- MetaMask users and crypto participants have lost over 5000 ETH in assets, NFTs, and tokens since December 2022, developer Taylor Monahan said on Twitter.
- The hackers drained funds through several wallet providers across 11 chains, swapping other cryptos for Bitcoin and Ether before moving the funds to a centralized swapper.
- Monahan stressed that the exploit is not limited to only MetaMask users, noting that crypto users, in general, were affected.
An unknown hacker has drained cryptocurrencies through several on-chain wallet providers since December 2022, blockchain developer Taylor Monahan said on Twitter.
According to the MetaMask builder, the hacker drained over 5000 ETH in tokens and NFTs from addresses across 11 chains. The loot amounts to over $10 million in Ether at current prices. ETH traded above $2100 on Tuesday following the Shapella upgrade that rolled out on April 12.
MetaMask OGs And Crypto Users Rekt
According to Monahan’s Twitter thread, the wallets that suffered theft shared some commonalities. For starters, they all belong to crypto OGs and not ‘noobs’, a term used to refer to new crypto users. Also, all the drained wallets generated their private keys or seed phrases sometime between 2014 and 2022.
The stolen assets are swapped to ETH, sometimes using MetaMask‘s in-built swap function, before draining the wallet of the funds. Notably, this only happens when the target address holds a smaller value and a basket of tokens.
Monahan said that the hacker ultimately converts tokens to Bitcoin (BTC) before moving the funds to a centralized swapping platform like FixedFloat, SimpleSwap, SideShift, ChangeNOW, or LetsExchange. The unknown attacker also leverages digital asset tumblers like CryptoMixer.
Monahan theorized that the attacker holds a “fatty cache” of data that allows them to methodically steal assets. The MM developer stressed that the source of the compromise is unclear, even after several wallets across 11 chains were analyzed.
Monahan stressed that the exploit is not limited to only MetaMask users, noting that crypto users, in general, were affected. It remains to be seen how or if affected crypto users can recover their assets or guard against the ongoing “unidentified exploit”.