Unexplained asset outflow from cryptocurrency wallet, total damage estimated at 1.3 billion yen (5,000 ETH)

Big Ethereum Investor Targeted

It seems that the wallets of users who have many years of crypto asset (virtual currency) investment experience and who own a large amount of Ethereum (ETH) have been targeted for unauthorized outflow damage due to hacking.

Taylor Monahan, the founder of wallet software MyCrypto, tweeted on the 18th that a total of more than 5,000 ETH (approximately 1.3 billion yen) was illegally leaked from large wallets after December 2022.

The damage spanned more than 11 types of chains, and not only ETH but also multiple tokens and NFTs (non-fungible tokens) were stolen. The affected wallets were created between 2014 and 2022, including a friend of Tay’s and an OG (original gangster) wallet that has contributed to the Ethereum project since its early days. It is said that there is

The method of attack is unknown, but no record of the use of common tactics such as phishing sites has been detected in the history on the blockchain. Tay emphasizes the importance of information sharing to solve this problem.

To be completely clear: this is NOT a MM-specific exploit.

Users of *all* wallets, even those created on a hardware wallet or generated for the Ethereum presale, have been impacted by this.

This source of this exploit is unidentified, and I’m trying to identify it.

— Tay (@tayvano_) April 18, 2023

Tay also said the attackers are using Metamask to steal assets. However, he emphasized that the target is not limited to Metamask, and that other wallets are also affected.

Hardware wallets and Ethereum pre-sale wallets were also affected. Tay cautions against keeping all assets in one wallet address.

connection:U.S. authorities seize 6.2 billion yen worth of Bitcoin, shut down virtual currency mixer “ChipMixer”

Common points of attack methods

A common feature of these attacks is that attackers tend to exchange tokens for ETH in the victim’s wallet and then send ETH. The stolen assets are eventually exchanged for bitcoins and sent to a “mixer” that combines multiple transaction data to hide the traces.

In addition, attackers tend to try to erase their tracks by somehow accessing the victim’s wallet and passing ETH through other victims’ wallets. Victims’ wallets are often set with ENS (Ethereum Name Service) names, and in the transaction history, it seems that a small amount of ETH was sent from a random ENS as a gas fee, and then the assets were stolen.

We’ve had a number of contacts reach out wanting to know if they are at risk from the wallet draining activity reported by @tayvano_ – Below is our perspective, stepping through the risk factors.https://t.co/LSf8ZLHKg3

—Everlasting.io (@everlasting_io) April 20, 2023

Everlasting, which provides wallet security services, recommends using a multi-signature wallet called “Safe” to improve the safety of assets. Developed by the Web3 project Gnosis, Safe requires multiple private keys, and it is claimed that a single compromise of the cryptographic key will not result in the theft of assets.

Everlasting also said that in general, the wallets and systems in which private keys have been used in the past determine the user’s risk. It points out that using the same private key on multiple wallets and devices may weaken security and increase risk.

connection:SushiSwap reports on the latest situation such as countermeasures against hacking damage

The post Unexplained asset outflow from cryptocurrency wallet, total damage estimated at 1.3 billion yen (5,000 ETH) appeared first on Our Bitcoin News.