Categories
Crypto
How I lost $24.389,51 And Much More Due To A Hack For Not Following My Gut

Hello, as some you may already know, last week on 12/08/2024 I got my hot wallets compromised by a Trojan.

Before starting, I ask for your respect since my mental health is in a really volatile state.

What I hope to achieve with this post is to move on, clarify what happened (as far as I understood) and also be an example for other people so everybody can learn about this traumatic event.

Who is Kirtash93?

As you may or not know, I have been contributing to a wide range of Reddit Crypto Communities like r/cryptocurrency, r/ethtrader, r/coneheads, etc. for a long time. Some of them since 2021 and others since 2023. During that time, I achieved to accumulate 149,743.212 MOON and 604,761 DONUT. Recently I started a journey as Reddit Community Avatars artist creating my own NFT avatars for Reddit Shop.

10/08/2024: Preamble

That Saturday, a Telegram account with special membership contacted me and started talking about my NFTs, etc. After some chat he talked me about a project he was working on and telling me that they were recruiting NFT creators. I was quite hesitant during that time but I dont know why on Sunday I decided to change my mind and try it. To know how kind of art I needed to create he suggested me to download the game and play it a bit.

This was the game (DO NOT DOWNLOAD IT)

https://preview.redd.it/9rcxunj2fkjd1.jpg?width=1080&format=pjpg&auto=webp&s=d79db103bf8281af654ceba112f110c27bba88be

12/08/2024:The Beginning of my Worst Nightmare

That Monday I decided to wake up and start looking into this because I was on my real life job vacations for a week. So I decided to download the application, I got zero warnings from my Windows Defender and decided to install it.

During the installation which didn’t took so long I noticed something was off due to a different layer colors or something so I quickly decided to uninstall it and check my computer with Malwarebytes which detected that the file was a Trojan. I quickly sent it to quarantine and removed it. After deleting the Trojan I decided to wipe all my computer.

Hell

Just in that moment, I saw a notification in my phone that my Coinbase wallet SOL was moved. In this moment anxiety went to the roof, I couldn’t almost think or breathe but I managed to keep trying as fast as I could and my laptop could. I was literally freaking out.

During my slow laptop configuration the hacker achieved to steal my Google Account and transfer my funds on hot wallets like MetaMask, Coinbase Wallet and Keplr.

Wallet App Holdings Addresss Stolen Transaction
Coinbase Wallet SOL 7UMYn2dHhGssAx4PE785dmUDu2YjGgwr6CfkKQcmpBMo 15.997236308 SOL ($2334.40) https://explorer.solana.com/tx/2Spn5RL7Xyh8jsz4HTvXn8NBdcV8kHkzRub1euaoFxSiTzGZon4yP8X9wDbzsx1zsgQ3CkvgpqhHWLYGQFNSGZVh
MetaMask – Reddit Vault MOON 0xB193C520eCc00a3366Ced62A464f26c48e2084C1 149,743.212 MOON ($16,549.17) https://nova.arbiscan.io/tx/0x1cfa65c6a6f4b4f259e9f66f57ef0d2b234bc11fa70a1af8c867d75c8e1e6448
MetaMask -DONUT wallet DONUT 0xa51731189c99832A2ba2f28C6c2dc1Db451F3a2e 604,761.030696499233423009 DONUT ($3,765.19) https://www.arbiscan.io/tx/0x8c37d761f664b384229e9d21fe9948091e03bfc70e41075716442f4826fc95e3
Keplr ATOM cosmos1vvhrwp8j54t6ns6lejtvktcda872e34nwzwxsn 245 ATOM ($1691) https://www.mintscan.io/stride/tx/F0180D773833BF924486E18A4322BA03F4B4D23935EAA57C6A2B59A27670EC51
Coinbase Wallet BASE 0x30aEE49cB23c747bDd269e3aCA2a3dB032F38f5c 0.018956861863687544 ETH ($49.75) https://basescan.org/tx/0xaa724df3ae6a5469cfb82ea6b7ecf5585148c44ab994042eb0b7477fe632ce8

Total: $24.389,51

During all the hack process, some users in r/cc Telegram helped me a lot following the hacker transactions to two different CEXs, ByBit and Gate.io.

Exchange Transaction
ByBit https://etherscan.io/tx/0xadc31a9234e4520984de2f4e4e3860f07f23a791e95b7a69e4c8d75bf5090ab8
Gate.io https://etherscan.io/tx/0xecafd1a5eba6195491d9c774ac6268f200e0affecb44f2fadcdc8d5479d02525

I have contacted both exchanges myself but I wont reveal more information about it.

After I collected all this information and still with panic attacks and in shock I decided to go to the police to fill a complaint about what happened so they can investigate it deeper.

In parallel to this process, I tried to recover my Google account with all the 2FA existing methods but it was impossible due to a really bad Google Customer Support (non existent) and because the hacker achieved to make Google believe that he was me. I contacted also multiple customers supports, all of them better than Google ones and I have been slowly recovering all my accounts (It took a week… and still waiting for some).

13/08/2024: Second police complaint

I filled another complaint in another type of police with the same information.

Advice: When filling a complaint, write everything that happened in a file or paper with as much as details and crypto terms as possible because the person that will attend you will know shit about fuck and it will be hard to fill a good report that the specialist will understand easier.

13/08/2024 -16/08/2024: Accounts recoveries and security increase

First of all, I have to say that I use Bitwarden as password manager and I believe he didn’t got access to it. However I decided to reset everything from scratch and start using those unique generated passwords.

During this week, I have been recovering my accounts everywhere (a pain in the ass to demonstrate that the account belongs to you) and refreshing my password security measures.

Furthermore, I decided to use only crypto in my not personal laptop that will only have access to Internet when I really need it.

16/08/2024 – Cockroaches Everywhere

Some of you will think that after losing a lot and being hacked life will give you a break, well, you are wrong.

Some days after I got hacked a good exRedditor zoomer made and shared an analysis about the hack in Twitter. You can read it here (https://x.com/ZoomerXBT/status/1823438152394055994), I really suggest you to do it.

Well, after that post and saying it was me some accounts, suggested me to contact a crypto recovery expert. At that moment I was bored so I decided to play along. Well as you can imagine in less than 30 minutes they recovered all my coins /S

Anyway, something funny I noticed during that joke and make them lose time process is that even thought I was 100% sure that they were trying to scam me, my brain was intrusively sending me thoughts about “What if you dont know enough about crypto and they can?”. Crazy right? Well, just a hint. If they could, whole crypto would worth 0 xD

Personal Opinions and Feelings

Hack

Regarding the hack, as you may imagine, I have been trying to understand everything but I still dont know how he managed to get each of the passwords because my wallets app were closed. Those passwords had a pattern but they were different so somehow he managed to get one and deducted the rest. I still don’t know how because as far as I know I didn’t have any of them saved in the browser or in the computer. Big mystery that I will never know and that I am trying to not think about for my own mental health.

Feelings

I don’t know from where start. I cant barely remember the hack day and the following days. I have been in a roller coaster of emotions that I wouldn’t wish even to my worst enemy. I tried to analyze multiple times my own feelings, why and categorize them and this is what I take in clear from it:

  • Insecurity and fear: After losing my Google account, crypto, etc. I feel insanely insecure and with a lot of fear. Whatever delayed email notification about configuration changes triggers my anxiety to the roof.
  • FOMO: I feel that I have lost my one in a life time opportunity that I had in my own hands, so close, but now so far. My brain still sends me signals to degen into it, this is where FOMO comes in.
  • Zombie: The whole week I have been feeling like a zombie, wondering, trying to find out what to do next. Still trying to find out my next roadmap but already being built.
  • [Insert whatever bad feeling comes to your mind]

Regarding my current state, well, I have developed some sort of PTSD that I am working on and will work with my psychologist. Now I am stable most of the times but I suddenly cry with no apparent reason and also sometimes some words or things triggers my feelings regarding the hack too. Can’t say much, first time experiencing something that is pushing me out of my known limits.

Advice

  • Use a password manager like Bitwarden and use one different password per site.
  • Dont use the Sign in with Google feature in some sites. Depending how they are developed you will have no way to recover that account because you have no access due to no password.
  • Enable every 2FA measures as possible.
  • Have emails for everything. Some only for CEXs, others for social, other for shops, etc. I also suggest having a recovery Google account for example that will only get recovery emails and also be linked to other Google Drive for example. I say this because I have lost some important data but if you share all those files with other account you still have access and download it in case someone really steals your Google account.
  • Configure a device for only crypto use and never use crypto in your personal devices. Maybe only with another layer of hot wallets.
  • Ask for help, before it is too late.

Acknowledgments

I have to thank all those people who have helped me both to gather information and to try to encourage me. We all know that words can’t help and fix much but just the gesture of checking on someone if he is doing fine after a really traumatic event can really help. Every “penny” counts right?

For this reason again, I have to thank you all, you helped me to stay above the water and I will always be grateful for it.

Thanks again, Kirt.

submitted by /u/kirtash93
[link] [comments]

Join The SmashBotAI Telegram Community Now! Get trade alerts, smashable token trade ideas, and more!

https://t.me/smashbotcommunity

Start Trading Now:

SmashBotAI Telegram Bot

Claim Your $SMASH Airdrop Now!

Leave a Reply

Your email address will not be published. Required fields are marked *