As an old leek who has been using metamask since 2017, thousands of dollars were stolen this time, and he was severely slapped in the face by the scammer.
To put it simply, I interacted with the Ethereum chain, and the assets of the Horseshoe chain were transferred away. When discovered, the other party had already transferred the assets for more than 10 days.
Let me summarize first. One is because of laziness and lack of attention, and the other is because of FOMO. In addition, there are too many wallets, and I forget that there are assets in other chains in that wallet.
First encounter routine
That's what happened. I write it down to avoid being deceived again.
I have an English Twitter, and I follow all overseas encryption influencers and overseas Web3 projects. I check it out often because the information here is very timely and has brought me a lot of wealth codes.
The time is December 31, 2023. At that time, I was going to sign up to go to Hong Kong with my friends for the New Year’s Eve. I still have some time before meeting up with friends, so I check Twitter.
An overseas Twitter KOL I follow is "Billy". He has been posting "He has launched a new project and released an inscription-generated art based on Arbitrum on Artblocks. There are only 200 pieces and they are free to cast."
billy twitter homepage
First of all, I judged that this tweet must be a big V, because among the people I follow, 80 people actually follow him. So this Twitter account is not fake.
At that time, he closed the comments and posted frequently. At this time, I became a little suspicious.
Then, I opened the webpage he sent, artblocks.events (the official website of the scammer), and I knew that this was not the real official website of artblocks.
But I think that recently many overseas projects like to use non-mainstream domain names such as .xyz and .art. Will the artblocks official website create a new commemorative domain name to commemorate this event? (My imagination...)
Start casting
Twitter said that 90% of generative art has been minted, I feel that the speed of mint is going to speed up.
Billy's tweet created a FOMO mood, and the project team should learn from his marketing methods. I didn’t expect that as an old leek, I would fall for it.
I chose a wallet that was convenient for me and went directly to mint, because my wallet didn’t have any assets, so it didn’t matter if it was stolen.
But at that time, I could have used a new wallet to interact, just because I was lazy.
Then I went to mint, and there was only 0.156 ETH in it, and I had to transfer all of it during the interaction. I clicked Cancel first and then tried again to make sure I transferred all the money in my wallet.
The gas at that time was very low and there was no need for that much at all. I felt something was wrong, but I still chose mint. Because if you give it a try, your bicycle will turn into a motorcycle. Losing 0.156 ETH is not much.
The contract address currently being interacted with has been marked as a scam.
After casting, nothing is gained. I searched for the keyword "Billy" on Twitter and found that some tweets said that "Billy's" tweets were stolen, so please don't click on the links he posted.
By this point I was absolutely convinced that I had just been scammed. Because there is nothing valuable in my Ethereum wallet, I don’t care about it. Still happily went to Hong Kong for New Year’s Eve.
Found the money was gone
I just remembered that there was some Dimo in my wallet, and when I checked the balance, it showed 0. I refreshed and it was still 0, so I thought it must have been transferred away.
9925 Dimo, worth 5000 US dollars.
The on-chain record of the other party’s operation of my dimo (the other party’s operation)
I checked the blockchain records and found that it was transferred on New Year’s Eve on the 31st. Because I forgot that there was still money in this horseshoe chain, the scammer succeeded.
I went to ask some technical friends for advice.
The technical partner said: "When you interact with this contract, you authorize all the permissions to the contract. Including the permission to withdraw all the balances of the address, they are all given to the contract. This contract does not withdraw your money when you interact. Money. He collects all the addresses of people who have been defrauded for a period of time, and then initiates a centralized withdrawal. The operations are withdrawn together."
If this is the case, I actually had time to transfer the assets, but at that time I thought there were no assets on the wallet chain. Unexpectedly, there was still some money on the horseshoe chain.
The other party's address has been marked as a hacker
I searched for the hacker's currency collection address, but I didn't expect that it had deceived many people. It has been marked as a "hacker address" by major block browsers. This will prevent more people from being deceived.
Summarize
There are too many scams in the Web3 world, and the scam I encountered is mainly one that occurs overseas.
Fraud gangs will steal the Twitter accounts of some KOLs, then close comments and frequently send fraudulent messages.
It is recommended that when you mint some contracts that you are not sure about, you can first ask your technical friends or group friends who understand this topic. This can be circumvented to a certain extent.
Don't be affected by Fomo emotions at ordinary times and keep a calm mind. Even if it is stolen, you should think on the bright side and save money to eliminate disaster. What should come in the future will always come, and keep an optimistic attitude.
The little fox wallet I used this time was stolen mainly because of my mistake in operation. The wallet is very safe. What is unsafe is the improper operation behavior of the users using the wallet. $BTC $ETH
