Hacker Drained OG MetaMask Addresses Of $10.4 Million In ETH Since December 2022

Summary:

• OG MetaMask addresses have lost over 5000 ETH in assets, NFTs, and tokens since December 2022, MetaMask developer Tay Vano said on Twitter.
• The hackers drained wallets across 11 chains, swapping other cryptos for Bitcoin and Ether before moving the funds to a centralized swapper.
• Tay Vano said the exploiter most likely laid hands on a cache of private keys generated between 2014-2022.

An unknown hacker has drained cryptocurrencies from OG MetaMask wallet addresses since December 2022, blockchain developer Tay Vano said on Twitter.

According to the MetaMask builder, the hacker drained over 5000 ETH in tokens and NFTs from addresses across 11 chains. The loot amounts to over $10 million in Ether at current prices. ETH traded above $2100 on Tuesday following the Shapella upgrade that rolled out on April 12.

https://twitter.com/tayvano_/status/1648187031468781568?ref_src=twsrc%5Etfw” rel=”nofollow noopener

MetaMask OGs Rekt

According to Tay Vano’s Twitter thread, the wallets that suffered theft shared some commonalities. For starters, they all belong to MM OGs and not ‘noobs’, a term used to refer to new crypto users. Also, all the drained wallets generated their private keys or seed phrases sometime between 2014 and 2022.

The stolen assets are swapped to ETH using MetaMask’s in-built swap function before draining the wallet of the crypto. Notably, this only happens when the target address holds a smaller value and a basket of tokens.

https://twitter.com/tayvano_/status/1648187034807439360?ref_src=twsrc%5Etfw” rel=”nofollow noopener

Vano said that the hacker ultimately converts tokens to Bitcoin (BTC) before moving the funds to a centralized swapping platform like FixedFloat, SimpleSwap, SideShift, ChangeNOW, or LetsExchange. The unknown attacker also leverages digital asset tumblers like CryptoMixer.

High-Level Theft

Vano theorized that the attacker holds a “fatty cache” of data that allows them to methodically steal assets. The MM developer stressed that the source of the compromise is unclear, even after several wallets and devices were analyzed.

It remains to be seen how or if affected MetaMask users can recover their assets or guard against the ongoing exploit.

https://twitter.com/tayvano_/status/1648187038292918272?ref_src=twsrc%5Etfw” rel=”nofollow noopener