![[Post Mortem] - The 84K MOON Hack](https://b.thumbs.redditmedia.com/sYbI0n_DjxtIIHgweb27QgpQx807kzAeqs-fFygS0TQ.jpg "[Post Mortem] - The 84K MOON Hack") | Hello crypto bros and gals, Unfortunately some of you are experiencing your first significant MOON loss today (some will say a Reddit rugpull) with the announcement of sunsetting community points. Believe me I've been there! It's been a little over 7 months since I was hacked and lost all of my 84K+ MOONs and then some. You can see the full details of the hack here - https://www.reddit.com/r/CryptoCurrency/comments/11sksgs/i_got_hacked_and_lost_over_300k_today/ I was one of the few who put real money into MOONs (purchasing the majority of my MOONs between .07 and .10) as I believed in the concept and potential strongly. I was at one point a top 50 MOON holder. I watched as the price of MOONs continued to rise up and over .40, YAY ????! Then ZAP! All gone! ???? Reading the comments on the initial post, I believe the hack single handily caused the price of MOONs to drop about .10 cents on March 15th. Post Mortem: What Happened?The most likely scenario is it was a dark web user name and password compromise. A group targeting retail cloud based notepads and apps stumbled upon my Evernote account and 3 wallets were drained. We can't rule out that this could be an inside job at Evernote or I had a RAT trojan installed on my computer. My 84K+ MOONs were the first to go. Here's the txns on Arbiscan - https://nova.arbiscan.io/address/0xe147a73e7d783166f791f10342a0122db80814c4 I quickly learned how wallet drainers like Inferno, Pink, and Venom work. They start draining the coins with the most value and work their way down. Additionally, sweeper scripts get installed sweeping up an incoming crypto transactions. The only way to combat sweeper scripts is through the use of MEV. The whitehats were able to beat the hackers to the Arbitrum Airdrop using their MEV bots. Yay! It's the small wins that count. All of my crypto in the MetaMask Wallet and Deadalus Wallet was drained within minutes. The Rocketpool Node, the real prize representing about 275K in assets, was a ticking time bomb. More on that later! Where did the MOONs go?Once the MOONs were inside the hacker's wallet of 0xe147a73e7d783166f791f10342a0122db80814c4, they were swapped to ETH. Most were sent to the Hacker 4 wallet (see visual above) and peeled off further from there. Below are the intermediary wallets
Eventually everything ended up in a Kucoin deposit address. You'll notice all of my stolen funds will end up at a Kucoin deposit address. For those sleuths interested in tracing, here are the Kucoin deposit addresses used to send my stolen funds through.
What's Kucoin's Role in this? They're in on it!Let me explain. Imagine for a moment law enforcement issues a request to an exchange to freeze any incoming funds with interactions with 0x...... The exchange replies "Ok! We'll freeze any accounts associated with 0x...."' Kucoin's actual reply to me when asked about the funds. 2 months go by. The hacker sends 152 stolen ETH through a single Kucoin deposit address. LE sends 30+ emails requesting the subpoena records for this deposit address. The exchange ignores law enforcement. Another month and a half goes by. Media pressure forces the exchange to finally release the records to LE. The 152 ETH is long gone. Unfortunately, this is the exact scenario that played out. The hacker was able to somehow move all 152 ETH through a single Kucoin deposit address - 0xB129845c082b3BD6Ce163e8B0369aCc6E929B7bC - on Mother's Day. Once LE finally received the KYC records of this deposit address, we were appalled at what we found. We have on-chain and off-chain evidence of Kucoin's role in money laundering. THE HACKER HAD A NON-KYC LEVEL 1 ACCOUNT - How is this even possible? The limit for non-KYC is 1BTC a day, but somehow this hacker withdrew the equivalent of 10+ BTC with just an email address as verification. In other words, this was non KYC account (Level 1) that somehow was able to launder about 275K. THE HACKER SWAPPED ALL STOLEN ETH TO MONERO(XMR) BEFORE SENDING FUNDS OUT OF KUCOIN - Another huge red flag. Ironically, Kucoin paused Monero swapping days after this took place - https://www.kucoin.com/news/en-deposit-and-withdrawal-services-of-xmr-temporarily-closed-20230530 THE KUCOIN DEPOSIT ADDRESS WAS CREATED THE SAME DAY THE STOLEN FUNDS WERE MOVED IN AND OUT - Isn't there supposed to be withdrawal limits on brand new accounts? Nope, not in this instance. For those keeping track at home, here's the wallets used to move my Rocketpool Node.
What could of been a recovery success story turned into a case of "what if". What's Next?My crypto is most likely gone for good. Unfortunately that was most of my life savings. However, this hack has completely re-routed my career path. I now spend most of my waking hours on my own case as well as helping other victims trace funds across the blockchain. A person goal of mine is to pick up a job in cyber security before the end of the year. A number of Redditors have reached out wanting help tracking their stolen crypto. We've had a few success cases finding persons of interest and passing intel to law enforcement. To those MOON holders sitting on big losses today, it does get better over time. Once the initial shock wears off some good will come out of it. [link] [comments] |
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments