Yesterday, Taylor Monahan, founder of Ethereum wallet manager MyCrypto, shared information about recent hacks committed by a mysterious attacker since December that resulted in the loss of more than 5,000 ETH worth over $10.3 billion at press time. What is unusual about these hacks is that they target so-called OGs or Original Gangsters, the early adopters and creators of the first blockchain networks.
Monahan emphasized that the attacks are not being carried out by "a low-brow phishing site or random scammer." Rather, the victims are "reasonably secure" crypto users who are "more crypto native than most," have multiple addresses, are engaged in development work for blockchain networks, or are involved in other more advanced interactions with this technology. Moreover, unlike a popular belief in the crypto community, the attacks are not specific to certain wallets and virtually anyone can lose money, including users of hardware wallets and those generated for Ethereum pre-sales.
Read also: Hundred Finance offers a $500,000 reward for information about Optimism hacker
Monahan suspects that the attacker may have acquired a large data cache nearly a year ago that allowed this person to access and steal funds.
The founder of MyCrypto also provided more details on the hacker's behavior, noting that "the theft and post-theft on-chain movement is very distinct." It appears that the hacker prefers certain hours for primary and secondary thefts.
"Except when stealing large amounts, the attacker will swap your tokens for ETH inside your wallet before sending the ETH out. They will use MM swaps, Uniswap, or 0x (esp. recently via the 0x, labeled as "0x: Exchange Proxy Flash Wallet")," Monahan said, adding that the attacker does not seem interested in NFTs, staked positions, or lesser-known tokens. She also explained that the attacker bridges smaller amounts of assets from one address of the same victim to another, or even transfers them from one victim to another, before collecting a sufficient amount of ETH tokens on the same address and then moving them out.
Read also: Ethereum Price Prediction 2023. Should I buy ETH?
"This means it may look like a random ENS-named person sent 0.0X ETH for gas and then stole all your funds. Or that your wallet was drained to an ENS-named account. The random ENS name is NOT your attacker - it's another victim," Monahan warns that such a practice can confuse crypto users who might mistake another victim for the hacker.
The attacker's preferred methods of asset payout are FixedFloat, SideShift, SimpleSwap, ChangeNOW, 0xca60, LetsExchange, and RenBridge.
Since cybersecurity specialists still have not found a solution to the unknown hacker's attacks, crypto users are encouraged to split digital assets and not keep all assets protected by the same secret phrase or single key for extended periods of time.
The MyCrypto founder's tweets have received many responses from crypto users whose wallets have been exploited. For example, Twitter user Seskahin stated that two of their MetaMask wallets were exploited in the exact way Monahan described.
Read also: Aave and Yearn Finance hacked for over $10 million in stablecoins
Needless to say, desperate crypto wallet users are trying to find the culprit for the exploits, sharing various theories with each other. Some of them believe that there is a whole group of malicious actors who are also involved in creating fake metaverse projects with game launchers that allow hackers to remotely use victims' devices and empty their wallets. Others suspect that some sort of artificial intelligence is involved in the recent exploits. Another possible explanation given by Twitter users was that the hacker can monitor victims' actions through a special browser extension that allows obtaining private keys and other data required by crypto wallets.
On top of that, Twitter users warnRead also: Aave and Yearn Finance hacked for over $10 million in stablecoins against relying on password managers for storing wallet passwords, pointing to recent hacks of popular applications like LastPass.