An unidentified exploit has taken more than $10.5 million in nonfungible tokens (NFTs) and coins from experienced community members who were “reasonably secure” in a wallet-draining operation since December 2022.
MetaMask developer Taylor Monahan brought the issue to light and said that since December, more than 5,000 Ether (ETH) had been stolen. However, the developer also noted that the extent of the losses has not yet been determined. Apart from this, Monahan also highlighted that “no one knows how” the exploit works yet.
For the past 48hrs I’ve been unwinding a massive wallet draining operation
I don’t know how big it is but since Dec 2022 it’s drained 5000+ ETH and ??? in tokens / NFTs / coins across 11+ chains.
Its rekt my friends & OGs who are reasonably secure.
No one knows how. pic.twitter.com/MafntG7RkP
— Tay (@tayvano_) April 18, 2023
Monahan also warned crypto veterans that the exploit is not like the usual phishing attempts or random scammers. It does not target newbies but rather focuses on those who are at least experienced in safeguarding their digital assets.
According to the developer, some of the known commonalities about the exploit are that it targets keys that were created from 2014 to 2022 and that it targets those who are more “crypto native” — those with multiple addresses and work within the space.
Because of these, the developer advised those with their assets in a single private key to migrate their funds, split up their assets or get a hardware wallet.
Related: Hacker mints 1 quadrillion yUSDT after exploiting old Yearn.finance contract
Community member Jacky Goh commented that the unknown hack is another reminder to use a hardware wallet. Goh tweeted that if people are holding more than $1,000 for more than a week, it’s better to move it to a hardware wallet. According to the community member, this will “save you in the long run.”
Meanwhile, data published by cybersecurity and anti-virus provider Kaspersky said that it detected over 5 million crypto phishing attacks in 2022, citing a 40% year-on-year increase compared to 2021. The company only detected around 3.5 million attacks in 2021.
Magazine: US enforcement agencies are turning up the heat on crypto-related crime