I am an fool, no doubts about that. For greater than a decade in crypto, I managed to outlive* (nearly) with out dropping a dime to a number of hacks/scams/losses/thefts.
On Friday they caught me off guard. Right here is the way it occurred, so you may keep away from it if the identical occurs to you:
-
I used to be touring along with my household, away from my laptop computer, and with my thoughts centered on different issues and priorities.
-
A trusted pal who is aware of me nicely, sends me a telegram message with the next textual content: “Examine this out” -> hyperlink to a tweet”.
-
The tweet was speaking concerning the zkSync airdrop, which I used to be very a lot trying ahead to, and which I instructed him some weeks in the past. I used to be conscious that no airdrop had been introduced and that a number of rip-off makes an attempt had been round.
-
Just a few weeks earlier, I used my most important ETH scorching pockets to carry out an entire bunch of actions to work together with zkSync (1 and a pair of), simply to mess around with it.
-
In order I used to be within the automobile, and since I used to be anxious to know if that was the actual airdrop, I opened the tweet (which btw remains to be on-line as of now, 5 days later —> https://imgur.com/a/ITBH31u
-
I learn the tweet, and on a fast first look it appeared very legit: it got here from what gave the impression to be a dev: blue checkmark (FU Elon), Twitter account joined in 2012, 300k followers, 900 retweets.
-
FOMO kicked in. Fuck me. This should be IT, all the pieces checks. A trusted pal despatched it to me, and the Twitter account is actual.
-
I already carried out a lot of the actions required to take part in “the airdrop” (work together with zkSync in several methods). All I’ve to do is simply go to the web site, join with Metamask and be a part of the whitelist.
-
I wished to get it performed as quick as I probably might, so I might neglect about it and go on with my household journey. No have to test additional. (took me off guard, instructed you).
-
So I went on the web site (if I solely paid extra consideration to the URL… ), and related my Metamask cell pockets to it. He requested me to signal one thing to affix the white checklist. Then nothing occurred. OK, I made it!
-
My pockets was absolutely “loaded” as I used to be gathering liquidity to start out a minipool on the subsequent week :(.
-
1 hour later I obtain an alert from a watched pockets on etherscan. And I might see my complete ETH steadiness leaving my pockets utilizing the operate “SecurityUpdate” going out to https://etherscan.io/handle/0xd13b093eafa3878de27183388fea7d0d2b0abf9e .
-
I knew what occurred instantly. Reported the tweet, reported the handle on etherscan, and watch my ultrasound cash flying, together with hundreds of different incoming transactions from different folks.
-
This particular person/group is making thousands and thousands as I sort, and it appears unstoppable. To see his funds transferring OUT, he’s utilizing some type of inner transactions -> https://etherscan.io/handle/0xd13b093eafa3878de27183388fea7d0d2b0abf9e#internaltx
So, I’ve ONE essential query now: ought to I burn my Ethereum handle now and by no means use it once more? If I transfer ether on it, will he/she be capable to steal it from me once more, or was it only a one-off bundle tx he signed? He did not take my NFTs or my ENS. He did not take my ERC20 tokens (not a lot).
FML, do not FOMO. Do not work together with web3 from a smartphone. Do not maintain funds on a hotwallet which you could entry from a smartphone. Do not belief Twitter followers/retweets/creation date/ and do not belief the blue checkmark.
-
EDIT: I saved the ENS, however a “beneficial” NFT was additionally stolen within the hack
-
EDIT2: cannot transfer the signed copy of the Proof Of Stake e-book by vitalik
-
EDIT3: cannot transfer the well-earned POAPs 🙁
-
EDIT4: what fucked with my mind essentially the most is the Twitter Blue Checkmark. Twitter skilled my mind to belief these issues for greater than 10 years, and now in two weeks required my belief system to adapt to it. I am in my mid-thirties I haven’t got sufficient neuroplasticity to vary my mind on the spot.
![Switched from first-gen hardware wallets to fully airgapped QR signing… and wow. [Keystone 3 Pro review]](https://external-preview.redd.it/PyR8wfye9674tKNBXx-gCs0nkqOf2vEm7T8-Wwg7nSs.jpeg?width=320&crop=smart&auto=webp&s=68c4f1dd66dbbea4d21ac33fd3d546ebc7692984 "Switched from first-gen hardware wallets to fully airgapped QR signing… and wow. [Keystone 3 Pro review]")
