GoPlus "Web3 Ghost Story" Episode 1 | After 14 days of horror, how did he recover more than 20 stolen ETH?

Original title: "GoPlus "Web3 Ghost Stories" First Space Text Recap"

Original source: GoPlus

Column introduction:

GoPlus "Web3 Ghost Stories" is a chat column, each issue shares a "ghost story" of Web3 asset theft, and by unraveling the details of the story, the audience will have a deeper understanding of the ghosts and monsters in the Web3 world, so as to dispel the mystery and successfully avoid similar risks in the story.

Space Theme: 14 Days of Horror! What made the people of Panama finally return the more than 20 ETH that was stolen from me?

Moderator:

GoPlus Chinese Community: Asking questions on behalf of Web3 "Newbie".

Speaker:

· Brother Bao: Ghost story sharer, Web3 entrepreneur, 8-year Web3 veteran

· Isabel Shi: Bitrace CEO

· Box: Security expert

· Information capturer: Well-known KOL

· Biubiu: Well-known KOL

· GoPlus Fang Tou Zai

The twists and turns of Brother Bao’s wallet being stolen

More than a month ago, hacker A pretended to be an investment manager of a Web3 investment company. With the introduction of Brother Bao’s friend, he found Brother Bao and expressed his intention to invest in Brother Bao’s entrepreneurial project. So the two agreed to have an online meeting for in-depth communication. Hacker A made an appointment for the meeting on Brother Bao’s Calendly (a commonly used Web3 meeting appointment software). However, on the day of the meeting, Hacker A But he said he couldn't enter the meeting room, and gave me a meeting link with his company's domain name, inviting me to the meeting. I clicked the link without thinking too much. As a Web3 veteran, I immediately realized that the situation was not good, so I quickly disconnected from the Internet and transferred the assets in more than 40 wallets on my computer one by one, which took a total of 12 hours.

Just when I felt exhausted and thought I had defeated hacker A, I found that there was still a sum of money in a defi protocol, but the protocol no longer allowed it to be withdrawn, so I went to the official discord of the protocol to seek help, where I met hacker B.

Hacker B saw the help message sent by Brother Bao in the group, pretended to be a customer service DM Brother Bao, and took away the private key of the wallet in the name of helping him withdraw money. After realizing that he was deceived, Brother Bao immediately contacted GoPlus for help. GoPlus immediately contacted its security partner Bitrace, and with the help of everyone, started the rescue operation of more than 20 stolen ETH.

After discovering through the chain information that the hacker transferred the assets to an exchange, the security company immediately helped Brother Bao contact the exchange to freeze them, and at the same time provided the necessary information and evidence to help Brother Bao file a case with the police in many places. Brother Bao tried to send an email to the email address provided by the exchange, informing him that he had obtained the police's filing documents and warning the other party to return them as soon as possible. Fortunately, the other party was a token exchange service found by the hacker. When he learned that it was stolen money, he returned it in full.

So far, Brother Bao has successfully recovered most of the stolen assets, and the ghost story has a happy ending.

Sharing wonderful dialogues

Hacker A incident

Brother Bao:Afterwards, I thought about it and realized that this phishing was aimed at me. They investigated my identity information in advance and deliberately designed such an image of a Silicon Valley investor to approach my friends first, but the target was always me.

In fact, many people will encounter similar phishing. Hackers will provide you with various links for various reasons to induce you to click.

Host:We have also encountered similar situations. Someone claimed to be a reporter from Coindesk and sent us a private message in the background of X to cooperate. But after all, we are in the security field and our operations staff are also experienced, so we did not fall for it in the end.

Isabel Shi:Criminals in Web3 are now very well prepared in the early stages and no longer cast a wide net like before. They will study the interpersonal networks such as the circle of friends of "big customers" and make traps that only target the target objects. For example, in a case we encountered, the victim just clicked on an article about his competitor in the industry, and his tg was stolen. Then the criminals logged into his tg, contacted the finance of his company, and asked to transfer money to a wallet. The finance realized something was wrong and asked for voice communication, but the criminals used AI to imitate the victim's voice and deceived the finance again, and finally lost 10 million US dollars.

GoPlus Fang Tou Zai:This is terrible. Since the birth of AI, personalized attacks like this have appeared in tg. We used to have an investor who would often communicate with me about security issues. One day he found me again to communicate about security issues and provided me with a link to a security incident. During the communication process, he was the same as usual, but in fact his tg had been stolen, and the one communicating with me was a hacker.

Hacker B incident

Brother Bao:I hope everyone can remember one point about the private key being swindled away by hacker B. Afterwards, I felt that I would never click on this phishing link even if it happened 100 times, but I was extremely tired at the time, and the momentary crash of my brain made the situation irreversible.

Box:I think phishing is very common in the DC group. Some time ago, a mod in the ENA DC group was stolen. A phishing link was sent, and one of my friends clicked on the phishing link without thinking too much, and was stolen. This is not the first mod to be stolen in the currency circle, and everyone still needs to pay more attention.

GoPlus Fang Tou Zi:I think Brother Bao’s incident sounded the alarm for us, that is, these criminals have appeared in every link. They have different phishing methods in every link. I hope users can stay calm and be vigilant in every link.

Happy Ending

IsabelShi：In fact, many victims do not have the awareness of Brother Bao, and will not immediately find that they have been robbed. Even if they find that they have been robbed, they do not understand why they have been robbed. Therefore, when we help users recover stolen assets, the first step is often to help them recall the reason for the theft. In addition, when communicating with local law enforcement agencies, you also need to present the full picture of the incident on paper, so you must be able to restore the process of theft and the flow path of funds. The monitoring of funds must be fast, because hackers will not let funds stay in one place for too long, they need to clean and cash out funds as soon as possible. This is the most critical node for us to help victims intercept and recover funds. When funds enter a place that can be intercepted, we must act in time to stop the money.

So when money is stolen, for the victim, the first thing is to sort out the ins and outs of the matter; the second is to find the local law enforcement agency, report the case and file a case as soon as possible; the third is to closely monitor the flow of your own funds.

Brother Bao:There is still a big difference between the FBI and domestic case filing. You only need to fill out a form and it will be accepted for you. There will be no situation where it is not accepted in China. I later reviewed it and found that this is still very important. It delayed a lot of time for me to let the domestic police handle my case. The FBI's case filing documents helped me get the exchange to extend the freeze of the stolen funds for 14 days. Later, I took the mainland's case filing documents and froze them for a longer time. The FBI also has a special economic investigation department to handle virtual asset cases, so the FBI has the ability to solve cases. So the United States has a very complete processing capability, but their processing speed is extremely slow, so slow that my money has been recovered, and the FBI has not yet taken any substantial investigation actions.

GoPlus Fang Tou Zai:Here I want to remind everyone that Brother Bao's ability to recover assets depends a lot on luck. If the money is stolen, it is a very passive thing. Once a link is broken in the process, the money will most likely not be recovered. There are several important points. The first is to be able to get the link of the funds and the information of the attacker, etc.; the second is to be able to get the FBI documents and freeze the money in the exchange account.

Side Story / Tragic Story

Information Capture:I posted a tweet some time ago, telling the story of a close friend of mine being stolen. This protagonist is my college classmate and also my good friend in real life since I entered the circle. After graduation, he opened an e-commerce company with two friends. Unfortunately, two months ago, the company went bankrupt, and the other two partners cheated him and took away the money. He paid off the loan to start the company, and the last money was only a few hundred Solana in his wallet. He created a new wallet and put all the money in it. One morning, he found that all the money in his wallet had been stolen by hackers.

He sent me a message saying: My wallet was stolen, remember to burn paper for me at this time next year. The next day, he really jumped off the building.

The hundreds of Solana became the last straw that broke the camel's back.

Host:Hearing this story, I feel that our "Web3 Ghost Stories" column is very meaningful. By sharing each story, we can let everyone know how to be careful about asset theft and how to save assets after theft, and maybe we can really save a life.

GoPlus Fang Tou Zai:GoPlus has helped many Web3 users, most of whom are in their 40s and 50s and don't know much about the market. In the end, all their assets were stolen, and some of them were even their own retirement funds. In the end, they could only rely on a few credit cards to make ends meet. This is one of the reasons why we have been insisting on walking on the road of Web3 user security, hoping to help more ordinary users.

Original link

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群： https://t.me/theblockbeats

Telegram 交流群： https://t.me/BlockBeats_App

Twitter 官方账号： https://twitter.com/BlockBeatsAsia