Mediaboss Marketing

A $10 million hack targeting sophisticated crypto users has top security experts baffled.

Taylor Monahan, former CEO and founder of Ethereum wallet manager MyCrypto, said on Twitter Tuesday that over 5,000 in ETH had been stolen since December.

Thats over $10.4 million-worth of crypto at todays prices.

The worrying part? It hit hardware wallets of users who prioritized security, according to Monahan.

For the past 48 hrs Ive been unwinding a massive wallet draining operation, wrote Monahan, who joined MetaMask after MyCrypto was acquired by the crypto wallets parent company ConsenSys last year. Folks are those who are more crypto native than most and reasonably secure were hit by the draining of funds, she tweeted.

In other words, these arent crypto newbies clicking on obvious phishing links that are being drained. The attack is far more sophisticated than that, and its OGs who are being rekt, Monahan explained. No one knows how.

The security team behind popular crypto wallet MetaMask told Decrypt that the unidentified exploit hit crypto users including, but not limited, to MetaMask users.

The on-chain behavior heavily suggests a private key compromise, they said.

What current investigations are showing is that it seems that this specific attack vector is pointing towards these users secret recovery phrases being compromised somewhere down the line, likely due to unintentionally insecure storage of said phrase.

Private keys are used by crypto users to access their funds stored in a walletbe it digital or physicaland authorize transactions.

Monahan also said that the attack targeted funds held on wallets created from 2014-2022. My best guess [right now] is that someone has got themselves a fatty cache of data from 1+ [years] ago [and] is methodically draining the keys as they parse them from the treasure trove, Monahan tweeted. She emphasized that, however, that this is only a guess, and no one yet has been able to determine the source of their compromise.

Her best advice? Please dont keep all your assets in a single key or secret phase for years, she said.

MetaMasks security team added that in order to protect funds, users must not store their private keys anywhere online or on any internet-enabled device.

If you ever get to the point where your wallet is so old that you cant remember if youve been 100% diligent with its keys at all times, then consider creating a new wallet, they added.

View original post here:

A Hacker Has Stolen $10 Million in Ethereum and No One Knows How - Decrypt