Sophisticated crypto users have been targeted in a $10 million hack that has left security experts puzzled. According to former CEO of Ethereum wallet manager MyCrypto, Taylor Monahan, over $10.4 million worth of cryptocurrency has been stolen since December from hardware wallets belonging to users who prioritised security.
This suggests that the attack is far more sophisticated than typical phishing scams, and the people who have been hit are experienced crypto users. Monahan said that the security breaches involved the compromise of secret recovery phrases, likely due to unintentionally insecure storage of these phrases.
MetaMask, the popular crypto wallet, confirmed that the “unidentified exploit” has hit users including those using MetaMask. The security team said that the “on-chain behaviour heavily suggests a private key compromise.” The hackers seem to have accessed the private keys of users’ wallets, and then used them to transfer the funds elsewhere.
It is unclear how the hackers obtained access to the secret recovery phrases of the users affected by the breach.
As crypto becomes increasingly mainstream, hackers are targeting experienced and sophisticated crypto users. As noted by Monahan, these users are those who are “more crypto native than most” and “reasonably secure,” suggesting that the attack is particularly worrisome for those who have a deep understanding of crypto security measures.
The hack is also a reminder that even the most sophisticated security measures can be compromised.
Experts suggest that users store their private keys and recovery phrases offline, using hardware wallets or paper wallets, to mitigate the risks of being hacked.
