This one is wild. One of my readers reached out to me to share this. Here is a report of what happened and what you have to watch out for so that the same thing doesn’t happen to you.
To preserve her anonymity, I use a different name. With the exception of a few details, I am reporting the facts as they actually happened.
All it took was one fake smart contract to get Janice in a world of trouble.
“I was distracted and pressed OK without properly checking. And that’s how the hacker got in.”
Janice lives in the United States and started putting a part of her money into Crypto when the technology took off a couple of years ago.
To store and keep track of her assets, she used various tools such as Zapper, Rainbow, Gemini, and Gnosis Safe. Janice would let things run on autopilot for most of the time. “I left my Bitcoins and other Cryptos untouched. In March 2022 was the last time I popped in to check things and that was it.” Because she had invested a lot, Janice received a lot of payouts and the various platforms would send her notifications to keep her updated.
And that was where the problems started.
One of the messages Janice received was fake and was linked to a malicious contract. Without her noticing what was going on, a hacker used this access control exploit to get access to several of her wallets, and started draining them.
“Every day the hacker would take the payouts I received and use some fake ERC721 contracts to put them in pools. There he used the money to scam others by minting sketchy NFTs and buying ENS-Domains.”
Because she had left her coins untouched for the most part, all of this was going on unnoticed by Janice for a long time. Until she realized that something was fishy when various Crypto platforms started to message her.
“Once I realized what was happening, I scrambled to get things back under control. I contacted all these platforms to freeze everything. Luckily, my main holdings are not affected but it still hurts to see that person steal a part of my money and use it to scam other people.”
What made the whole process more difficult to handle was the fact that Janice owned tons of different Cryptocurrencies. This made it harder to pinpoint where the problem was.
But there is more.
How did the hacker know about Janice’s holdings in the first place?
For Janice, it looks like an inside job. “Nobody knew about my Crypto holdings. I always kept a very low profile. The only ones who knew where these platforms.” Janice believes that someone working for one of the portfolio platforms and exchanges she has been using managed to plant the fake smart contract shortly after she deposited her funds.
In hindsight, leaving all her assets on different platforms was a big mistake. Not only did this give the hacker access. Due to the following freeze of all her wallets, Janice can’t access a part of her funds.
Now she has to prove that she is the rightful owner. Fortunately, Janice is a hoarder of data. She kept all the exchange logs, bank statements, tax protocols, and more. So chances are looking good.
But still, to sort things out takes a lot of time. Time which the hacker uses to steal more money from her.
“I haven’t slept much the last few nights. Putting this all back together is very exhausting and it makes me so angry.”
But Janice also takes the incident as an opportunity to learn from it — in the future she will keep my assets on hardware wallets.