A veteran Web3 user shared their experience of losing over $10,000 due to a complex phishing scam, revealing the ever-evolving tactics of cybercriminals. This article details the incident, analyzes recent industry security events, and provides practical advice for protecting crypto assets.
I fell for it again, and this time it was a big one—five wallets were completely drained, worth over $10,000. Let me share my theft experience to remind everyone.
On February 12, a fan privately messaged me claiming to be a staff member of a certain project, wanting me to be their KOL. On February 13, after adding contact information and a brief introduction, they sent me their project details. I checked their official website and the price of their token, and thought it looked good. Later, they said they needed to explain the cooperation model from the market and finance side, gave me a Zoom meeting link, and suggested I log in from a computer for a better view of the presentation. I opened the link, and it was indeed a Zoom meeting link, which then automatically downloaded an installation package. I tried to install it but was unsuccessful. I told them I couldn't install it, and they told me to try again, saying their staff would be in the room for the next three hours.
Yes, they were indeed in the room, but not in a meeting—instead, they were stealing. I only realized this a few days later. We ended the call at 5:58 PM, and afterward, my computer was hacked. They took control of my computer, and my wallets started transferring funds wildly. I had five plugin wallets used for project interactions and recording courses, which, while not involving core assets, had a total value exceeding $10,000.
After hearing this, everyone might think I'm too foolish, but in reality, I was quite cautious. As a veteran with six to seven years of experience, I've encountered almost every pitfall in Web3—phishing websites, malicious authorizations, multi-signature wallet scams, airdrop link scams, etc. It's truly hard to guard against. Especially now, scams are not just technical deceptions; they also incorporate psychology and social engineering. For example, in the Bybit theft incident on February 21, without social engineering tactics, how could internal personnel be induced to sign off on malicious transactions, leading to the alteration of the cold wallet's smart contract logic and the theft of $1.46 billion, making it the largest theft incident in the crypto space to date?
I shared the news of my theft in our investment research group, and some colleagues working at exchanges reported similar experiences. Some employees, tempted by high salaries from hackers, added the other party on Telegram and unwittingly downloaded phishing software, resulting in their computers being hacked. Although it didn't cause actual losses, they were still dismissed. Another employee, after following a certain KOL on Twitter, fell victim to hackers who used that KOL's avatar, nickname, and username to post phishing links under tweets. When the employee clicked the phishing link, they were warned that their Telegram version had issues, leading them to download malicious software. After the malicious program ran, their computer was scanned, and data such as wallet information, computer passwords, browser passwords, cookies, plugin information, and some local files were stolen.
From February 17 to February 23, there were 24 recorded industry-related security incidents, with a known total loss amount of approximately $1.839 billion, with Bybit accounting for the largest loss of $1.46 billion. The commonality among these incidents is the strong concealment of hacker organizations, their clear targets, and their long-term infiltration, making defense extremely challenging. Hacker organizations often disguise themselves as recruiting HR, project partners, or part-time publishers on social media platforms like LinkedIn, Telegram, and Twitter, luring victims with promises of benefits, sending fake meeting links, code projects, debugging documents, etc. Recently, fake meeting links have surged, aiming to obtain camera permissions, microphone permissions, or citing application errors to guide victims into installing malicious programs or executing malicious commands. This allows them to gain access to victims' terminal permissions and data, ultimately infiltrating companies or individuals to steal assets.
After all this, to put it into practice, I have two heartfelt suggestions: First, ensure wallet isolation; do not interact with core asset wallets, only use them for transfers. For commonly used interactive wallets, do not store too much money—just enough to meet basic needs. Second, do not click on links casually; remind yourself that any link could be a phishing link, and always double-check. By following these two points, you can essentially prevent 99% of scams.
Alright, that's enough for now; I need to reinstall my computer. Lastly, I send my blessings to the hackers—they are also a part of the ecosystem. Their existence helps the industry recognize its shortcomings and progress quickly.
Welcome to join the community
Welcome to the community WeChat: BQ221858
Welcome to follow Weibo: @QuarkMing202
Welcome to follow Twitter: @xian202766693