When I opened up my wallet yesterday, for the first time in a couple weeks, I noticed my wallet was drained of most of its funds. It wasn’t just my Solana wallet either, my Avalanche and Ethereum wallets on Metamask were drained as well. I stored my private keys in lastpass which I think is how the attacker got them given the LastPass security breach at the end of 2022, but I’m not ruling out some keylogging malware. What steps do people recommend I take next?
I’m looking for multiple private investigators to help me track down the funds, I’m filing a police report, and I’ve moved all remaining funds to my Solana Saga phone and am buying some backup hardware wallets. I’ll never store backup seed phrases digitally ever again.
You can see the tx here on October 29th where the attacker transferred my funds out
WKwhuEHbGcoGi2TBw628wEBg2cdgpncZ9qqqZDczLUKgLV478uKSu3bMveTzg9g6yTCK54jKefe5dboRmMEadxD
They eventually land in this address
5ndLnEYqSFiA5yUFHo6LVZ1eWc6Rhh11K5CfJNkoHEPs
which could be some app or maybe the attacker is congregating all stolen funds there. Not sure.
I’ve been in the space since 2016 and it’s tough to lose everything like this after all I’ve already gone through. I thought I was safe by using lastpass but I guess not. My master password was used for quite a few other accounts I have so I guess all that needed to happen was me entering it into a malicious form just once by accident. Screw passwords I wish the whole world was all on hardware / biometric keys by now. In total the attacker took about $30k USD worth of tokens from me.
Unless that address used / deposited into a CEX and from there you contact the CEX’s department, file an official complaint in your country (Cyber crime), you can’t actually get the money back.
So sorry for your loss, this is the dark / bad side of crypto.