Alert! please urgent help!

@dan-i @ivan @filip @anyone that can help me!!!

I was doing the Ethereum 201 course, and I couldn’t configure my metamask to work properly. I read some answers in the forum and I guessed that using chrome would help (I’m using firefox as default browser). I have been using metamask for about 3 months, I also have it configured in my phone. I even staked some ETH in STKR from ankr and deposited some ETH in AAVE and COMP platform (this was only around 2 days ago). I also staked some DOS tokens some time ago and have some AAVE staked on their platform. I had around 15kUSD in my metamask. And then, suddenly I checked in in my phone, and I got only 1.500 or 2.500 (I canr remember right now).

From 19.23 to 20.50 hours today, my all my metamask funds were taken. I dont know how this happened. I guess that somebody was checking on me… is that possible? can I do something about it? because metamask dont have any 2FA way or email confirmation.

I thikn those transactions cannot be reverted (I have studied a lot from the academy the last 3 monts … I wish I could go full time crypto, but with these things … who knows)…

Please, if somebody with the proper technical skills reads this, I could really use a hand. I am not super rich, so, dont expect any monetary compensation … or oculd be something inf the funds can be taken back … but I dont thinks so.

Is my metamaks compromised? Should I change it? how did they guessed the 12 words? I only downloaded chorme, then searched google for metamask, then pushed the first thing that appeared on google, and then I had to put my 12 words twice … this was a little strange, but I thought … what the hell … and I did it, then I configured the network to connect to ganache (I set up a python http serverm just like they asked in the class… could it be because it was not a https server?) … I really dont know what happened, I dont want to loose more money … that it for me with defi for now … I have my other funds in, celsius and exodus wallet … could those be compromised as well?

my metamask address is


please help!!!

Hey @javier_ortiz_mir, hope you are well.

Sorry to hear this but, apparently you download a fake metamask, if you click the first thing that appeared without verify the website and if that was the exact metamask wallet, i guess your private key (12 words passphrase) is compromised, sadly you know the rules, there is no way to revert a transaction once is made, so if the hacker transfer out your money, it is because he got access to your private keys…

You should create a new wallet, but directly from the original metamask website:
Also discard that wallet, take the rest of the funds and send it to a new wallet if you still can.

Your funds in or celsius or exodus should not be compromised, you do not own the private keys of nor celsius, careful with your exodus private key…

Sorry for this man :frowning:

Carlos Z.

@thecil … shit … that’s very bad news! But, please answer some questions to me:

  1. Should I delete the extension that I downloaded for chrome? This will fix the problem?
  2. When I was trying to change the network parameters, something didn’t feel right. When I input the 3rd parameters (I think it was chain ID) the thing didn’t save, or took a long time to verify. Then suddenly it worked.
  3. Should I delete google chrome as well?
  4. Is there any possibility that my computer is compromised? For example if I access a CEX from my computer, could they read my password?
  5. Should I reboot my computer completely?
  6. And last, but not least. I had borrowed a couple thousand dollars in stable coins, how about these loans? I will try to remove the funds o provided

Hey @javier_ortiz_mir

I am really sad to read what happened.
Did you maybe push you mnemonic phrase on Github or somewhere else?
Also were you holding that amount of money in your metamask wallet or you just were using metamask to connect your hardware wallet?
From what website have you downloaded metamask?

If you are 100% sure that you haven accidentally shared your mnemonic (by pushing it on github or something similar) then I would seriously thinking about format the pc.

  1. And last, but not least. I had borrowed a couple thousand dollars in stable coins, how about these loans? I will try to remove the funds o provided

I do not know where you borrowed the money but I guess you will lose your collateral if you cannot pay your loan back.

Crypto should be kept in an hardware wallet, and the mnemonic should never be on a computer that can access internet.

At this point, I would also consider to go to the police and report what happened.

Good luck,

@dan-i … no, I havent pushed anything into github just yet … the other day the only thing i did in github was to publish a page, as part of another course Iam taking in codeacademy.

I just repeated the sequence that I did yesterday, and I think @thecil was right, I clicked on another thing, not, i clcicked on … the page is exactly the same … so given the circumstances, is it enough for me to delete chrome and the “metamask” extension that I installed in google?? or do i need to delete firefox and the firefox extension as well??

and another question: can I ask google to remove those guys, because it says that is a google advertisment … how can google advertise such webpages?

Hey @javier_ortiz_mir

Unfortunately the 1st url is surely a scam.
The url is fake, and the last ‘k’ is a special character and not a letter ‘k’.
The website do ask your mnemonic phrase as soon as you click on:
Screenshot 2020-11-26 at 16.35.32

As far as I understand, you have not installed any corrupted software, you just input your mnemonic phrase in a web form.

Do never ever write your mnemonic anywhere.
A legit software will never asks for your mnemonic phrase.

Also keep your coins in an hardware wallet.

and another question: can I ask google to remove those guys, because it says that is a google advertisment … how can google advertise such webpages?

You should not be surprised as youtube is also unfortunately showing scammy adv (send me 1 btc I will send you back 1000000).

I just googled how to report a google ad and I got this ->

1 Like

Yes, you should delete the extension, clear cache and browser data your to be sure.

If you install an extension, chrome should not be compromised, but just in case, you should clear cache and browser data file, if you are a little bit in paranoia, after deleting those, uninstall chrome and reinstalled brand new.

It should not be compromised, the extension just work through chrome, I dont think it have somekind of permissions to read system files or other program files, unless the installer of the extension ask you to install some kind of aditional software (which i think is not the case for this, they only want your private key).

Nope, based on above answer.

Are those loans on the compromised address? if so, try to withdraw all remaining funds from that wallet, everything you can try to recover.

Carlos Z.

1 Like

@thecil @dan-i thanks a lot for your help … I was in a rush doing the things I did yesterday, so I didn’t realize that it was the website that prompted me for the 12 words … my bad :sob:

This is the most expensive course that i have taken so far … I was checking one of the accounts that were involved, and it has more than 600MUSD … and the f?cking guy took my 17kUSD … I feel petty for him or her , he/she must have a huge void in his/her soul

hope that BTC goes up, may the satoshis be with you


Javascript Programming

6) Reading Assignment & Quiz: Variables

Read Chapter 1 (page 10-20) .

it says read this before answering the quiz…? I can’t find the content for page 10-20… plz help

1 Like

The only way to protect yourself is to use a Hardware Wallet and buy it directly (Ledger Nano S). There are a million Youtube instructional videos outside the academy on how to set up a Ledger, plus how to use it for DEFI. Never give your seed phrase away it is the KINGDOM. It is why 99% of those investors should use Coinbase and have them cold storage.


I already bought one, but it doesn’t support all the tokens… I saw that DOS for example is not supported, I think rocket pool either. That’s the only disadvantage, and I think if there is a new token it will always be late to add it to the Ledger , I guess that must’ve been a firmware update or something like that

With Ledger you can hold any ERC20 tokens. Yes, some won’t be visible on Ledger Live including DOS, Rocket Pool and many others but you can always find them here

1 Like

That’s why I don’t use Google and use DuckDuckGo instead as the latter doesn’t show you ads. I’m sorry for your loss and worried how many other people may end up loosing money because of those metamask scams.

1 Like

@biokillos I didn’t know that. That’s awesome!! I just got my Nano ledger Nano X today … I haven’t quite figured out how to use it, but I already paired it to my smartphone. Just a question about it: If I lose the physical device, I could still access my funds if I have my seed phrase, right?? But do I need to have another Nano Z to do it?? Or any Bitcoin/ethereum wallet will do (since it has 24 secret words, I guess 12 of them corresponds to a BTC wallet and the other 12 to an eth wallet)

Sorry for your loss buddy…

a) Never rush these kind of things. Take all the time you need to double check addresses you send funds to

b) definitely, forget about your private key anywhere online or in a computer connected to the internet…that is the FIRST THING that you’ll need to observe, unless you plan to keep your funds on an exchange.

It’s the very reason why hardware wallets are invented in the first place, to have the passphrase displayed outside of the OS.

Careful out there, digital assets are increasingly sought after.


sorry to hear that, man! its a jungle out there… a bit late, but it may help others, there’s a warning now…

stay safe!

1 Like

I am sorry about what happened thats horrible.

yes … it certainly was!! lt was like 1/6th or 1/7th of my total cryptos :cry:

but i will not surrender!

1 Like

I am really really sorry … But at the end you will make so much more profit and will make up for it, I just don’t understand how they hacked into your account.

1 Like

it was a fake metemask page, but it looked exactly the same. The thing is that first they asked me for my 12 words and then they redirected my to the metemask page, so I had to imput my 12 words twice, which I though was strange. I also came across a fake AAVE page, that also asked for my 12 words … I think there must be plenty of those fake pages … so be careful, always use a bookmark of the page.

:kissing_heart: :kissing_heart: :kissing_heart: