MEW wallet [compromised/hacked]

[Text]

I had no idea that my MEW wallet had been compromised.  I use their android mobile app.  When I woke up this morning I wondered why I had a successful transaction three hours ago when I looked at the notifs, I hadn't done a transaction there yet.  Because my last transaction there was in June last year.

Main account (public address): 0xf6D938d1773c65FD1769778D4B51243a801D29D5



1st Transaction: (IN)
0.005 Ether

Transaction Hash:
0x8da37be83ed6a57de0515b796d0e930ed185f3a337dfaef3930c0206f3fdb0e1
From: 0x63080fc711b2603133b2196cee482c752c0f55b8


2nd Transaction: (IN)
0.02 Ether

Transaction Hash: 0xa08690de7322883eb69f156f41f0edd8d00557643ffb396a9eadc8c57b7e47e2
From: 0x63080fc711b2603133b2196cee482c752c0f55b8


3rd Transaction: (OUT)
2,856,292 Dentacoin

Transaction Hash:
0xd10e0990f8d77d234337808fdafa402e3b8070a7bb2a2c3c1be7816cda30024a
Sent to: 0xd6bea1389a85275e320e9f900611ebbe93b91144


4th Transaction: (OUT)
3,159.997685 SONM Token (SNM)

Transaction Hash: 0x5fed842bf0657b5449d6958791037dbb6b97fce4f3aa217be89c9f3c10b340ec
Sent to: 0x2c6503f6caf53ece8684c410a7e31d0f5fea50d8


5th Transaction: (OUT)
0.016151732 Ether

Transaction Hash:
0xc3a8ac30695085bbd66578a4952b4acdb2b81caf6fbc5afa0581343e457e1ef9
Sent to: 0x63080fc711b2603133b2196cee482c752c0f55b8


I knew there was nothing I could do because I couldn’t take it back.  It's just a pity because I kept them for so long that I didn't think it would happen to me either.  I became comfortable that my device was safe and protected.  So now, I'm worried that my other accounts, wallets, crypto or not might be affected.

[Bitcoin_Arena]

So sorry my friend, It's likely your mnemonic seed leaked somehow.

Can you remember where you stored it? Notepad? Cloud service? Email? Instant messaging apps like telegram?

Did you try to restore you wallet backup in a newly downloaded wallet recently?

[Text]

So sorry my friend, It's likely your mnemonic seed leaked somehow.

Can you remember where you stored it? Notepad? Cloud service? Email? Instant messaging apps like telegram?

Did you try to restore you wallet backup in a newly downloaded wallet recently?

Maybe that’s the reason.  As far as I can remember, I was able to store some private keys, seed phrases in my notes or I was also able to use messenger IM when I needed to open a web browser, copy-paste method, cp (messenger) to pc,  sometimes I take a screenshot and automatically back-up to my mail cloud service.  This app is also installed on my old phone that my sister is now using and on my other cp that was just stolen last year.

[Bitcoin_Arena]

Maybe that’s the reason.  As far as I can remember, I was able to store some private keys, seed phrases in my notes or I was also able to use messenger IM when I needed to open a web browser, copy-paste method, cp (messenger) to pc,  sometimes I take a screenshot and automatically back-up to my mail cloud service.  This app is also installed on my old phone that my sister is now using and on my other cp that was just stolen last year.

Basing on your response. It's clear that you never carried out proper security practices for your wallets. Some wallet security mistakes they advise newbies to avoid are;
1. Never screenshot your wallet seeds or private keys
2. Never keep your  wallet seeds of private keys on a notepad, emails, Messenger, telegram, Google Drive, Dropbox or any online cloud service. You are supposed to manually copy the seed on a paper or print your paper wallet offline and store it in a safe place.

Also, despite your PC getting stolen, you didn't bother transferring the funds from your possibly compromised wallet to a freshly created wallet.

Please take note of your security mistakes so that you avoid losing funds in future

[Text]

Basing on your response. It's clear that you never carried out proper security practices for your wallets. Some wallet security mistakes they advise newbies to avoid are;
1. Never screenshot your wallet seeds or private keys
2. Never keep your  wallet seeds of private keys on a notepad, emails, Messenger, telegram, Google Drive, Dropbox or any online cloud service. You are supposed to manually copy the seed on a paper or print your paper wallet offline and store it in a safe place.

Also, despite your PC getting stolen, you didn't bother transferring the funds from your possibly compromised wallet to a freshly created wallet.

Please take note of your security mistakes so that you avoid losing funds in future

I admit that I made a mistake that even though I knew what I was doing was risky, I continued.  But the main reason I see that the hacker had access to my account is that I accessed my wallet on the MEW web using a private key that is not recommended.  Because my email and socmed, or other IM accounts are secured because I apply the security options such as SMS verification, email codes, and other 2nd layers of protection that are available.  Because they notify me when there is suspicious activity and there are other or new devices trying to access the accounts I mentioned.

Maybe he has been monitoring my wallet account for a long time and just waited for the opportunity for prices to rise and then he committed the theft.

[cryptoaddictchie]

So sorry mate. It seems that they really stole your funds and you are right. Probably they are watching the wallet for a long time and just waiting for a good time to conduct the the incident. Now, they really did it and get some money out of it. Sorry to hear that, most likely you need to do now is secure your other wallets while still you can. The one that has been compromised is already a dead wallet and dangerous for even to you to use on such transactions. I'm wondering how could they get your file in spite of your security Im thinking it's a close friend of you who double crosses you.

[Text]

So sorry mate. It seems that they really stole your funds and you are right. Probably they are watching the wallet for a long time and just waiting for a good time to conduct the the incident. Now, they really did it and get some money out of it. Sorry to hear that, most likely you need to do now is secure your other wallets while still you can. The one that has been compromised is already a dead wallet and dangerous for even to you to use on such transactions. I'm wondering how could they get your file in spite of your security Im thinking it's a close friend of you who double crosses you.

Hopefully, nothing else will be affected by my accounts and wallets.  That hacker is very sharp because he knows what he is doing.  It looks like that is his job to make money.  What if there was a thread here that lists all the scammer and addresses used by hackers.  It seems that he was able to transfer the tokens to another address where he stored the ones he stole.  We don't know if the hacker is a member of this forum and can be connected to other addresses he uses. Can a mixer be used for ETH?

I don’t think a friend or acquaintance of mine did it because I don’t see or notice anything suspicious, and I also don’t have a friend who knows crypto here with us.  So there is very little chance that this will be possible.

[lovesmayfamilis]

You are missing one more thing. The mobile application you were using. Was it correct? Today, viruses for the android system have also become popular. Moreover, you are talking about the fact that not only you but also your sister used the phone, which means maybe someone else. Check completely the equipment you are using

[examplens]

Main account (public address): 0xf6D938d1773c65FD1769778D4B51243a801D29D5

You are probably a victim of keylogger software. It has been enough just to click on a suspicious link from an email, PM through social media, etc... (Don't ask me how I know)
If you use these wallets only on the MEW app, you probably need to clean your mobile device to zero. Also, it may be some of the later apps which you installed had malicious code inside. So be careful in the future.

I see, you still have some funds there, it will be best if you can withdraw it from there, but due to the high ETH fee, I am not sure how profitable it is.
you can register at Etherscan.io, and or activate the telegram bot @ethplorer_bot to watch your ETH address. Then you will be notified if there any change in your address. So, if you are on time, there is a chance to use the hacker's ETh (which he must send for tx fee's). I did it few times 

[Jating]

Just sad to hear this story, I haven't access my MEW wallet for a while, and I access them same with the OP, through PK (yes I know that it is not safe). Luckily all my old tokens are safe, however, I move it to my other wallets just to be sure.

Yeah, probably you caught some malware with a keylogger that's why they are very quick to empty your MEW. If they left something, I'll advise to move it as well.

[Little Mouse]

Against whom your scam accusation is? It seems like your accusation is against Mew which makes no sense. They always alert you to have the secure way to generate your private keys.
I think this would be best to post in Beginners board so that other people can be aware.

[Bitcoin_Arena]

Hopefully, nothing else will be affected by my accounts and wallets.  That hacker is very sharp because he knows what he is doing.  It looks like that is his job to make money.  What if there was a thread here that lists all the scammer and addresses used by hackers.  It seems that he was able to transfer the tokens to another address where he stored the ones he stole.  We don't know if the hacker is a member of this forum and can be connected to other addresses he uses. Can a mixer be used for ETH?

I don’t think a friend or acquaintance of mine did it because I don’t see or notice anything suspicious, and I also don’t have a friend who knows crypto here with us.  So there is very little chance that this will be possible.

I doubt if he's a member here. Even if he was, he would be a very stupid hacker to use an address which could link to his profile. Ether addreses are easy to generate so keeping track of all Ether addresses of hackers is very hard.

Personally, I have never seen an Ether mixer but the hacker could easily decentralized exchanges  to swap the coins and it would be hard to track him after that

[Myleschetty]

So sorry mate. It seems that they really stole your funds and you are right. Probably they are watching the wallet for a long time and just waiting for a good time to conduct the the incident. Now, they really did it and get some money out of it. Sorry to hear that, most likely you need to do now is secure your other wallets while still you can. The one that has been compromised is already a dead wallet and dangerous for even to you to use on such transactions. I'm wondering how could they get your file in spite of your security Im thinking it's a close friend of you who double crosses you.

Hopefully, nothing else will be affected by my accounts and wallets.  That hacker is very sharp because he knows what he is doing.  It looks like that is his job to make money.  What if there was a thread here that lists all the scammer and addresses used by hackers.  It seems that he was able to transfer the tokens to another address where he stored the ones he stole.  We don't know if the hacker is a member of this forum and can be connected to other addresses he uses. Can a mixer be used for ETH?

Yes but there is no genuine crypto mixer for ETH and if you keep track of all the wallet where the hacker send the coins to, googling it or check the one that link to exchange site and report it the wallet.
You might be advantageous.

[aioc]

Yes but there is no genuine crypto mixer for ETH and if you keep track of all the wallet where the hacker send the coins to, googling it or check the one that link to exchange site and report it the wallet.
You might be advantageous.

What do you mean there is no genuine Ethereum mixer here, there are some mixers that are dedicated to mixing Ethereum, have you used their services and found out that they are not really mixing the transactions, I did research using Google and I found three mixers that are dedicated to mixing Ethereum and they have good reviews, but I do hope that you can trace the hacker of your wallet.

[bL4nkcode]

This is so sad to hear from a user who actively posting and giving advices to newbies here.

Actually, the method use in mew is too risky that always expose your private keys from copy pasting it to the wallet web browser/app.

Against whom your scam accusation is? It seems like your accusation is against Mew which makes no sense. They always alert you to have the secure way to generate your private keys.
I think this would be best to post in Beginners board so that other people can be aware.

This is not an accusation probably as there's no indicated suspect, just a reminder and a awareness, actually scam accusation board suits the thread as well though it can be moved to B&H too.

[Furious 7]

There are many cases like this and I saw in several groups on Facebook and I joined them that their funds were sent by themselves without the owner doing it, I don't know if this is a virus that is busy and what Lovemyfamilis is talking about is also true but not completely correct.

But what you mentioned is the origin, it makes sense, maybe someone has known your seed phrase for a long time so they can pick it up now that the price has gone up.

It is much better to have to secure your assets because I am sure that in the future they will take your funds again.

[khaled0111]

As long as you still don't know how exactly your mew got hacked, you should consider the possibility that all your other wallets and accounts got compromised too and act accordingly.
The first and obvious thing to do is to move all your coins to a secure wallet and reset all your accounts password from a clean device as soon as possible.

Then, you have to figure out how you got hacked (downloaded apps from untrusted sources, saved your seeds online...) in order to take the appropriate action and stop any further damage.
Really sorry for your loss!

[Text]

You are missing one more thing. The mobile application you were using. Was it correct? ~snip

Yes, I'm sure the mobile app I'm using is correct. Downloaded it from the official site and the developer is MyEtherWallet. But my sister doesn't know anything about crypto, so she doesn't visit sites and use crypto-related apps.

~snip
bot @ethplorer_bot to watch your ETH address. Then you will be notified if there any change in your address. So, if you are on time, there is a chance to use the hacker's ETh (which he must send for tx fee's). I did it few times 

I tried to follow it but I can't see in my etherscan profile the telegram connection.

[Bitcoin_Arena]

I tried to follow it but I can't see in my etherscan profile the telegram connection.
https://i.ibb.co/xMFTN8m/IMG-20210330-203356.jpg

He's talking about Ethplorer.io not etherscan

On Ethplorer, there's an option to sign Up or create a profile in the top right corner, or you can visit this link - https://ethplorer.io/wallet/#login

Once you have logged in, click on Profile the scroll to the Notifications section.
You will be able to see an option to connect your telegram account. Click on it.

[Text]

He's talking about Ethplorer.io not etherscan

On Ethplorer, there's an option to sign Up or create a profile in the top right corner, or you can visit this link - https://ethplorer.io/wallet/#login

Once you have logged in, click on Profile the scroll to the Notifications section.
You will be able to see an option to connect your telegram account. Click on it.

I'm sorry, I thought the connection to the telegram would still be done on the etherscan itself.  I forgot that it was separate.  But thanks to your feedback, I was able to successfully connect my account and profile address just now.

Thanks also to @examplens.