/biz/ - Business & Finance

>>22742536
bumpu

bump

He just sent eth to his other wallets to sell UNI

scratch that i can find one commonality and it's the UNI token, all the wallets have had all their UNI swapped for eth before they get drained.

>>22742660
no because one of "his" other wallets was my fuckin wallet lol and all my eth is gone

>>22742749
Give us more details, Sir.

- hardware wallet?
- was there ETH in it before the bot added some?
- Did you try to trade on Uni in the last days?
- OS?

Totally unrelated but I am a fucking noob and I want to claim some tokens from an airdrop. I got the contract address what the fuck do I do?

>>22742789
-no (but im getting one now lmao)
-yes but he didnt add any to mine, im guessing the ones he sends the .1 eth to is gas money for empty wallets with UNI in them
-yes but some of the wallets have been inactive for 30+days, most of them relatively low balance (<5 eth, roughly the balance of 400uni, hmmm)
-windows

>>22742884
what wallet were you using

>>22742917
metamask

>>22742929
lmao wtf did you go on any dodgy websites?

>>22742949
no

>>22742949
plus look at all the different wallets he's hit, it's a lot for it to be a malware attack isnt it?

>>22742949
metamask is fucking unsafe
who the fuck would use a online browser plug in wallet
even worse to trade defi scam tokens for 40 bucks per transaction

>>22742689
He got phished. be more careful next time. When you go to uniswap make god damn sure it's uniswap. Get an adblocker. Get 2 ad blockers. It's fucking 2020

>>22743032
Unlikely. How did the guy phish inactive wallets lmao. This is clearly an exploit of some sort.

>>22743032
>>22743071
i've got adblock and i use the correct address for uniswap lmao. they're leaving sometimes thousands worth of altcoins and just swapping the uni and cleaning out the eth. if it was phishing why not swap everything, and like the other anon said how are they getting wallets that haven't been touched recently

>>22742536
It mines Safex for the great uprising of 2021.

>>22743176
Are all ur coins gone or just the eth?

>>22743285
just eth, i had already swapped my uni and spent the eth on other erc20 tokens which werent touched. other wallets are having their uni swapped immediately before the eth is emptied into the bot wallet, but likewise all their other tokens are untouched

>>22743285
>>22743344
check'em also you can check the etherscan link in the op for yourself if you're curious, open a couple of the addresses that the eth is coming in from. uni swapped, eth taken, other coins left

yeah you probably got phished or some shit

>>22743344
Damn, funds are really not safu. But I'm wondering how it could be Metamask's fault. Where you save your private keys/seed?

>>22742536
He is just claiming uni u larping nigg

>>22743431
Where'd*
Still waking up lmao

>>22743431
a piece of paper in my desk drawer
>>22743449
from MY wallet? no.

>>22743449
>>22743477
check the etherscan the first transaction on the wallet was 2 days ago and he's "claimed" 150k usd worth of fuckin uni lol teach me how to do that

>>22743497
Have you connected metamask to ANY sites other than uniswap? List everything you have connected to

>>22742536
what projects, smart contracts have you interacted with in the last 2 months?

>>22743000
It is safe with a hardware wallet only

>>22743525
kye.fi lol that's literally it

>>22743497
phished keys is the most reasonable explanation, the address thats recieving the eth is just an address not a contract.

>>22742817
just get to uniswap.org/swap and hit claim button

First transaction has fake adress id wtf https://etherscan.io/tx/0x6cb74d0fc3f678397523ac20f6ef24d42dd64b9c8ff58830291d891cc172794b

>>22742536

How is it possible to drain the metamask wallets without notifying their respective users to approve the transaction, and then to approve the swap?

>>22743537
nothing really that far out there. xmm, pnk, undb, kye, uni. some dumb trades and memecoins but nothing abhorrently sketchy

>>22743587
i'll post caps of the most recent 5, the bots claiming uni on untouched wallets approving it swapping it and transferring the eth balance

>>22743609

>>22743632

just an owner of multiple wallets anon, post your wallet let's laugh at you

>>22743642

Anyone know something about this? Can you post it on reddit or somewhere where people might figure it out?

>>22743656
beating a dead horse i shoulda just gone with 3 and you'd get the point lol, but
>dead wallet
>gas in
>claim uni approve uni swap uni
>transfer eth balance

>>22743716
>reddit
>might figure it out
anon it's either owner of multiple wallets or idiots getting into fake claim website, i saw one, it unironically asks you your PRIVATE key, then it just calls claim on distribution contract, then it dumps claimed uni on uniswap, then it sends tokens to phisher address
did OP posted private key somewhere? If he didn't then yeah, it might be metamask vulnerability

>>22743771
it could be "dead" wallet but not the dead users getting into phishing website to "claim", anon
tell us how you claimed your uni

>>22743778
didn't share private key anywhere, i might post on biz but i'm not a complete room temp iq retard lol

>>22743778
OP said it took his ETH though. Also why didn't it take all his ERC20 and just his ETH? Definitely might be useful to have more people looking at this.

but again if it was MM vulnerability then it would hit not just UNI holders

>>22743803
i went on uniswap and claimed it like everybody else lol

>>22743834
If it were a uniswap copycat phish, and you wanted to automate it, wouldn’t you program the script to just send eth, claim, swap, send.

Seems easier to get up and running than something that tries to send/swap a list of erc20 coins as well.

>>22743655
>reddit
>might figure it out
ngmi

>>22743885
yeah exactly
OP try remembering when you went to claim your uni and check the browser history on that date for suspicious URLs

>>22743907
for >>22743716

Im curious about something like this too

>see wallet i recognize send small amount of eth to another address
>the wallet they sent to transfers it to another wallet
>that wallet has a large $ in a single coin
>none of these transactions are interacting with a contract

>>22743915
nothing that stands out, lotta etherscan, youtube, twitter, medium. kye.fi which i connected my metamask to, but that's not a commonality with the other wallets

Interesting.
I cannot imagine this being some kind of metamask exploit. My guess is, someone took the UNI distribution as an occasion to go through their phishing logs and your keys have been in there.
However by the timestamps it doesn't look scripted to me, as it's done over hours and days. Seems like someone's working on it.

OP, you got your keys stored on your machine in cleartext? Or restored MetaMask with them recently? Any way they could have stolen your key?

>>22744053
https://consensys.github.io/smart-contract-best-practices/known_attacks/

What interactions with smart contracts have you had recently?

>>22744136
not unless they got me with a keylogger or some other malware but i can't imagine when/where they would've, the seed phrase and password are only stored on a piece of paper in my desk. haven't had to restore metamask at all that i can remember.

THIS is why you get yourself a hardware wallet as soon as you get a sizable stack of anything
Something similar happened to me, some dude somehow got into my wallet and took all my YFV

>>22744208
yeah lesson learned it's in the mail

>>22744152
uni v2 kye/xmm/undb/pnk/uni

This is really bad ain't it

>>22744310
usdc and byfi

>>22744310
post your address

>>22744372
i'd rather not until I can get the rest of my tokens onto a hardware wallet

>>22744310
Jist saying, there are probably leet hackers out there that can take advantage of smart contract coding flaws. We have yet to see anything like injections and whatnot. This is still early.

>>22742536
Its someone doing it manually. theres like 8 hour breaks, so it would seem they need to sleep or work

there is some weird shit going on with people having their shit stolen on metamask.

either it's a bunch of newfags being dumb or metamask has some holes.

>>22743778
Could it simply be that OPs password were bruteforced? Seems like the simplest answer

in the comments of one tx someone claims
TROJAN HORSE USING TWITTER
https://disqus.com/home/discussion/etherscan/0xda9ddc8fd2aeb2ea113cdb11e32f861c273d75b9/

>>22744496
could be but there's like 100 or more unique wallets in this guy's transaction history, wouldn't that take a huge amount of time to brute force all of them?

Do hw wallets only sign txs, not export the pk. Then is that why it’s specifically a metamask issue, cause otherwise it might be an exploit with uniswap

>>22744496
>>22744559
All this crypto stuff is based on the assumption that neither private keys nor proper passwords can be bruteforced. No.

If its malware related, it would have been easy to keylog the password or extract the unencrypted key from memory, when it was unlocked by the user. However that does not explain why there is a lot of 'dead' or inactive wallets in there, which seem like they haven't been unlocked recently.

>>22744599
Thats my point. Maybe OP didnt have a proper password

>>22744502
did you use twitter on your PC?

>>22744632
it was unique and made of a couple words no spaces few numbers and a punctuation mark, idk

>>22744646
i check some project devs twitters, but not the one that comment was posted on. didn't click any weird links on anyone's twitter either.

sorry for your loss OP

He was standing behind you when you entered your password

>>22742536
OP how many ETH did he take from you? 4-5?
Did you have them because you sold UNI, did you ever possess UNI or did he sell your UNI?

>>22743542
I remain convinced you got phished. I'm sorry anon that's just how it be. They really do shit like take ads out on google/bing/etc. and bump their page to the top of the list. You click it because you think "oh it's uniswap, google wouldn't lie" and bam you go to a front end that looks exactly like Uni and you claim and you get fucked.

It happens all the time. Also the evidence you are posting
>>22743656
>>22743642
>>22743632
>>22743609
>>22743771
reeks of a phishing scam.
These wallets were untouched until they realized they had Uni in them. The owner went to google/bing, searched uni, got phished, game over.

Maybe I'm wrong and someone really has cracked MetaMask, but every time this happens it's proven that the owner got phished or leaked his private keys.

Show us your browser history.

>>22743979
It's because those are bait wallets for scrapers.

>>22744392
You might as well show us your address, it's compromised. If you showed us your address on etherscan then we can likely pinpoint where you got jacked if you interacted with a malicious contract.

would it be possible that claiming the tokens is insecure? maybe the free uni were given out to fish

>>22745971
There's no way claiming tokens from uniswap could expose your private keys, unless there was some flaw with uniswap. If there was, then it would have been exploited so far. What I'm thinking is the thief went manually checking addresses that haven't moved/claimed their uni, and somehow found their private keys online: https://medium.com/@parzival.is.sweet/hacking-uniswaps-uni-airdrop-434543b37d9a
I'm thinking OP's seed was somehow leaked somewhere and the guy managed to find it by doing some advanced google search of his address.

>>22746083
Im doing advanced google searches of your mothers pussy

>>22746453
That's no way to talk about Grandma, son.