Social Engineering Attack: 2 BTC, 30 ETH, & Many NFTs

September 9, 2023.

MinaSalib.eth is an experienced Ethereum NFT professional who tweeted today about losing all his digital assets via a social engineering attack.

My fellow @y00tsNFT & #NFTCommunity: I’ve been a victim of an elaborate hack and basically lost every digital asset I have (2 BTC, 30 ETH, and all my NFTs). I’m honestly embarrassed to even walk you through how it happened, but if you can be helpful in any way, I would greatly appreciate it.

As a member of the NFT community since Feb 2021, I never thought this would happen to me. Here is how they did it, A person named Brian Foster had been calling me for 3-days as a representative, alerting me that someone was trying to transfer funds out of my Coinbase account. Before and after every conversation, there was activity triggered from Coinbase, and I received a text stating the following. Next Step: Brian had me change my password. He also had me lock my account for 3 days. Today: He triggered another withdrawal of funds and called. That was for 32 ETH (which he converted from my BTC) of my Coinbase. Upon triggering, he called me to ensure my account was secure. He encouraged me to transfer my funds and had me connect my Metamask wallet via the security links he sent. I stupidly connected my metamask to the Coinbase link via private key, and that’s when everything began to be drained. I have now lost almost 2 BTC (which was converted to ETH) and 28 ETH from my Metamask.

I know many have suffered in this community, and it’s a long shot to get this back but if you can help, please let me know. This is the wallet that drained my account: 0xb2aa934109Fa0597e695ce58356b305C03c7E1f6 This is my Metamask, which I can longer access 0x15F5f7b532ad6361092D24aDE7A17E54Cce0dd75 This was the Coinbase Wallet: 0x3cD751E6b0078Be393132286c442345e5DC49699 Thank you!

Mina included the following images in his tweet:

In the replies, @0xQuit gave his analysis:

Sorry this happened. First off – there’s no way to recover the funds, anybody that tells you there is is trying to scam you.

Secondly, there are a few lessons to be learned here. This was a spear phishing attack. The obvious signs are there: – poor grammar in the text messages – an obviously incorrect link to coinbase – no communication through official channels So while you can’t recover some funds, you can learn from your mistake. Hopefully others can too.

Some lessons: – ALWAYS assume the worst intent, and proceed with caution – ALWAYS inspect any links before clicking them – NEVER download files from unknown sources – ALWAYS use a hardware wallet Your private keys were compromised. You didn’t provide quite enough information to deduce how, but I’m happy to dig in more if you provide more details. Either way, it means that you either weren’t using a hardware wallet and downloaded malware, or you were but you entered your seed/private key somewhere online.

Stay vigilant!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top