kenny 🎩 pfp
kenny 🎩
@kenny
can any onchain sleuths help out rookiest? his wallet was drained and all funds sent to the address in the screenshot below his wallet is: https://basescan.org/address/0x9b11c256cf485C0120e03caC843386Dcc8979E9b
2 replies
2 recasts
7 reactions

Ryan J. Shaw pfp
Ryan J. Shaw
@rjs
It looks like a native transfer? That requires a private key or remote access, unless I'm misreading it. Also interesting: 1. Attack happened shortly after DEGEN was sold for ETH 2. Attacker sent the victim some ETH 100 blocks before the attack and BEFORE the DEGEN -> ETH swap (2) usually indicates an address history poisoning attack, but the preceding transaction was 21 hours before, so that doesn't make sense. It could be the attacker had access to the private key or remote access to the machine, but is an automated process that only supports ETH and not DEGEN, so it only struck when ETH was in the wallet, hence (1)? Still doesn't explain (2). Would love to know what happened here.
5 replies
0 recast
2 reactions

kenny 🎩 pfp
kenny 🎩
@kenny
thank you for the great analysis! 5000 $DEGEN @rookiest ^
1 reply
0 recast
1 reaction

Ryan J. Shaw pfp
Ryan J. Shaw
@rjs
Oh wow I didn't even solve anything but thanks! @rookiest please see this question https://warpcast.com/rjs/0x6dd3b260
0 reply
0 recast
0 reaction

0xISTP🇰🇷 pfp
0xISTP🇰🇷
@rookiest
After getting hacked today, I checked my wallet connections and found two suspicious ones: www.build.top and build.top.
1 reply
0 recast
1 reaction

RJ (replyor)  pfp
RJ (replyor)
@shulzzz
what happened to the ens? looks like its your FID now. build is a common thing...scary if that's the cause.
0 reply
0 recast
0 reaction