etherscan.io
This guy's transferring small fractions of eth into seemingly random wallets and then completely draining them of their ethereum but leaving all the other tokens. Any idea what exploit he's using to get into people's wallets, or how to guard against the vulnerability? I can't find any sort of common thread between the cracked wallets
Other urls found in this thread:
etherscan.io
twitter.com
bumpu
bump
He just sent eth to his other wallets to sell UNI
scratch that i can find one commonality and it's the UNI token, all the wallets have had all their UNI swapped for eth before they get drained.
no because one of "his" other wallets was my fuckin wallet lol and all my eth is gone
Give us more details, Sir.
- hardware wallet?
- was there ETH in it before the bot added some?
- Did you try to trade on Uni in the last days?
- OS?
Totally unrelated but I am a fucking noob and I want to claim some tokens from an airdrop. I got the contract address what the fuck do I do?
-no (but im getting one now lmao)
-yes but he didnt add any to mine, im guessing the ones he sends the .1 eth to is gas money for empty wallets with UNI in them
-yes but some of the wallets have been inactive for 30+days, most of them relatively low balance (
what wallet were you using
metamask
lmao wtf did you go on any dodgy websites?
no
plus look at all the different wallets he's hit, it's a lot for it to be a malware attack isnt it?
metamask is fucking unsafe
who the fuck would use a online browser plug in wallet
even worse to trade defi scam tokens for 40 bucks per transaction
He got phished. be more careful next time. When you go to uniswap make god damn sure it's uniswap. Get an adblocker. Get 2 ad blockers. It's fucking 2020
Unlikely. How did the guy phish inactive wallets lmao. This is clearly an exploit of some sort.
i've got adblock and i use the correct address for uniswap lmao. they're leaving sometimes thousands worth of altcoins and just swapping the uni and cleaning out the eth. if it was phishing why not swap everything, and like the other user said how are they getting wallets that haven't been touched recently
It mines Safex for the great uprising of 2021.
Are all ur coins gone or just the eth?
just eth, i had already swapped my uni and spent the eth on other erc20 tokens which werent touched. other wallets are having their uni swapped immediately before the eth is emptied into the bot wallet, but likewise all their other tokens are untouched
check'em also you can check the etherscan link in the op for yourself if you're curious, open a couple of the addresses that the eth is coming in from. uni swapped, eth taken, other coins left
yeah you probably got phished or some shit
Damn, funds are really not safu. But I'm wondering how it could be Metamask's fault. Where you save your private keys/seed?
He is just claiming uni u larping nigg
Where'd*
Still waking up lmao
a piece of paper in my desk drawer
from MY wallet? no.
check the etherscan the first transaction on the wallet was 2 days ago and he's "claimed" 150k usd worth of fuckin uni lol teach me how to do that
Have you connected metamask to ANY sites other than uniswap? List everything you have connected to
what projects, smart contracts have you interacted with in the last 2 months?
It is safe with a hardware wallet only
kye.fi lol that's literally it
phished keys is the most reasonable explanation, the address thats recieving the eth is just an address not a contract.
just get to uniswap.org/swap and hit claim button
First transaction has fake adress id wtf etherscan.io
How is it possible to drain the metamask wallets without notifying their respective users to approve the transaction, and then to approve the swap?
nothing really that far out there. xmm, pnk, undb, kye, uni. some dumb trades and memecoins but nothing abhorrently sketchy
i'll post caps of the most recent 5, the bots claiming uni on untouched wallets approving it swapping it and transferring the eth balance
just an owner of multiple wallets user, post your wallet let's laugh at you
Anyone know something about this? Can you post it on reddit or somewhere where people might figure it out?