A hacker has been active since as early as December 2022, capturing at least $10 million in Ethereum (ETH) from individual wallets. Experts are puzzling over the case, which has only now been made public.
Attention hacker alert: Via Twitter, crypto expert Taylor Monahan has made public a series of successful attacks on private wallets. According to her findings, at least 5,000 Ethereum (ETH) in damages have already been collected, which is equivalent to around 10 million US dollars. Monahan assumes that the hacker began his actions in December 2022. She was the founder and CEO of crypto wallet MyCrypto and now works for Metamask. What worries Monahan the most is that even after prolonged research, she is not sure how the thefts work.
Apparently, Monahan became aware of the hacks because friends were also affected. Her research had revealed that the victims mainly include crypto users who have been involved with Bitcoin and Co. for a long time and are therefore actually particularly careful with security precautions. Monahan noticed a single second commonality among the hacked wallets – they were generated in the period from 2014 to 2022. As far as she surveys the situation so far, it has to be assumed that the attacker got hold of an extensive data collection of private keys and recovery phrases. Monahan emphasizes: “The hacks cannot be limited to specific software or hardware wallets.
Meanwhile, the leading wallet provider Metamask confirmed the incidents on Twitter, but also clearly stated that they were not unique to Metamask. They are working with other crypto companies to find the source of the hacks. For now, Metamask reminds people to take the usual security measures of only keeping recovery phrase offline and storing larger amounts of bitcoin and co. on a hardware wallet. Monahan also recommends using a hardware wallet and distributing funds among different wallets as possible, as well as not leaving passwords and recovery phrase unchanged for years.
Conclusion: Series of wallet hacks should be a wake-up call
The investigation into the hacks is currently picking up steam, but it seems rather unlikely that victims will regain control of their crypto funds. This is because, as Monahan proves, the cyber-criminal works exceedingly cleverly and disguises the path of the stolen coins through multiple transactions and so-called Bitcoin mixers. For you as an investor, the incidents should be a compelling reminder to use a hardware wallet and to keep passwords and especially the recovery phrase in writing and not on your computer or smartphone.