Not your keys not your crypto, but scammers can steal from you easier – decided to get off exchanges and money gone

I have been using exchanges for a year now, but after all this craziness happening with the withdrawals, I decided to slowly start DCA-ing on Metamask, because I wanted to keep my crypto off exchanges.

I do not have my secret recovery phrase anywhere digitally, its in my house on paper and I live alone. No one could read it. I did not give away my phone to anyone not for a short amount of time when the scam happened. I was at home, no one could unlock with my Face ID.

My Metamask is connected to Plutus exchange on Brave Browser, it asks for my simple password, anytime I connect it. So that password may have been hacked, which is equivalent to my FaceID on my iPhone.

Today I logged in to see my eth, and poof its gone. It had been sent to an another address. I dont understand how this could happen? How can someone send my money to their address only with my browser login password. If someone logs in from an another device it should ask my 12 word phrase, no? I have sent the daily dca to my CDC address to see how easy it to send it. I added my CDC address just in case like in a month ago, so I dont know for new addresses is 24h required?

Thankfully “its only” a 100 euros, but thats like 2 weeks of food or my whole month’s bills where I live. I am obviously mad, how can something like this happen. Even CDC had more security with 2FA, 24h whitelisting address than the secret recovery key Metamask Wallet.

This is the scammer address btw: [

I dont know what I did wrong, I am very cautious, I am simply infuriating that I could have been like 1000 or 10 000 euros too. And a scammer could get my money with only with my Metamask login password not even my recovery phrase. Maybe not my keys not my crypto but I am definitely going back to Crypto.com.

View Source

32 thoughts on “Not your keys not your crypto, but scammers can steal from you easier – decided to get off exchanges and money gone”

  1. Metamask stores the key on the device itself.

    Its security is only as strong as the device you are running it on.

    If it is compromised by malware or hackers, they can drain the wallet.

    Following links and blindly clicking accept on metamask prompts is also a common way to get funds stolen.

    Reply
  2. Hacker seems to have sent the stolen funds to Binance (trace outgoing transactions). You can probably ask binance support to do something about it (like block their account with a slim chance of getting your funds back).

    There’s an in-between wallet but it doesn’t seem like a mixer wallet as there are too few transactions

    Hope this helps

    Reply
  3. Note that pirated software can often carry keyloggers or trojans with them. You might have by accident installed some keyloger somehow. That’s one of the common ways you might get hacked.

    Other way could also be that you opened some malicius email (a picture in email can somehow execute malicious code). The same can happen by clicking some links or downloading files from some random sites.

    I assume that your computer is compromised and that is how they got the hold of your account.

    Or maybe someone close to you might have figured out where you have your seed phrase and took a picture of it?

    Reply
  4. Why the fuck are people using browser addons for wallets? Don’t know how many times I’ve read about ppl losing coins via metamask

    Reply
  5. This may or may not have been mentioned but there was a large crypto scam recently that was very sophisticated. It targeted the Metamask app by providing versions from unofficial sites (exactly the same in appearance as metamask, but slightly different domain name ie matemask.io) and the app itself functioned identically to the original metamask, but it siphoned your keys off to a remote server. Many millions have been stolen this way, and the code is injected at runtime so even static analysis couldn’t discover the technique easily.

    Reply
  6. I never link metamask to A-N-Y-T-H-I-N-G.
    #Period!

    *but if you need to…setup a new wallet to link it only and only send to it in a needs basis, you are allowed to create unlimited wallets y not use it?*

    Reply
  7. If you use a Metamask linked with a hardware wallet then you have to have the device, enter the pin, and physically press a button every time you want to confirm a transaction.

    Nothing is fool proof but that is best practice.

    Reply
  8. Sorry to hear the bad news 🙁

    Check for malware using spybot search & destroy and malwarebytes

    Make sure you download from secure locations direct from the creators

    Good luck in future and to everyone else staying safe !

    Reply
  9. OP, Im catching this thread late, and it looks like you got some good advice, but Ive read your comments, and yo;
    You need to back out of *everything*, and start new. New OS, **new email**, new phone number auths, new 2FA. Reset your entire digital life, because they are very likely deep into your OS and email and are seeing everything you do.

    Reply
  10. Virus scan your devices.

    Get a device, maybe old phone. Set up a wallet on there. Do not use it for anything other than this wallet. Do not browse, do not message, wallet only.

    Set up a new wallet for buying on your normal device. Use this only for buying/selling. Once complete send coins to your other wallet in your old phone offline device.

    Reply
  11. >If someone logs in from an another device it should ask my 12 world phrase, no?

    Can you explain this more please OP?

    WHERE have you been prompted to enter your 12 word phrase….. The ONLY place you should EVER be entering your 12 word phrase is when SETTING UP MetaMask, TrustWallet or other self custodial wallets!

    The 12 word phrase is the MASTER KEY, it doesn’t matter what other security features you have in place…. if you have given that 12 word phrase to ANYONE (entered it somewhere when prompted) hackers can then use the 12 word phrase to spin up a duplicate copy of your wallet on their own device and then drain it at will and there is not a thing anyone can do to stop it!

    Let’s say you need a wallet for Brave browser….. Why would you use your MetaMask 12 word phrase…. When you can just create a whole new wallet with its own 12 word phrase just for Brave! Wallets are FREE! You can literally create as many as you want….. FREE! Having multiple wallets also acts as a safety barrier, if password to one is gotten in a phishing attack, then they can only access that ONE wallet!

    Reply
  12. People think crypto is free money. It’s not.

    You are using a technology that is still in the early phase of development/adoption. Loss of funds is a real risk if you don’t have a full technical understanding.

    You earn the money by educating yourself upfront.

    In this case you paid some money to learn the lesson. Thankfully it was an amount you could afford to lose.

    Invest in a hardware wallet and make sure you fully understand how to use it before you transfer funds.

    Reply
  13. This is why I use a Ledger. Except for my Google Authenticator, I have nothing on my phone concerning crypto.

    Reply
  14. IMO, this is why crypto will never become mainstream you have to be a Ph.D level computer engineer to not get screwed over it seems. Listen, I know what you’re going to say all you need is a hardware wallet (which I have) and keep your seed phrase safe (which I do) but every story like this just makes it seems like there is so many ways to lose your money. You guys love crypto and are still getting robbed left and right. How is my 58yr old aunt supposed to be an adopter. I never worry about my bank accounts I constantly worry about the exchanges I buy crypto on and the crypto itself being lost or me dying and my wife not being able to get to it or her asking the wrong person for help etc. this just feel very unlikely to ever be used as currency. To buy some drugs or guns I can see it. To buy food and gas. I just don’t think that will happen on any large scale.

    Reply
  15. Dude said he’s been using exchanges for years and he leaked his metamask password AND his 2FA system was hijacked lmao you need understand basic security before you even touch crypto sir.

    I believe this is why the greatest times for crypto are still ahead of us. The people that are really gonna push it are still in middle/high school. Everyone with money right now, is too old or technologically illiterate

    Reply
  16. People spamming “get your coins of the exchanges”, but don’t realize 90% of this sub probably isn’t capable of securely handling their own wallet. Yet another buzzword of advice that is easy to remember and spam, but sadly nobody ever mentions the downsides. Typical of this sub.

    Reply
  17. TLDR – The first 5 lines can tell us exactly your mistake. Didn’t even need to read the rest.

    1. You used MetaMask instead of a cold wallet like a Ledger

    2. You connected your hot wallet to a browser extension – when it should be completely kept offline (which is not something a hot wallet is capable of doing)

    3. You linked your wallet to an electronic device (iPhone) – another no no

    “Not your keys not your crypto” relates to cold storage. Any other type of wallet is no better than the exchange

    Sorry for your loss tho bruv.

    Reply
  18. A Ledger is worth the price. It can’t be hacked unless you’re dumb enough to write your recovery phrase in a digital device or literally give it to a scammer. If you’re gonna be cheap about storing your keys then don’t be surprised if they are easily compromised.

    Reply
  19. I honestly don’t trust my ability to protect my coins. I’m probably way better off being on Binance. If Binance collapses we won’t have to worry about our coins anyway because they won’t be worth much.

    Reply
  20. So many of these posts lol. Your money won’t just go “poof”. Tell the whole story or don’t tell it at all.

    Reply
  21. I have a physical wallet and I don’t feel comfortable at all. I have very bad memory. What could happen if I forget were is the seed phrase? What if someone finds it? What if nobody finds it after I’m dead?

    I’m terrified of thinking my wallet is lost/stolen and I don’t know how to restore it. I can’t write down where it’s the seed, or it would be a security risk. If it isn’t very difficult, someone could find, if it’s very difficult, I could forget. If I give it to my father to lock it in a safebox… then the safebox could be stolen.

    In every scenario something could fail. I don’t believe the future is everybody having on custody your life savings, just one mistake away from total disaster.

    ​

    I invest in crypto because I believe it could play a significant role in certain financial niche markets where it could move huge amounts of money. But the personal financial freedom is bullshit. It isn’t going to happen at mass scale. Most people would be very vulnerable. Even if some criminal know you have crypto, you could become an easy target. I don’t understand people who believe that this is really a vector of growth, that they don’t want banks in their lives. WTF? Using my bank from my app with 0 commissions and being insured, is the best thing ever.

    Reply
  22. Me here with my Trust Wallet seed saved on my PC and email plain text on a Word file from a pirated copy of Office. Trust Wallet connected to all kinds of dapps and many shitcoins traded. A year later my wallet is still there. I don’t understand where are people sticking their dicks in.

    Reply
  23. Security begins and end on the person that is using the device.

    You need to storage things well and then be cautions about where you go, where you click.

    Reply
  24. Hackers have remote control of your computer. If you ever get a significant amount of crypto you should get a hardware wallet. This way, your seed private key never touched a hackable device like your pc

    Reply

Leave a Comment