[WARNING] Unknown Exploit Drained Over $10M in past 5 months

[bbc.reporter]

This exploit appears to be being used against Ethereum users and I speculate that other blockchains that were forked from Ethereum like Binance smartchain, Avalanche, Fantom and Tron might also have this problem.

The article also mentions that wallets between 2014 and 2022, however, was Ethereum not created until 2015?



A sophisticated wallet drainer has stolen more than $10M worth of assets since December 2022 across 11 different blockchains.

The exploit appears to target experienced users who created their wallets between 2014 and 2022, according to MyCrypto founder and CEO Taylor Monahan.

The attack vector remains undetermined, however. MetaMask, the leading wallet provider, said that its security team is working in tandem with other wallet providers to figure out the source of the exploit.

The attacker swapped users’ tokens for ETH, routing the trades through MetaMask Swap, Uniswap, or 0x.

They usually don’t drain NFTs, staked assets, and other low-cap tokens. However, in some cases, the leftover assets were stolen later.

Users with smaller amounts on Ethereum-compatible chains would have their assets bridged and moved out once the attacker had gathered enough ETH to pay for gas fees. The assets would then get converted into Bitcoin using services like FixedFloat, SideShift and SimpleSwap.

Within a week after the conversion, the assets would be run through a Bitcoin privacy mixer such as Coinomize, Wasabi, or CryptoMixer.

Monahan concluded by saying that the exploit is not specific to Metamask and that all wallets, including hardware wallets, are affected by this unknown yet active exploit.

Read in full https://thedefiant.io/unknown-wallet-exploit-10m

[1714576303]

1714576303

[Tytanowy Janusz]

$10 million is very little compared to the size of the entire network. currently the capitalization of ETH exceeds $200 billion, this makes this attack only 0.005% of the network. I doubt it's detectable as the accounts are old and the size of the attack is small. I don't think it's some major system bug threatening the entire network.

[vv181]

It seems you are pasting the wrong referred source. It should be: https://thedefiant.io/unknown-wallet-exploit-10m

Although the amount might be small compared to its many coins' marketcap, this kind of attack vector is truly concerning if it still goes undetected. Fortunately, someone is aware something off is happening.

Anyway, the one who investigate the issue claimed that those who were affected is his friend and OGs, which he also claimed were "reasonably secure." I don't think a widespread hack attempt or phenomenon can see easily concluded by mere subjective claims of user digital securities practices. There are many variables that go into the tables when a user lost his funds. Besides, if it happens widely, the amount should be enormous. So, I'm sure to seek the root cause, more and more information is required to get to know the exploit better.

[Mr. Magkaisa]

      -  Literally, 10M$ is a lot of money. But compared to other hacks here in the crypto space, that seems small compared to others.

And ethereum was described during the time of 2013 and being launched formally after 2 years which is 2015, so there is Ethereum during these times. Ethereum is still undervalued at this time based on my knowledge.

[cryptoaddictchie]

Thats quite a figure though does these attacks have been confirm or dealt by relevant authority? How does swapping of tokens or the modus work in this case? Cause if they target eth wallet users then there must be a way on how they can do that with ease and how does users like us prevent this. Is this worst than phishing site? Cause Im sure everyone got aware of it now and must be careful in handling malicious sites. If this is new then I wanna know how.

[JeromeTash]

The article also mentions that wallets between 2014 and 2022, however, was Ethereum not created until 2015?

As far as I know the idea of Ethereum was conceived in 2013 and then somewhere in 2014 Ethereum coins went on sale (ICO)

Remember during that time people had to create wallets and addresses in order to redeem the Ethereum the bought once the network went live later on.

$10 million is very little compared to the size of the entire network. currently the capitalization of ETH exceeds $200 billion, this makes this attack only 0.005% of the network. I doubt it's detectable as the accounts are old and the size of the attack is small. I don't think it's some major system bug threatening the entire network.

Maybe the attacker is targeting specific addresses that we generated using some software back then that have that specified vulnerability he knows about. Maybe that's why the pool is small and he's taking his time.

[wheelz1200]

$10 million is very little compared to the size of the entire network. currently the capitalization of ETH exceeds $200 billion, this makes this attack only 0.005% of the network. I doubt it's detectable as the accounts are old and the size of the attack is small. I don't think it's some major system bug threatening the entire network.

Had to be one person that seen it.  Unless it was from assets that haven't moved and old coins/tokens then I guess maybe.  Just seems odd no one detected their wallet was drained since December.  I'm always checking in on mine just because of things like this.  Are people still at risk from this exploit?

[adaseb]

I have been following his thread on Twitter and it’s scary what he discovered. Apparently there were some people whose cold storage and hardware wallet funds were also drained. And he still can’t find the flaw.

Many ETH ICO tokens which were never moved were also stolen and these were OG unlike new retail users. Only thing I can think of is the last pass hack and they kept their seed hosted there. Since the hacks started around that time.

[o48o]

-cut-
Read in full https://thedefiant.io/kyberswap-elastic-bug/

OP, did you accidentally link the incorrect url? Because that seems not to be the one you are talking about.

I think you meant this one?
https://thedefiant.io/unknown-wallet-exploit-10m

$10 million is very little compared to the size of the entire network. currently the capitalization of ETH exceeds $200 billion, this makes this attack only 0.005% of the network. I doubt it's detectable as the accounts are old and the size of the attack is small. I don't think it's some major system bug threatening the entire network.

Sure, but when the reason is unknown, everyone is in danger. So it's possible that this will be far more agonizing then any dex hack. Because we know something is not safe. We just don't have any idea what it is.

[bbc.reporter]

I have been following his thread on Twitter and it’s scary what he discovered. Apparently there were some people whose cold storage and hardware wallet funds were also drained. And he still can’t find the flaw.

Many ETH ICO tokens which were never moved were also stolen and these were OG unlike new retail users. Only thing I can think of is the last pass hack and they kept their seed hosted there. Since the hacks started around that time.

If coins in hardware wallets can be stolen, might this exploit be something that can give the hacker the ability to bruteforce the seed phrases? An exploit like this that has stolen only $10 million must have been done only through bruteforcing means because it is taking much time. Unless the hacker is smart and does want to be very public on what he discovered hehe.

@o48o. Thank you, I have changed it already.

[adaseb]

You can’t brute force any seeds or private keys. You can only do that if the entropy is low which might of been created with a brain wallet but these days nobody uses those.

It would take thousands of years to find a collision with another wallet and that wallet might be empty. There is no way it’s done by brute force. I am watching the Twitter replies and hopefully they find some connection.

[inanilujimi]

I have been following his thread on Twitter and it’s scary what he discovered. Apparently there were some people whose cold storage and hardware wallet funds were also drained. And he still can’t find the flaw.

Many ETH ICO tokens which were never moved were also stolen and these were OG unlike new retail users. Only thing I can think of is the last pass hack and they kept their seed hosted there. Since the hacks started around that time.

This is very terrible, if it's like this there is no safe place to store the assets that we have.
When storing on a centralized exchange, sometimes there are also feelings of anxiety because large exchanges cannot guarantee that our assets are safe either.

[FUCKBSVFUCK]

It's a bit of a stretch to say that this exploit is not targeted at anyone, but it's been around for a while now. 
I've been looking at the blockchain for a while now and I can't find anything that could be related to this exploit. 
I'm not sure if this is a bug or a bug in the blockchain, but I can't find any information on the wallet that's been compromised.

[yazher]

I have been following his thread on Twitter and it’s scary what he discovered. Apparently there were some people whose cold storage and hardware wallet funds were also drained. And he still can’t find the flaw.
Many ETH ICO tokens which were never moved were also stolen and these were OG unlike new retail users. Only thing I can think of is the last pass hack and they kept their seed hosted there. Since the hacks started around that time.

This is very terrible, if it's like this there is no safe place to store the assets that we have.
When storing on a centralized exchange, sometimes there are also feelings of anxiety because large exchanges cannot guarantee that our assets are safe either.

I think there was an incidence where they got hacked like this before and the culprit hit the Google DNS or cookie, I'm not sure but I remember there wasn't any problem with the Ethereum network but the hackers put some malicious software into Google DNS that they were able to get the users private key and stole their ETH. it was huge because lots of people quickly withdraw their ETH and others lose their trust to invest in ETH because their funds were stolen quickly. I think they were able to fix it for about a day and they were able to find the source of that hack.

[vv181]

I think there was an incidence where they got hacked like this before and the culprit hit the Google DNS or cookie, I'm not sure but I remember there wasn't any problem with the Ethereum network but the hackers put some malicious software into Google DNS that they were able to get the users private key and stole their ETH.

The term is called DNS hijack, it did not specifically target Google DNS but the website's hosting provider. There are some platforms that experience this kind of attack, Pancakeswap is the one that I remember since it prominent platform. In short, the hacker attacks the hosting provider to change some particular site's actual server into the one they control.

~

Indeed it seems there is no recent news about this issue. As I have said, a lot of variables go into place, so to conclude the evidence of the exploit is tricky. One thing I believe for sure is that this issue is not coin-related or even EVM chains related. It must be a user-related problem.