Metamask got hacked

Please help(or learn from my mistake),

I wanted to send 0,56 ether to my argent wallet txn(https://etherscan.io/tx/0x9bd2765cd7d15d79372c66a97cf8e05a0c7d498f97ca01c9f0e7916dbe9e3e2f)
it has been dropped and replaced to another account, and than another transaction has been started from my metamask wallett, with the rest of my ether.
Check my account: https://etherscan.io/address/0x9b98012775e45e92cd1a03e5a2d0570183a7f35f
I never started the last two transactions to the address: 0xDeA08488B4E2E5b303AEACA53E0f1938FD92A118

1 Like

Sorry to hear that this happened to you Janos. I doubt there is any way to get the funds back, unless MetaMask is willing to pay the bill.

I tried looking it up online, and others have claimed the “hacking”, but no one seems to have an explanation as to how it happened.

Maybe it was a fake version of MetaMask? Where did you download yours?

2 Likes

Probably a fake metamask or a virus on your computer redirecting to another ETH address. Your funds are lost. Start using a hardware wallet. Even if you have a virus on your computer or a fake wallet the transaction needs to be approved on the hardware device itself. If the device reads a different address than one you put into the computer you can stop it as the hardware wallet won’t sign anything without you confirming the action on it first.

this is disconcerting

Hi @Janos_Barna

First of all sorry for your loss… It’s weird because the new address didn’t touch the fund yet and no funds were sent to it before. Hacker will have scripts to move the funds quickly before they get track and mix it.

If it’s a virus and the destination address is hard coded the user will have more fund, If the address is generated by the virus he will have to send the private key from your computer to his computer.

You can try to record your traffic with wireshark and do a transaction on the ropsten testnet to see if your testnet funds are also highJack. Maybe you ll get an ip or see the generated key on the network if the virus is not using an https endpoint.

If you get lucky this virus could generate the same private key for the testnet network and you can catch it.
If it s a virus which derive the private key from your, you can also try to create a new address in metamask, they are all derived from each other.

I don’t want to give you false hopes, there’s a big chance that it is lost.

Btw on the Argent wallet website they recommend you to use 23.300 gas

Your first transaction has a gas limit of 21000

“If it’s a virus and the destination address is hard coded the user will have more fund,” they got all my funds from metamask (1,56ETH), i don’t think that’s the case. “he address is generated by the virus he will have to send the private key from your computer to his computer.” this is more likely, because if you check my transactions(https://etherscan.io/tx/0x9bd2765cd7d15d79372c66a97cf8e05a0c7d498f97ca01c9f0e7916dbe9e3e2f), you can see that this has been dropped and replaced (is it happens often?) with a new one with a new address, and right after another one to the same address with the rest of my funds.