Carelessness and Loss or Lesson #2

I’m sure when it all started we were all quite careless. People trusted exchanges, 2 factor authentication was not even available everywhere let alone forced upon you and it seemed more like an inconvenience than a neccessity. Then the hacks started, the stolen coins, ICO boom, more hacks, fraud, Twitter scams, fake websites, you name it — it was all there and they were milking it.

So of course I set my 2FAs on exchanges, moved my long term coins to external wallets and etc. Then one day I lost my phone and it took me around 2 weeks to get back into my accounts as I never thought of taking backups of the 2FA codes. Being a very organised person I promised myself to have all my Cryptos organised too. So I took screenshots of my 2FA codes, my private keys, my wallet data, I had all my white papers, my spreadsheet of investments and everything else nicely organised in one place. I ordered encrypted memory sticks, but because I was trading at work and at home I put this whole folder on Dropbox and set a 2FA which I thought at the time was bullet-proof.

The memory sticks came, I moved my info there, gave one to my best friend (in case I died), kept one at home and one at work. For some stupid reason (probably as it was convenient to have it all online especially when I was travelling) I did not delete that folder from my Dropbox account for another few weeks. Did you know that if you have Dropbox Plus your deleted files are kept there for another 30 days after being erased?

The Loss

13th of June 2018 is the day I will ever forget. It all started at 10.37 am…

10.37 am — Message from Yahoo saying someone with an unusual email address from gemalto.com (temporary email service provider) is trying to log into my email. I promptly remove this account from secondary email list and set 2 factor authentication on my Yahoo Mail. I’m at work and I go on with my day.

1.30 pm — I notice on my Qtum Core wallet which is always on my work PC (Staking) that all but a small amount of Qtum coins have been paid to myself, but it looks like a payment out and the balance is not correct anymore. Having had a number of issues with this wallet and especially the balance not being correct before I go on Telegram and Discord to look for an Admin. Eventually I find one and he is not sure what happened, says perhaps I staked an orphan block or its a wallet bug so he asks for the Debug file. A bit later he says I should probably move the remaining small amount of Qtum to an exchange just in case its a wallet hack which I do to Binance at 2.28 pm. All my coins are still there. The Admin takes 20 or so minutes to analyse the Debug file and says that it looks like someone had input my private key into their wallet which is why it looks like a payment to myself at which point I join the dots and realize that somehow via the Yahoo Mail hack my whole crypto folder was probably compromised. Panic.

3.21 pm — I log back into Binance and to my shock all that I had kept there is now converted into BTC, withdrawal has been requested and approved including that 500+ Qtum I transferred there just minutes ago. I don’t have a withdrawal approval e-mail in my Yahoo Mail. I frantically try to stop this withdrawal, but it has already been sent to BTC blockchain so even though there are no confirmations and I know it’s too late. My head feels like it is going to explode and I feel like I will faint and throw up at the same time. (From Binance provided IP connection information I later found out that I was only 2 minutes too late to stop this)

3.27 pm — I log into my Bittrex account to find the same situation (I later found out that I was 8 minutes too late to stop this). I have no usual Bittrex ‘log in’ or ‘unknown IP’ e-mails in my inbox. Just like Binance ones they have been re-directed and double deleted so I never notice this happening. Unfortunately for me I was just minutes behind the hacker(s) and it was all unfolding in front of my eyes.

I start checking my other wallets and realize that My Ether Wallet has been emptied already from 11am to around 1pm.

I open my NEO wallet and all my NEO is also gone an hour ago.

The only thing I have left to check is my Daedalus wallet where I keep my $ADA coins. I manage to eventually download all the blocks (they still don’t have a light wallet) and transfer my $ADA which is the only thing I have left over to my friend (interestingly Cardano will have a control layer which means that it can be used to recognize identity, assist compliance and allow blacklisting).

I am left shaking, crushed, shocked and feeling all the horrible emotions you can imagine all at once. It even feels not real, sort of like a very very bad dream. With the help of friends 24 hours later I feel more like a human again and start assessing the losses. I can see most of my stolen coins still sitting on the addresses of the hacker(s), but I cannot do anything about it. That is the beauty and the curse of blockchain.

So Lesson #2 is an obvious one yet so many of us just get too comfortable and careless and think “this will never happen to me” — do not keep anything online, on exchanges (e.g. the latest Bithumb $30+ million hack where they won’t reimburse the customers), don’t think that 2FA is bulletproof, don’t use the same or similar passwords, in fact have different very complicated ones on each separate account and use an app to help you remember them.

21,500 Qtum

Hackers address:

1,505 Neo

Hackers address:

$60k Worth of Ethereum tokens

Hackers address:

https://etherscan.io/address/0x7022e9f3864919cc25fb324b6cf2c14f38b1efc6#tokentxns

Combined $60k Worth of Tokens and Coins from Binance and Bittrex

Hackers BTC addresses:

14sy2MBw6NdqYfSU8WKrgg8zYujYkHGPoq

1NJUgbdur8xDW8CwygqF5XQK2baDvaCXdT

1BFsJixStUGin6ubXoA8N9JbiA4AuRGN7H

So if there’s any White Hats out there…