If you prefer tagalog, please watch the video otherwise read the article below.
In the world of cryptocurrencies, losing money during a bear market can be disheartening. But losing your funds due to a compromised wallet adds insult to injury. Unfortunately, I recently experienced this unfortunate combination. In this blog, I want to share my story and the lessons I learned from losing 60 thousand pesos to a compromised old contract address. Hopefully, my experience can help you avoid similar pitfalls in the future.
Hedging my Investments:
Like many others, I found myself in a crypto bear market where my portfolio was in decline. Aware of the volatility in the crypto market, I decided to hedge my investments and secure my profits by converting them into a stablecoin called BUSD. To execute this strategy, I used a decentralized exchange called Apeswap. Typically, transactions on this platform are fast and straightforward. However, my experience was far from typical.
The Discovery of Compromised Wallet:
After swapping my crypto tokens to BUSD, I expected to see my balance reflected in my Metamask wallet promptly. But to my dismay, the balance did not appear. Concerned, I checked the transaction history and discovered that the funds had been sent to a suspicious contract address named “Fake_Phishing708.” It was then that I realized my wallet had been compromised.
Investigation and Countermeasures:
To confirm the compromise, I conducted a small test transfer of BUSD and, unsurprisingly, it ended up in the “Fake_Phishing708” address. Realizing the severity of the situation, I immediately took action to safeguard my remaining funds.
First, I performed a series of successful transfers of all the tokens still present in my Metamask wallet to a clean, offline wallet address. This step ensured that my assets were secure and out of the reach of the exploiters.
Digging Deeper:
Once my funds were safely transferred, I delved deeper into the “Fake_Phishing708” contract address. My investigation led me to the discovery that it was already identified as a compromised BSCX contract address. Further research revealed that multiple contract addresses had fallen victim to similar compromises. Shockingly, the compromised contract address that affected my wallet belonged to an old and defunct Swap DEX called BSCX, which I had used back in 2021.
The Exploitation:
The reason the compromised contract address posed a significant threat was that all my authorizations associated with BUSD still remained valid. Any BUSD-related transactions I performed would authorize the “Fake_Phishing708” contract address to transfer the funds to the exploiter’s wallet. Essentially, the exploiters had free reign to transfer all my funds to their desired destination.
Identifying Compromised Wallets:
To help others identify if their wallets have been compromised, I recommend checking the transaction history for any unusual activity in the “BEP-20 Token Txns” section for the BSC network. Look for transactions involving addresses labeled with “Fake” or any suspicious tags. If you encounter such a transaction, right-click on the address and open it in a new tab to gather more information. Additionally, it’s advisable to keep an eye out for the specific compromised contract addresses, such as “0x6d8981847eb3cc2234179d0f0e72f6b6b2421a01” and “0x26585626e4a8d4fc409146b47a61790d9008967c” (the address that compromised my wallet). Ancilia’s Twitter thread) provides further information on possible compromised addresses.
Revoking Allowances:
To protect your funds and revoke any authorizations or allowances granted to the compromised contract address, I recommend visiting the website https://revoke.cash. Connect your Metamask wallet to the platform, and you have two options. You can manually search for compromised assets and revoke them individually, or you can directly enter the exploited contract address in the “Search By Authorized Spender Address” field.
In my case, the contract address “0x26585626e4a8d4fc409146b47a61790d9008967c” had unlimited allowance to spend both BSCX and BUSD tokens. This authorization was the reason for the loss of my BUSD tokens. However, it’s important to note that revoking each allowance comes with a cost of approximately USD $0.02. If you have numerous allowances to revoke, the expenses can add up. In such situations, it’s generally more cost-effective to transfer all the assets from the affected wallet address and refrain from using it again.
Minimizing Future Risks:
To prevent or minimize the likelihood of experiencing a similar incident in the future, here are some essential steps to consider:
- Regularly Review Transaction History: Make it a habit to check your transaction history periodically for any unusual or suspicious transactions. By staying vigilant, you can detect potential compromises early on.
- Start with Small Transactions: When engaging in token swaps or transfers, especially to unfamiliar addresses or platforms, begin with small amounts. This approach allows you to test the waters and minimize potential losses in case of an exploit.
- Monitor Authorization and Allowances: Visit https://revoke.cash from time to time to review the assets you have authorized or granted allowances to third-party addresses. Stay informed about potential risks associated with specific contract addresses.
- Diversify Wallets: Consider spreading your assets across different wallet addresses for added security. Utilize hardware wallets like Trezor, Ledger, or Safepal for long-term holdings, while using a Metamask wallet for farming or easy access. Furthermore, connecting different wallets to separate browsers adds an extra layer of protection.
Conclusion:
Experiencing a compromised old contract address that resulted in the loss of 60 thousand pesos was a painful lesson. The combination of a bear market and a compromised wallet added insult to injury. However, through this ordeal, I’ve learned valuable lessons that I hope will help others avoid similar pitfalls.
By regularly reviewing transaction history, starting with small transactions, monitoring authorizations, and diversifying wallet addresses, we can minimize the risks associated with compromised contract addresses. Remember, vigilance and knowledge are essential in the ever-evolving crypto world. Stay informed, stay secure, and protect your hard-earned investments.