An unidentified hacker has reportedly stolen $10 million worth of Ethereum cryptocurrency, leaving no trace behind. The shocking theft has left the blockchain community questioning the security of digital currencies and seeking answers as to how such a hack could occur without detection. With investigations ongoing, concerns over the vulnerability of the cryptocurrency market only continue to grow.
Sophisticated crypto users have become the target of a $10 million heist that has left security experts struggling to identify the culprits. According to Taylor Monahan, the former CEO and founder of Ethereum wallet manager MyCrypto, over 5,000 ETH has been stolen since December from hardware wallets of users who prioritized security. As of today, the stolen cryptocurrency is valued at over $10.4 million. Monahan, who joined MetaMask after MyCrypto was acquired by ConsenSys, said that even experienced crypto investors have suffered losses in what she described as “a massive wallet draining operation.”
The attack is sophisticated, and even seasoned crypto investors have fallen victim to it. In other words, these aren’t crypto newbies clicking on obvious phishing links that are being drained. According to Monahan, “no one knows how” the attack was executed, and investigations suggest that the private key compromise is the likely culprit. Private keys are used by crypto users to access their funds stored in a wallet, be it digital or physical, and authorize transactions.
The security team behind MetaMask, the popular crypto wallet, has said that the “unidentified exploit” hit crypto users “including, but not limited to, MetaMask users.” Investigations suggest that the attack vector points towards the secret recovery phrases of these users being compromised due to unintentionally insecure storage. The team advised users not to store private keys anywhere online or on any internet-enabled device to protect their funds.
Monahan’s best advice to crypto investors is not to keep all their assets in a single key or secret phrase for years. She added that the attack targeted funds held on wallets created from 2014-2022, and it’s possible that someone accumulated a massive cache of data years ago, and they are methodically draining keys as they parse them from the treasure trove. Despite this, no one has yet been able to identify the source of the compromise.
To protect your crypto assets, it’s advisable to take all necessary precautions to safeguard your private keys. If you ever realize that you cannot remember if you’ve been 100% diligent with your wallet keys, consider creating a new wallet. Stay informed about the latest crypto news and developments to avoid falling victim to such attacks.