Home » Hack: since December, mysterious cryptocurrency thefts have been affecting users’ wallets

Hack: since December, mysterious cryptocurrency thefts have been affecting users’ wallets

by Thomas

This week, Taylor Monahan published an analysis in which she identified thefts from numerous cryptocurrency wallets on 11 different blockchains, without being able to define the cause. What do we know about these curious hacks

Multiple thefts affect cryptocurrency wallets

This week, MyCrypto founder and CEO Taylor Monahan published her on-chain analysis showing that since last December, the equivalent of 5,000 ETH has been drained from a multitude of wallets on 11 different blockchains.

What is interesting is that from the analysis, it seems difficult to establish commonalities between the victims, but many similarities have been discovered in the modus operandi.

The impacted portfolios were created between 2014 and last December:

The exploited flaw has not yet been discovered, but a worst-case scenario where the flaw is related to the encryption of private keys is ruled out. Indeed, if a hacker managed to carry out such an exploit, the damage would be much greater.

According to the analyses, the majority of these thefts take place between 10 a.m. and 4 p.m. UTC for the main assets, while the smaller sums are generally siphoned off between 4 p.m. and 10 p.m. UTC. Moreover, a large proportion of these thefts are said to take place at weekends:

It is also interesting to note that sometimes assets are sent from one victim’s address to another, in order to consolidate the loot. For example, funds stolen from victim A are sent to victim B, whose funds and those of A are sent to a victim C.

In addition, the attacker would keep things simple, often leaving out NFTs or open positions in any decentralised finance (DeFi) protocols. However, there have been instances where the attacker will revert to an address previously visited.

How to protect yourself from such an attack

In theory, this type of theft mainly concerns hot wallets such as MetaMask, xDeFi or Rabby, but it is important to note that none of them seem to be specifically targeted.

In truth, it is the way in which the wallet’s private key is stored that will be decisive. As hot wallets store the private key in a file hosted on the user’s machine, they are easier targets. However, if the seed phrase of a hardware wallet is stored in a text file on the user’s computer, it is no less vulnerable.

In general, it is therefore prudent to diversify the locations of one’s funds, so that the addresses where they are located do not depend on a single seed phrase. In addition, it may be wise to regularly move assets to addresses created from new seed phrases in case the last one is compromised.

Furthermore, while the most prudent course of action is to use hardwares wallets, seed phrases should never be saved on a machine with Internet access.

While we await further information on this wave of account siphoning, it is advisable to limit the amount of funds stored in hot wallets as much as possible, while renewing them at regular intervals.
*** Translated with www.DeepL.com/Translator (free version) ***

Related Posts

Leave a Comment