MetaMask Wallet Hacked for $10k by Deceptive Discord Member

August 20, 2021, 11:30 AM AEST - 1 month ago

Dallas2626 posted a sad but not uncommon story on Reddit this week about how he lost US$10,000 from his MetaMask wallet from a scammer in Discord using the fake WalletConnect app.

Rule#1 in crypto: Never ever give out your private key or seed phrase or enter it to connect to a website or App that you don’t recognise.

Rule #2 in crypto: If someone messages you directly offering to “help” you, be warned – they are more than likely a scammer.

Rule #3 in crypto: Always double- and triple-check that the website (or app) you are on is legitimate by cross-checking the URL (or any addresses you are importing) and compare it to the project’s official channels – website, Medium, Twitter, or Telegram.

If you need a #4: Don’t trade crypto on your phone!

For poor Dallas2626 it is too late, but sharing his story will hopefully help others dodge a bullet next time a scammer strikes.

Here’s a common scenario: you’re a crypto noob who invests in a project that you don’t fully understand. Looking for help, you go to the official group chat on Discord or Telegram to ask some questions. You might post something like: “Hey, can anyone please help me, I am new at this, how can I unstake my XYZ Tokens so they appear back in my MetaMask wallet?” A scammer who is trawling through these group chats all day every day, looking for victims, sees the perfect opportunity ripe for the taking.

The scammer sends you a message, which appears to be legit because they have even gone to the trouble of adding Admin or Help Desk to their name, details that help your brain overlook the first red-flag warning sign – they have direct-messaged you first.

Because you are so focused on fixing your problem, you thank them for helping you and let them lead you step-by-step down the path where you send them all your crypto. This usually involves you visiting some URL link they have sent you and/or entering your seed phrase or private key into a dodgy app or website that looks similar to the real thing (often with the same logos and graphic design, etc) except it’s not the official project, it’s a scam. It’s over so fast that before you realise what’s happened your wallet is empty and your crypto is gone.

Screenshot posted on Reddit: Dallas2626 and The Scammer

Do Not Give Anyone Your Private Keys

Scammers like the one who ensnared Dallas2026 often use the fake WalletConnect app. WalletConnect scams are everywhere. There is even a fake app in the Google Play store using the real WalletConnect logo. Some scam sites even have big red warnings, as the real WalletConnect site does.

WalletConnect Scam Warning

WalletConnect does not have a support team, so anyone contacting you purporting to be from WalletConnect is by definition a scammer. If you need to report a scammer site, WalletConnect has a Report Phishing Page where you can report a scam site URL to be blacklisted.

Watch the Crypto Wallet Scams – Fake WalletConnect Scam video below to further educate yourself.

If you have been scammed, you can try contacting Reclaim Crypto from the official WalletConnect website. With all the scams around WalletConnect though, honestly it could be better to just use MetaMask, which is quite a popular choice for crypto. Stay safe crypto kids!

For more on other types of crypto attacks, Crypto News Australia recently reported on “The Dusting Attack”.

Disclaimer: The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.