QuarkMing202

QuarkMing202

区块链科普,加密投研,零撸。微信:BQ221859,微博:QuarkMing202,推特:QuarkMing202

The Encrypted Dark Jungle: A Real Account of Losing 10,000 USD

A veteran Web3 user shared their experience of losing over $10,000 due to a complex phishing scam, revealing the continuously evolving tactics of cybercriminals. This article details the incident, analyzes recent industry security events, and provides practical advice for protecting cryptocurrency assets.

2dfdda50-69e2-4053-b040-5ddfff6b05b2
I fell for it again, and this time it was a big one; five wallets were completely drained, worth over $10,000. Let me share my theft experience to give everyone a warning.

On February 12, a fan privately messaged me claiming to be a staff member of a certain project, wanting me to be their KOL. On February 13, after adding contact information and a brief introduction, they sent me their project details. I checked their official website and the price of their token, and thought it looked good. Later, they said they needed to explain the cooperation model from the market and finance side, gave me a Zoom meeting link, and suggested I log in from a computer for easier viewing of the presentation. I opened the link, and it was indeed a Zoom meeting link, which then automatically downloaded an installation package. I tried to install it but was unsuccessful. I told them I couldn't install it, and they told me to try again, saying their staff would be in the room for the next three hours.

Yes, they were indeed in the room, but not in a meeting; they were stealing. It took me a few days to realize this. We ended the call at 5:58 PM, and afterward, my computer was hacked. They took control of my computer, and my wallets started transferring funds wildly. I had five plugin wallets used for project interactions and recording courses; although they didn't contain core assets, their total value certainly exceeded $10,000.

After hearing this, everyone might think I'm too foolish, but in reality, I was quite cautious. As a veteran with six to seven years of experience, I've encountered almost every pitfall in Web3: phishing websites, malicious authorizations, multi-signature wallet scams, airdrop link scams, etc. It's truly hard to guard against. Especially now, scams are not just technical deceptions but also incorporate psychology and social engineering. For example, in the Bybit theft incident on February 21, without social engineering tactics, how could internal personnel be induced to sign off on malicious transactions, leading to the alteration of the cold wallet's smart contract logic and the theft of $1.46 billion, making it the largest theft incident in the crypto space to date?

I shared the news of my theft in our research group, and some colleagues working at exchanges had similar experiences. Some employees, tempted by high-paying job offers from hackers, added the other party on Telegram and unwittingly downloaded phishing software, resulting in their computers being attacked by hackers. Although it didn't cause actual losses, they were still dismissed. Another employee, due to following a certain KOL on Twitter, had hackers use that KOL's avatar, nickname, and username to post phishing links under tweets. When that employee clicked the phishing link, they were warned that their Telegram version had issues, leading them to download malicious software. After the malicious program ran, their computer was scanned, and wallets, passwords, browser passwords, cookies, plugin information, and some local files were stolen.

From February 17 to February 23, there were 24 recorded industry-related security incidents, with a known total loss amount of approximately $1.839 billion, with Bybit accounting for the largest loss of $1.46 billion. The commonality among these incidents is the high concealment of hacker organizations, their clear targets, and their long-term infiltration, making defense extremely difficult. Hacker organizations often disguise themselves as recruiting HR, project partners, or part-time publishers on social media platforms like LinkedIn, Telegram, and Twitter to lure victims with benefits, sending fake meeting links, code projects, debugging documents, etc. Recently, fake meeting links have surged, prompting victims to install malicious programs or run malicious commands under the pretext of needing camera or microphone permissions or application errors. This allows them to gain access to victims' terminal permissions and data, ultimately infiltrating companies or individuals to steal assets.

Having said all this, to put it into practice, I have two heartfelt suggestions: First, ensure wallet isolation; do not interact with core asset wallets, and only use them for transfers. For commonly used interaction wallets, do not store too much money; just meet basic needs. Second, do not click on links casually; remind yourself that any link could be a phishing link, and always double-check. By following these two points, you can basically prevent 99% of scams.

Alright, that's all for now; I need to reinstall my computer. Finally, I send my blessings to the hackers; they are also a part of the ecosystem. Their existence helps the industry recognize its shortcomings and progress quickly.

Welcome to join the community
Welcome to the community WeChat: BQ221858
Welcome to follow Weibo: @QuarkMing202
Welcome to follow Twitter: @xian202766693

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.