Follow-up on Hacks

Moving Duende($DUENDE), Koolpeace ($KOOL), and 한국어($한국어) to fresh new addresses.

Requested a flag on developer addresses to Etherscan, Polygonscan, and BSCscan.

I’m Julian Moon, the founder of Koolpeace: The Korean Metaverse”. There has been a compromise on our wallet seedphrase or private key and 7,398.001122 USDC has been sent without our permission. The compromised USDC is escaping from here 1 (https://polygonscan.com/tx/0x0bde4f3c5c24e1030c91515cbcbacca99519457e34596df486b693156de65547) to here 2 (https://polygonscan.com/tx/0x15a62134460eb5435a2a2ab8cef5db90c21470ffafa36b8f1b300f0c96afaa0b) to here 3 (https://polygonscan.com/tx/0x50a0b9d6535825687451e4672def9e5c25284162c6a542d54b8bd7c3433654d4).

As such, I would like to request a flag on developers addresses of each token Koolpeace($KOOL, 0xCB4e4c310Eaa4C4f6dA9D0543053C371A6A488A2) and Duende($DUENDE, 0xEE5F7F36b71519a7D198f0714F134e2938a1617d) to prevent further misuse and scams. The addresses for the token (contract)s themselves should remain as not flagged.

Hardware Wallet Candidates:

1. D’CENT Biometric Wallet (either PIN or fingerprint)
2. Trezor Model One (PIN up to 50 digits)
3. Ledger Nano S Plus (PIN)
4. Lattice1 (a card fingerprint possible to have a back-up card)

The best would be a combination of biometric and PIN authentication without writing down the passphrase on paper.

Email from MetaMask support:

Hello,

Thank you for that information. Unfortunately the method you have used to store your Secret Recovery Phrase is unsafe and prone to being skimmed/lifted by spyware or skimming tools. Your emails data backup will be on an external server and this means it is open for compromise.

Spyware and or skimming tools are used to lift sensitive information such as Secret Recovery Phrases from things like notepads, email address and other seemingly “secure” personal data caches.

This is the most likely way your Secret Recovery Phrase was stolen and how your wallet was compromised, leading to the theft of your funds.

I am aware that proton mail claims that they have encrypted email, but I wouldn’t use that as a guarantee, it is highly likely a staff member or someone who monitors their email traffic has a script that can skim this information from emails.

Unfortunately, blockchain transactions are not reversible and we cannot restore/reverse any transactions.

The reason funds can’t be returned is because of the way the blockchain works. Blockchain and cryptocurrencies, are not like Banks and fiat money.

In a banking network, banks have complete control over their network, and if anything goes wrong i.e. theft etc they can usually locate, isolate and stop the theft from occurring or speak with their partner banks and have the stolen money intercepted at that banks end.

This is not possible with blockchain, because no one has control over the network, the network is decentralized, meaning no party has control, and everyone can interact and participate in the network without third party interference.

Blockchain is also set up so that, once a transaction takes place, the transaction is recorded in a block as “confirmed” once this transaction has been confirmed and executed, it cannot be undone, it is not possible to roll the blockchain backwards, this would destroy confidence, decentralization and wipe peoples transactions and trades in any blocks that occurred after the event you are trying to roll back.

The next best thing to do now is to discard the wallet in question, create a new wallet on a secure device after reinstalling the MetaMask app from our official website (https://metamask.io/) and transfer any remaining funds into the new wallet.

If you still have funds or NFTs tied to the compromised account that you cannot transfer out, please navigate to this form for further assistance: https://whitehat.flashbots.net/

*Please note that even if you managed to disable external access to your wallet, your address has been already exposed and it will most probably be targeted further for phishing attacks.

Going forward, I recommend doing these two things:
1 — Flag the address that stole the funds on the blockchain explorer (Instructions: https://metamask.zendesk.com/hc/en-us/articles/4415323627803)
2 — Get in touch with a company that provides cyber investigation services and ask them to investigate and give you more insight about what can be done.

Note: MetaMask is a non-custodial crypto wallet. It gives you complete control of your keys and therefore your funds. A non-custodial wallet eliminates the third party between you and your crypto, which is more suitable for some people.

If you would like to pursue an investigation in regards to your stolen assets, we can refer you to our investigative partners who can work with you to track and trace your funds/assets. Please let us know if you would like to pursue this option by replying to this email and confirming.*

*Please note that by choosing to be contacted by our investigative partners you agree to MetaMask sharing your email address with them

Best regards,
Axel | Support @ MetaMask 🦊 | Consensys
Never share your seed phrase with anyone, including me.

Make sure you have your Secret Recovery Phrase written down and stored someplace safe.

Julian