liquidity pools and tokens.
The stolen tokens were transferred to a Metamask wallet with the address '0x7444a295ceedb48c620bf20eedcfdda1b03dda6a', which I refer to as the hacker wallet throughout this dashboard. The icon for this wallet is '👾 wallet.'
The list of the transactions can be seen from the table below.
Ethereum
The table below displays all incoming and outgoing transactions associated with the hacker wallet on the Ethereum chain. As indicated, it appears that I was not the only victim of this hacker. In fact, the hacker had been accumulating all received or stolen ETH since June 25, 2021, and eventually sent it all on March 26, 2022 to the following wallet: 0xaadb2228f4edd9028c0a638198b93a00cd3e3fd6.
Interestingly, an amount of MATIC that was received on January 11, 2022, was not sent to the same address. Instead, it was sent to a Binance address two months later, as revealed by the transaction records.
The data indicates that the wallets accumulated by the hacker on Ethereum, Polygon, and Binance Smart Chain were eventually transferred to a single wallet in mid to late March 2022.
Further examination of incoming and outgoing transactions from this wallet confirms that it was the final destination for tokens on decentralized networks. The hacker(s) used this wallet to transfer tokens to centralized exchanges such as Binance, Coinex, and MEXC.
In summary, this dashboard describes the author's personal experience of falling victim to a phishing scam, resulting in the loss of assets on Ethereum, Polygon, and Binance Smart Chain. The stolen tokens were transferred to a hacker wallet, which had been accumulating stolen ETH since June 2021, and then all tokens were sent to a single wallet in March 2022. The hacker(s) used this wallet to transfer tokens to centralized exchanges for cashing out.
It is clear that cryptocurrency theft is a serious issue that affects individuals and the broader community. This investigation into the hack of my Metamask wallet highlights the importance of taking steps to protect one's assets and being vigilant against phishing scams. However, it is also important to recognize the role of centralized exchanges in facilitating the movement of stolen assets from decentralized networks to traditional finance systems. While it is challenging to identify and track the movement of stolen assets, centralized exchanges have a responsibility to implement and enforce robust security measures to prevent the laundering of stolen cryptocurrency. It is crucial for the industry to work towards improving security practices and collaboration between centralized and decentralized systems to address the growing threat of cryptocurrency theft.