kenny 🎩 pfp
kenny 🎩
@kenny
can any onchain sleuths help out rookiest? his wallet was drained and all funds sent to the address in the screenshot below his wallet is: https://basescan.org/address/0x9b11c256cf485C0120e03caC843386Dcc8979E9b
2 replies
2 recasts
7 reactions

Ryan J. Shaw pfp
Ryan J. Shaw
@rjs
It looks like a native transfer? That requires a private key or remote access, unless I'm misreading it. Also interesting: 1. Attack happened shortly after DEGEN was sold for ETH 2. Attacker sent the victim some ETH 100 blocks before the attack and BEFORE the DEGEN -> ETH swap (2) usually indicates an address history poisoning attack, but the preceding transaction was 21 hours before, so that doesn't make sense. It could be the attacker had access to the private key or remote access to the machine, but is an automated process that only supports ETH and not DEGEN, so it only struck when ETH was in the wallet, hence (1)? Still doesn't explain (2). Would love to know what happened here.
5 replies
0 recast
2 reactions

kenny 🎩 pfp
kenny 🎩
@kenny
thank you for the great analysis! 5000 $DEGEN @rookiest ^
1 reply
0 recast
1 reaction

Ryan J. Shaw pfp
Ryan J. Shaw
@rjs
Oh wow I didn't even solve anything but thanks! @rookiest please see this question https://warpcast.com/rjs/0x6dd3b260
0 reply
0 recast
0 reaction

0xISTP🇰🇷 pfp
0xISTP🇰🇷
@rookiest
All I did today was write a post... So, I have no idea how my wallet got hacked.
2 replies
0 recast
1 reaction

kenny 🎩 pfp
kenny 🎩
@kenny
I think someone might have remote access to your device, either that or they got access to your seed phrase somehow
0 reply
0 recast
1 reaction

0xISTP🇰🇷 pfp
0xISTP🇰🇷
@rookiest
It seems that a remote access program was installed in one of the files I downloaded.
2 replies
0 recast
2 reactions

Ryan J. Shaw pfp
Ryan J. Shaw
@rjs
Ah, so my first theory then, sorry 😞
1 reply
0 recast
1 reaction

kenny 🎩 pfp
kenny 🎩
@kenny
😞
1 reply
0 recast
1 reaction