I'm writing here because something happend which no one can explain. I want to post this online and maybe find answers, maybe others that happened the same. I'm forced to deal with a situation I never wish anyone to deal with. I need to tell you guys at first that you have to believe me about the details I say and about me. I dont want to cover anything or make up a story.
I have IT background. I worked as an admin and I have somewhat clue about how to treat internet stuff. I'm normally the one telling others to tighten up security and check internet behaviour. I have a good running business which involves a lot cryptos.
At the 12th of September evening asia time I logged into my myetherwallet account to check the balance of my USDT and saw that my whole account was cleared. From 3 different adresses that belong to me, everything gone. Everything has been withdrawn to this adress:
0xe80196d56ab6158b6dbfe6df5a143e04419fecb4
From most valueable to some smaller coins, at least eth so everything had gas. It can be seen in the chain explorer.
I didn't log into my MEW account for more than one and a half day. I only sent some USDT from binance to my MEW at the 12th lunch or so. The whole day at the 12th I was connected to my trezor 1 and doing btc business via chrome and had the tab still open to my wallet. When I connect to my trezor I need 6 digit pin. For MEW I dont use any addon, only the URL and then follow usual steps login to trezor with the pin and export key.
I treat my laptop correct. I dont open spammails, I dont surf on shitty sites nor watch porn with it. Its my working laptop and I have a high responsebility about what I do and I'm aware of it. I use another zonealarm firewall, avira antivir, malwarebytes, realtime protection enabled. Have ublock origin as addon.
I scanned my laptop with all updated tools and even downloaded more. No virus, trojan, not even harmful malware was found.
No comes the part where I'm lucky that my best friends trust in me. WHILE the funds where withdrawn, I was standing infront of the computer and chatting with a customer on skype. The whole time. I checked all time stemps if MEW maybe has a different server time or so, I was standing infront of my computer. logged into my btc wallet, not into my MEW wallet and I didnt confirm any transactions for the USDT and Ethereum stuff.
How can this be. Thats whats everyone asks. I realised that If I log into my MEW account and then enter the btc part later and the browser is still open with another page, that I dont need a pin to access my BTC wallet. The otherway around from BTC to MEW I have to type in the pin, chose the wallet etc etc
Of course me and my friends we spoke about all scenarios. Here in my room, no one was alone with my laptop. I checked the antivir part if maybe stuff is installed and hidden in the settings to not scan it, and it wasnt.
Which things happened, I changed, I never did before, that maybe let to an security breach. I had to use a few times Teamviewer last days to acces and install stuff for customers. But this should only work in one direction and I was always using a VPN when connecting and the last time was 2 days before the accounts where emptied.
The most curious part happened a few days before the “hack”. Before a few days 6th of september I was in vietnam. I stayed in a hotel and had to send some funds to a customer from MEW. I was connected to my VPN but in the hotel Wifi. Something unusal happened. I wanted to send funds and the process circled around 30 min then broke up. We thought its the network having probs. The ETH network. I copied all details again and sent the funds to my customer. And It sent the money TWICE. At the same time. But I show you screens how the first one failed. It send 8k at once, so 2 times same time 4k but I only wanted to send 4k.
https://s17.directupload.net/images/190919/7jvjj5b7.jpghttps://s17.directupload.net/images/190919/v7rl546m.jpgNone of the scenarios we think about makes sense. If my computer has been compromised, why sending the headfuck ETH stuff where you normally have to click a million times to get the transaction done. Why not sending the BTCs where the tab was open. Why not sending everything.
In my position from my friends, everyone knows I wouldnt do it. It doesn’t even make sense because we’re going to invest the most share of it and its way more valuable there. I am trustful and loyal. There was money from one of my best friends as well involved. Everyone we ask says, it's not possible. But then how. I was here in front of my laptop not clicking anything to accept a transaction. I wasnt even logged into MEW. The times of the btc transactions and the ETH later are different. ETH was way later. I was thinking if maybe a script can use my accept on the hardware wallet to send something else as well. But theres 1.5h inbetween when sending my latest btc transaction and when ETH stuff was sent.
Can a sniffer in a hotel room read data from MEW? Is it possible to clone and hack when I login to MEW and get my seeds, not even I have ever seen from the ETH part. Is MEW saving data which they shouldn't. what definitely happened is, there have been transactions from my Trezor (if it really happened from my trezor) whithout the need of me to accept it. Can a tool when the 30 mins failed transaction was going on and failing encrypting a key or getting information about it which they can encrypt later? I realized that after I setup new windows on the laptop to clear out if the computer is a tunnel and then connecting to MEW that one step came I didn’t have to do before. That “allow MEW to read public key on trezor [] remember the device checkbox wasn’t there before but now back again. If this option is enabled. What infos are gonna stored where?
Of course we searched for similar stories. If someone has this hacking skills there might be more people involved. We can't find anything which is obvlsy not looking good for me.
Do you guys know any about this? What was that perfect with me that this could happen. Why aren't others posting about lost funds on ETH without a third party involved or someone who gave away logins or seeds or whatever, so the obvious scam reasons. I feel horrible. Something I cant explain happened. I don’t see that some pishing site got the infos and I anyway check the wallet address again when doing transactions on my trezor. And even then coming back to that transactions happened without me accepting it on the trezor and the btc part wasnt gone, only MEW ETH things. I had a long discussion with a high talented crypto guy and whale and programmer whos long in the scene.
Parts of the conversation where like this:
Me, [17.09.19 22:36]
Can you describe how the process maybe went after getting my key after whatever Method?
Him, [17.09.19 22:39]
One possibility is that they derived your private key through the data they gathered on mew
Him, [17.09.19 22:39]
It shouldn’t be able to
Him, [17.09.19 22:40]
But if so. It’s a flaw that trezor should be aware of
Me, [17.09.19 22:40]
But somehow it seems possible?
Him, [17.09.19 23:04]
I don’t think you exported your private key
Him, [17.09.19 23:05]
Either (A) mew allowed your private key to be exported. Or.
Him, [17.09.19 23:06]
(B) by allowing mew to keep reading your public key, they could have repeatedly asked for all your pub key addresses derived from your master key.
Him, [17.09.19 23:07]
And perhaps that allows for a weakness for them to work out your eth key
Me, [17.09.19 23:13]
Yes this was where I was searching for unusual things. Which happened in the hotel in Vietnam
Me, [17.09.19 23:13]
But that was my transaction to a customer
Me, [17.09.19 23:13]
It was processing 32 min
Me, [17.09.19 23:13]
Then broke up
Me, [17.09.19 23:13]
Next time I sent money it sent both same time
Me, [17.09.19 23:13]
The Customer sent me 4k usdt back cause he recieved 8
Me, [17.09.19 23:14]
And I was like: WHAT. THE. FUCK.
Him, [17.09.19 23:18]
I suspect something might have happened then... the hacker was just waiting for you to log in again
Me, [17.09.19 23:43]
Just one thing. All others say after the story, a transfer from a coldwallet without accepting the transactions is not possible. And you say it is right?
Me, [17.09.19 23:44]
With the idea of, they key got stolen, cloned etc
Me, [17.09.19 23:45]
That the transactions have been made from our wallet without me accepting it on the trezor
Him, [17.09.19 23:46]
By design it shouldn’t be possible
Him, [17.09.19 23:47]
It’s highly unlikely
Him, [17.09.19 23:47]
And if that is the case. They would have taken your BTC first
Me, [17.09.19 23:49]
So conclusion?
Me, [17.09.19 23:49]
It’s more likely that they somehow extracted the eth private key
Me, [17.09.19 23:49]
Yes, thx.
Topic: Myetherwallet got hacked/ Keys stolen/extracted (Read 182 times)