I am an fool, no doubts about that. For greater than a decade in crypto, I managed to outlive with out dropping a dime to a number of hacks/scams/losses/thefts.
On Friday they caught me off guard. Right here is the way it occurred, so you’ll be able to keep away from it if the identical occurs to you:
I used to be touring along with a household, away from my laptop computer and with my thoughts targeted on different issues and priorities.
A trusted buddy who is aware of me properly, sends me a telegram message with the next textual content: “Hey, is not this the airdrop you advised me you have been trying ahead to? -> hyperlink to a tweet”.
He was speaking about zkSync, which I used to be trying ahead to. I used to be conscious that no airdrop had been introduced and that a number of rip-off makes an attempt have been round.
A couple of weeks earlier, I used my important ETH scorching pockets to carry out an entire bunch of actions to work together with zkSync (1 and a pair of), simply to mess around with it.
In order I used to be within the automobile, and since I used to be anxious to know if that was the true airdrop, I opened the tweet (which btw remains to be on-line as of now, 5 days later —> https://imgur.com/a/ITBH31u
I learn the tweet, and on a fast first look it appeared very legit: it got here from what appeared to be a dev: blue checkmark (FU Elon), Twitter account account joined in 2012, 300k followers, 900 retweets.
FOMO kicked in. Fuck me. This should be IT, all the things checks. A trusted buddy despatched it to me, and the Twitter account is actual.
I already carried out a lot of the actions required to take part “the airdrop” (work together with zkSync in several methods). All I’ve to do is simply go to the web site, join with Metamask and be part of the whitelist.
I wished to get it achieved as quick as I probably may, so I may neglect about it and go on with my household journey. No have to examine additional. (took me off guard, advised you).
So I went on the web site (if I solely paid extra consideration to the URL… ), and related my Metamask cellular pockets to it. He requested me to signal one thing to hitch the white checklist. Then nothing occurred. OK, I made it!
My pockets was absolutely “loaded” as I used to be gathering liquidity to begin a minipool on the following week :(.
1 hour later I obtain an alert from a watched pockets on etherscan. And I may see my entire ETH stability leaving my pockets utilizing the perform “SecurityUpdate” going out to https://etherscan.io/handle/0xd13b093eafa3878de27183388fea7d0d2b0abf9e .
I knew what occurred instantly. Reported the tweet, reported the handle on etherscan, and watch my ultrasound cash flying, together with 1000’s of different incoming transactions from different individuals.
This individual/group is making thousands and thousands as I sort, and it appears unstoppable. To see his funds transferring OUT, he’s utilizing some type of inner transactions -> https://etherscan.io/handle/0xd13b093eafa3878de27183388fea7d0d2b0abf9e#internaltx
So, I’ve ONE essential query now: ought to I burn my ethereum handle now and by no means use it once more? If I transfer ether on it, will he/she be capable of metal it from me once more, of was only a one-off bundle tx he signed? He did not take my NFTs, nor my ENS. He did not take my ERC20 tokens (not a lot) .
FML, do not FOMO. Do not work together with web3 from a smartphone. Do not maintain funds on a hotwallet you can entry from a smartphone. Do not belief Twitter followers/retweets/creation date/ and do not belief the blue checkmark.