Original source: @daggllo
7.8WU was stolen. It was painful and difficult. The reason was that I used the browser of OneKey desktop to link the syn cross-chain bridge, but there was one less letter when jumping. The link was copied from Google Chrome. It was normal in Google Chrome, but it became a scam address when it came to OneKey. There are three possibilities: 1: I copied one less. 2: The edited version was modified. 3: After going to the desktop, OneKey automatically jumped to the phishing website without any prompt. The time was around 6:20 on June 13, 2024. But it’s no use to worry about it.
Then I checked the information on the chain and found https://blastscan.io/tx/0x875e8ea5461b358ea6a42b6c9ba71957ad5033c0920779f3b96fda2e63747443… ( the blockchain link of the stolen coins)
0x7caaf61ed4df0c7f89e78296ef1a5e60735065e5 (hacker address 1) 66519usdb
0xF7c05DB7485e5c707335BD55517A8661d3Ef5D46 (hacker address 2) 11738usdb
The following information is obtained through address 1:
Deposit to gate address 0xd564c053d3f3c8e25f2e41b7d284eab622fafd05 (https://etherscan.io/tx/0x45ad0ee9fe20e6a26328edfa16779deab100db046ed9c75e8da99ecda04c67d6)
Deposit to gate address 0x075f9b47ccdd1e87493943452bc56674fdeb4d39 (https://etherscan.io/tx/0xf11b0e0c7797368f8b4fee50811df9473fc08a94b0a2e26410315cf8b174ef81)
The following information is obtained through address 2:
Currently, the funds have not been transferred out and the only way to find the associated address is through tracing, but some information has also been found.
https://etherscan.io/tx/0x0a5aea794850a78f0faa395670e4b7594cf4f682018a40d9eeb9df7cb5c3d47f (gas recharged to hacker address 2)
0x000099b4a4d3ceb370d3a8a6235d24e07a8c0000 (gas source address of hacker address 2)
https://etherscan.io/tx/0x03c41f8a30560714083cc6bd3b37bce91727b352dde7bea86e0bc47ab81d794d (The gas source address of hacker address 2 was finally reached through the cross-chain bridge
biance (0xa3cf57f1fae61b39909f96c31453690187e4e339)
okx (0xad38c90836a2b9f0495804701f473b96b8639ee1)
gate(0xeb01f8cdae433e7b55023ff0b2da44c4c712dce2)
coinbase (0x1194d94e5192479523c3f746a12e05f57008a8c3)
They are all hundreds of thousands of U and the addresses have existed for more than a year, except for coninbase which has existed for more than 100 days. But when I contacted the customer service of biance and gate with the information I found slowly, it was useless. They all needed the police to contact them and if they needed to freeze the funds, they needed to issue a judicial freezing order before they could execute it, otherwise the platform would just pretend nothing happened. You should know that it is extremely difficult to find the police in China to file a case if virtual currency is stolen, not to mention issuing a judicial freezing order. I ran around for a day before I found out that there is a lack of such a thing in China. At first, the police thought I was lying to him, but after looking at my phone, they were half-believing and half-doubting, but finally sent me to another police station. I came to the local criminal investigation network police department at 4 pm after tossing and turning. The network police told me directly that they could not find the platform to freeze the funds and could only retrieve the evidence (they also showed me the previous virtual currency case records. Gate was the worst and could withdraw the funds even without KYC. Biance was the least efficient and usually had to reply to an email once a month, and they also showed me the email records). At this point, I thought it was hopeless. But what if the wallet of the platform’s own people was stolen? They would definitely freeze and investigate without hesitation. This is the pain of the blockchain people. For four years, on-chain operations have been like walking on thin ice , but mistakes are still made. Maybe it’s because I got up too early and didn’t sleep well, or I was too anxious to connect to the dapp. I think this happens every day, and retail investors are stolen every day, but we really have no way to deal with it after it happens.
