Bitcoin Forum
November 02, 2024, 01:02:06 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: MEW wallet [compromised/hacked]  (Read 515 times)
Text (OP)
Hero Member
*****
Offline Offline

Activity: 2548
Merit: 604



View Profile
March 26, 2021, 10:31:42 PM
Last edit: March 26, 2021, 11:20:57 PM by Text
 #1

I had no idea that my MEW wallet had been compromised.  I use their android mobile app.  When I woke up this morning I wondered why I had a successful transaction three hours ago when I looked at the notifs, I hadn't done a transaction there yet.  Because my last transaction there was in June last year.

Main account (public address): 0xf6D938d1773c65FD1769778D4B51243a801D29D5



1st Transaction: (IN)
0.005 Ether

Transaction Hash:
0x8da37be83ed6a57de0515b796d0e930ed185f3a337dfaef3930c0206f3fdb0e1
From: 0x63080fc711b2603133b2196cee482c752c0f55b8



2nd Transaction: (IN)
0.02 Ether

Transaction Hash: 0xa08690de7322883eb69f156f41f0edd8d00557643ffb396a9eadc8c57b7e47e2
From: 0x63080fc711b2603133b2196cee482c752c0f55b8



3rd Transaction: (OUT)
2,856,292 Dentacoin

Transaction Hash:
0xd10e0990f8d77d234337808fdafa402e3b8070a7bb2a2c3c1be7816cda30024a
Sent to: 0xd6bea1389a85275e320e9f900611ebbe93b91144



4th Transaction: (OUT)
3,159.997685 SONM Token (SNM)

Transaction Hash: 0x5fed842bf0657b5449d6958791037dbb6b97fce4f3aa217be89c9f3c10b340ec
Sent to: 0x2c6503f6caf53ece8684c410a7e31d0f5fea50d8



5th Transaction: (OUT)
0.016151732 Ether

Transaction Hash:
0xc3a8ac30695085bbd66578a4952b4acdb2b81caf6fbc5afa0581343e457e1ef9
Sent to: 0x63080fc711b2603133b2196cee482c752c0f55b8



I knew there was nothing I could do because I couldn’t take it back.  It's just a pity because I kept them for so long that I didn't think it would happen to me either.  I became comfortable that my device was safe and protected.  So now, I'm worried that my other accounts, wallets, crypto or not might be affected.

Bitcoin_Arena
Copper Member
Legendary
*
Offline Offline

Activity: 2114
Merit: 1814


฿itcoin for all, All for ฿itcoin.


View Profile
March 26, 2021, 11:01:30 PM
 #2

So sorry my friend, It's likely your mnemonic seed leaked somehow.

Can you remember where you stored it? Notepad? Cloud service? Email? Instant messaging apps like telegram?

Did you try to restore you wallet backup in a newly downloaded wallet recently?

Text (OP)
Hero Member
*****
Offline Offline

Activity: 2548
Merit: 604



View Profile
March 26, 2021, 11:44:12 PM
 #3

So sorry my friend, It's likely your mnemonic seed leaked somehow.

Can you remember where you stored it? Notepad? Cloud service? Email? Instant messaging apps like telegram?

Did you try to restore you wallet backup in a newly downloaded wallet recently?

Maybe that’s the reason.  As far as I can remember, I was able to store some private keys, seed phrases in my notes or I was also able to use messenger IM when I needed to open a web browser, copy-paste method, cp (messenger) to pc,  sometimes I take a screenshot and automatically back-up to my mail cloud service.  This app is also installed on my old phone that my sister is now using and on my other cp that was just stolen last year.

Bitcoin_Arena
Copper Member
Legendary
*
Offline Offline

Activity: 2114
Merit: 1814


฿itcoin for all, All for ฿itcoin.


View Profile
March 27, 2021, 12:36:06 AM
 #4

Maybe that’s the reason.  As far as I can remember, I was able to store some private keys, seed phrases in my notes or I was also able to use messenger IM when I needed to open a web browser, copy-paste method, cp (messenger) to pc,  sometimes I take a screenshot and automatically back-up to my mail cloud service.  This app is also installed on my old phone that my sister is now using and on my other cp that was just stolen last year.
Basing on your response. It's clear that you never carried out proper security practices for your wallets. Some wallet security mistakes they advise newbies to avoid are;
1. Never screenshot your wallet seeds or private keys
2. Never keep your  wallet seeds of private keys on a notepad, emails, Messenger, telegram, Google Drive, Dropbox or any online cloud service. You are supposed to manually copy the seed on a paper or print your paper wallet offline and store it in a safe place.

Also, despite your PC getting stolen, you didn't bother transferring the funds from your possibly compromised wallet to a freshly created wallet.

Please take note of your security mistakes so that you avoid losing funds in future

Text (OP)
Hero Member
*****
Offline Offline

Activity: 2548
Merit: 604



View Profile
March 27, 2021, 02:11:02 AM
 #5

Basing on your response. It's clear that you never carried out proper security practices for your wallets. Some wallet security mistakes they advise newbies to avoid are;
1. Never screenshot your wallet seeds or private keys
2. Never keep your  wallet seeds of private keys on a notepad, emails, Messenger, telegram, Google Drive, Dropbox or any online cloud service. You are supposed to manually copy the seed on a paper or print your paper wallet offline and store it in a safe place.

Also, despite your PC getting stolen, you didn't bother transferring the funds from your possibly compromised wallet to a freshly created wallet.

Please take note of your security mistakes so that you avoid losing funds in future
I admit that I made a mistake that even though I knew what I was doing was risky, I continued.  But the main reason I see that the hacker had access to my account is that I accessed my wallet on the MEW web using a private key that is not recommended.  Because my email and socmed, or other IM accounts are secured because I apply the security options such as SMS verification, email codes, and other 2nd layers of protection that are available.  Because they notify me when there is suspicious activity and there are other or new devices trying to access the accounts I mentioned.

Maybe he has been monitoring my wallet account for a long time and just waited for the opportunity for prices to rise and then he committed the theft.

cryptoaddictchie
Legendary
*
Offline Offline

Activity: 2254
Merit: 1376


Fully Regulated Crypto Casino


View Profile
March 27, 2021, 04:38:12 AM
 #6

So sorry mate. It seems that they really stole your funds and you are right. Probably they are watching the wallet for a long time and just waiting for a good time to conduct the the incident. Now, they really did it and get some money out of it. Sorry to hear that, most likely you need to do now is secure your other wallets while still you can. The one that has been compromised is already a dead wallet and dangerous for even to you to use on such transactions. I'm wondering how could they get your file in spite of your security Im thinking it's a close friend of you who double crosses you.

▄▄███████████████████▄▄
▄███████████████████████▄
████████▀░░░░░░░▀████████
███████░░░░░░░░░░░███████
███████░░░░░░░░░░░███████
██████▀░░░░░░░░░░░▀██████
██████▄░░░░░▄███▄░▄██████
██████████▀▀█████████████
████▀▄██▀░░░░▀▀▀░▀██▄▀███
███░░▀░░░░░░░░░░░░░▀░░███
████▄▄░░░░▄███▄░░░░▄▄████
▀███████████████████████▀
▀▀███████████████████▀▀
 
 CHIPS.GG 
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
███▀░▄░▀▀▀▀▀░▄░▀███
▄███
░▄▀░░░░░░░░░▀▄░███▄
▄███░▄░░░▄█████▄░░░▄░███▄
███░▄▀░░░███████░░░▀▄░███
███░█░░░▀▀▀▀▀░░░▀░░░█░███
███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░██
▀███
░▀░▀▄██▀░▀██▄▀░▀░██▀
▀███
░▀▄░░░░░░░░░▄▀░██▀
▀███▄
░▀░▄▄▄▄▄░▀░▄███▀
▀█
███▄▄▄▄▄▄▄████▀
█████████████████████████
▄▄███████▄▄
███
████████████▄
▄█▀▀▀▄
█████████▄▀▀▀█▄
▄██████▀▄▄▄▄▄▀██████▄
▄█████████████▄████████▄
████████▄███████▄████████
█████▄█████████▄██████
██▄▄▀▀▀▀█████▀▀▀▀▄▄██
▀█████████▀▀███████████▀
▀███████████████████▀
██████████████████
▀████▄███▄▄
████▀
████████████████████████
3000+
UNIQUE
GAMES
|
12+
CURRENCIES
ACCEPTED
|
VIP
REWARD
PROGRAM
 
 
  Play Now  
Text (OP)
Hero Member
*****
Offline Offline

Activity: 2548
Merit: 604



View Profile
March 27, 2021, 07:46:11 AM
 #7

So sorry mate. It seems that they really stole your funds and you are right. Probably they are watching the wallet for a long time and just waiting for a good time to conduct the the incident. Now, they really did it and get some money out of it. Sorry to hear that, most likely you need to do now is secure your other wallets while still you can. The one that has been compromised is already a dead wallet and dangerous for even to you to use on such transactions. I'm wondering how could they get your file in spite of your security Im thinking it's a close friend of you who double crosses you.
Hopefully, nothing else will be affected by my accounts and wallets.  That hacker is very sharp because he knows what he is doing.  It looks like that is his job to make money.  What if there was a thread here that lists all the scammer and addresses used by hackers.  It seems that he was able to transfer the tokens to another address where he stored the ones he stole.  We don't know if the hacker is a member of this forum and can be connected to other addresses he uses. Can a mixer be used for ETH?

I don’t think a friend or acquaintance of mine did it because I don’t see or notice anything suspicious, and I also don’t have a friend who knows crypto here with us.  So there is very little chance that this will be possible.

lovesmayfamilis
Legendary
*
Offline Offline

Activity: 2268
Merit: 4532


✿♥‿♥✿


View Profile
March 27, 2021, 08:39:48 AM
 #8

You are missing one more thing. The mobile application you were using. Was it correct? Today, viruses for the android system have also become popular. Moreover, you are talking about the fact that not only you but also your sister used the phone, which means maybe someone else. Check completely the equipment you are using

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
examplens
Legendary
*
Offline Offline

Activity: 3458
Merit: 3479


Crypto Swap Exchange


View Profile WWW
March 27, 2021, 10:32:31 AM
Merited by Text (1)
 #9

Main account (public address): 0xf6D938d1773c65FD1769778D4B51243a801D29D5


You are probably a victim of keylogger software. It has been enough just to click on a suspicious link from an email, PM through social media, etc... (Don't ask me how I know)
If you use these wallets only on the MEW app, you probably need to clean your mobile device to zero. Also, it may be some of the later apps which you installed had malicious code inside. So be careful in the future.

I see, you still have some funds there, it will be best if you can withdraw it from there, but due to the high ETH fee, I am not sure how profitable it is.
you can register at Etherscan.io, and or activate the telegram bot @ethplorer_bot to watch your ETH address. Then you will be notified if there any change in your address. So, if you are on time, there is a chance to use the hacker's ETh (which he must send for tx fee's). I did it few times  Wink

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Jating
Hero Member
*****
Offline Offline

Activity: 3108
Merit: 882


DGbet.fun - Crypto Sportsbook


View Profile
March 27, 2021, 10:53:52 AM
 #10

Just sad to hear this story, I haven't access my MEW wallet for a while, and I access them same with the OP, through PK (yes I know that it is not safe). Luckily all my old tokens are safe, however, I move it to my other wallets just to be sure.

Yeah, probably you caught some malware with a keylogger that's why they are very quick to empty your MEW. If they left something, I'll advise to move it as well.

Little Mouse
Legendary
*
Online Online

Activity: 2226
Merit: 2255


Marketing Campaign Manager |Telegram ID- @LT_Mouse


View Profile WWW
March 27, 2021, 04:44:10 PM
 #11

Against whom your scam accusation is? It seems like your accusation is against Mew which makes no sense. They always alert you to have the secure way to generate your private keys.
I think this would be best to post in Beginners board so that other people can be aware.

██████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
██████████████████████
.SHUFFLE.COM..███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
█████████████████████
████████████████████
██████████████████████
████████████████████
██████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
██████████████████████
██████████████████████
██████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
.
...Next Generation Crypto Casino...
Bitcoin_Arena
Copper Member
Legendary
*
Offline Offline

Activity: 2114
Merit: 1814


฿itcoin for all, All for ฿itcoin.


View Profile
March 27, 2021, 10:58:37 PM
 #12

Hopefully, nothing else will be affected by my accounts and wallets.  That hacker is very sharp because he knows what he is doing.  It looks like that is his job to make money.  What if there was a thread here that lists all the scammer and addresses used by hackers.  It seems that he was able to transfer the tokens to another address where he stored the ones he stole.  We don't know if the hacker is a member of this forum and can be connected to other addresses he uses. Can a mixer be used for ETH?

I don’t think a friend or acquaintance of mine did it because I don’t see or notice anything suspicious, and I also don’t have a friend who knows crypto here with us.  So there is very little chance that this will be possible.

I doubt if he's a member here. Even if he was, he would be a very stupid hacker to use an address which could link to his profile. Ether addreses are easy to generate so keeping track of all Ether addresses of hackers is very hard.

Personally, I have never seen an Ether mixer but the hacker could easily decentralized exchanges  to swap the coins and it would be hard to track him after that

Myleschetty
Member
**
Offline Offline

Activity: 1191
Merit: 78


View Profile
March 27, 2021, 11:19:42 PM
 #13

So sorry mate. It seems that they really stole your funds and you are right. Probably they are watching the wallet for a long time and just waiting for a good time to conduct the the incident. Now, they really did it and get some money out of it. Sorry to hear that, most likely you need to do now is secure your other wallets while still you can. The one that has been compromised is already a dead wallet and dangerous for even to you to use on such transactions. I'm wondering how could they get your file in spite of your security Im thinking it's a close friend of you who double crosses you.
Hopefully, nothing else will be affected by my accounts and wallets.  That hacker is very sharp because he knows what he is doing.  It looks like that is his job to make money.  What if there was a thread here that lists all the scammer and addresses used by hackers.  It seems that he was able to transfer the tokens to another address where he stored the ones he stole.  We don't know if the hacker is a member of this forum and can be connected to other addresses he uses. Can a mixer be used for ETH?
Yes but there is no genuine crypto mixer for ETH and if you keep track of all the wallet where the hacker send the coins to, googling it or check the one that link to exchange site and report it the wallet.
You might be advantageous.
aioc
Hero Member
*****
Offline Offline

Activity: 3080
Merit: 578



View Profile
March 28, 2021, 01:48:14 AM
 #14


Yes but there is no genuine crypto mixer for ETH and if you keep track of all the wallet where the hacker send the coins to, googling it or check the one that link to exchange site and report it the wallet.
You might be advantageous.

What do you mean there is no genuine Ethereum mixer here, there are some mixers that are dedicated to mixing Ethereum, have you used their services and found out that they are not really mixing the transactions, I did research using Google and I found three mixers that are dedicated to mixing Ethereum and they have good reviews, but I do hope that you can trace the hacker of your wallet.

bL4nkcode
Copper Member
Legendary
*
Offline Offline

Activity: 2142
Merit: 1307


Limited in number. Limitless in potential.


View Profile
March 28, 2021, 06:51:55 PM
 #15

This is so sad to hear from a user who actively posting and giving advices to newbies here.

Actually, the method use in mew is too risky that always expose your private keys from copy pasting it to the wallet web browser/app.


Against whom your scam accusation is? It seems like your accusation is against Mew which makes no sense. They always alert you to have the secure way to generate your private keys.
I think this would be best to post in Beginners board so that other people can be aware.
This is not an accusation probably as there's no indicated suspect, just a reminder and a awareness, actually scam accusation board suits the thread as well though it can be moved to B&H too.
Furious 7
Hero Member
*****
Offline Offline

Activity: 3038
Merit: 718


https://duelbits.com/


View Profile
March 28, 2021, 07:03:34 PM
 #16

There are many cases like this and I saw in several groups on Facebook and I joined them that their funds were sent by themselves without the owner doing it, I don't know if this is a virus that is busy and what Lovemyfamilis is talking about is also true but not completely correct.

But what you mentioned is the origin, it makes sense, maybe someone has known your seed phrase for a long time so they can pick it up now that the price has gone up.

It is much better to have to secure your assets because I am sure that in the future they will take your funds again.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
▄▄█▄▄░░▄▄█▄▄░░▄▄█▄▄
███░░░░███░░░░███
░░░░░░░░░░░░░
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░░░░███▄█░░░
░░██▌░░███░▀░░██▌
█░██░░███░░░██
█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀
.
REGIONAL
SPONSOR
███▀██▀███▀█▀▀▀▀██▀▀▀██
██░▀░██░█░███░▀██░███▄█
█▄███▄██▄████▄████▄▄▄██
██▀ ▀███▀▀░▀██▀▀▀██████
███▄███░▄▀██████▀█▀█▀▀█
████▀▀██▄▀█████▄█▀███▄█
███▄▄▄████████▄█▄▀█████
███▀▀▀████████████▄▀███
███▄░▄█▀▀▀██████▀▀▀▄███
███████▄██▄▌████▀▀█████
▀██▄█████▄█▄▄▄██▄████▀
▀▀██████████▄▄███▀▀
▀▀▀▀█▀▀▀▀
.
EUROPEAN
BETTING
PARTNER
khaled0111
Legendary
*
Offline Offline

Activity: 2702
Merit: 3035


Top Crypto Casino


View Profile WWW
March 28, 2021, 07:26:50 PM
 #17

As long as you still don't know how exactly your mew got hacked, you should consider the possibility that all your other wallets and accounts got compromised too and act accordingly.
The first and obvious thing to do is to move all your coins to a secure wallet and reset all your accounts password from a clean device as soon as possible.

Then, you have to figure out how you got hacked (downloaded apps from untrusted sources, saved your seeds online...) in order to take the appropriate action and stop any further damage.
Really sorry for your loss!

Text (OP)
Hero Member
*****
Offline Offline

Activity: 2548
Merit: 604



View Profile
March 30, 2021, 12:36:35 PM
 #18

You are missing one more thing. The mobile application you were using. Was it correct? ~snip
Yes, I'm sure the mobile app I'm using is correct. Downloaded it from the official site and the developer is MyEtherWallet. But my sister doesn't know anything about crypto, so she doesn't visit sites and use crypto-related apps.

~snip
bot @ethplorer_bot to watch your ETH address. Then you will be notified if there any change in your address. So, if you are on time, there is a chance to use the hacker's ETh (which he must send for tx fee's). I did it few times  Wink
I tried to follow it but I can't see in my etherscan profile the telegram connection.

Bitcoin_Arena
Copper Member
Legendary
*
Offline Offline

Activity: 2114
Merit: 1814


฿itcoin for all, All for ฿itcoin.


View Profile
April 02, 2021, 10:34:46 PM
Merited by Text (1)
 #19

I tried to follow it but I can't see in my etherscan profile the telegram connection.
https://i.ibb.co/xMFTN8m/IMG-20210330-203356.jpg

He's talking about Ethplorer.io not etherscan

On Ethplorer, there's an option to sign Up or create a profile in the top right corner, or you can visit this link - https://ethplorer.io/wallet/#login

Once you have logged in, click on Profile the scroll to the Notifications section.
You will be able to see an option to connect your telegram account. Click on it.


Text (OP)
Hero Member
*****
Offline Offline

Activity: 2548
Merit: 604



View Profile
April 03, 2021, 02:18:03 AM
 #20

He's talking about Ethplorer.io not etherscan

On Ethplorer, there's an option to sign Up or create a profile in the top right corner, or you can visit this link - https://ethplorer.io/wallet/#login

Once you have logged in, click on Profile the scroll to the Notifications section.
You will be able to see an option to connect your telegram account. Click on it.
I'm sorry, I thought the connection to the telegram would still be done on the etherscan itself.  I forgot that it was separate.  But thanks to your feedback, I was able to successfully connect my account and profile address just now.

Thanks also to @examplens.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!