After connecting to the hotel's public WiFi, my wallet was completely emptied.

"I shouldn't connect to the hotel's public Wi-Fi; I should use my phone's hotspot instead."

Author: The Smart Ape

Compiled by: Luffy, Foresight News

A few days ago, my family and I stayed at a luxury hotel for three days to celebrate the year-end holiday. But the day after we checked out, my cryptocurrency wallet was completely emptied. I was completely baffled; I hadn't clicked on any phishing links or signed any malicious transactions.

I spent several hours investigating and even hired an expert to help me finally figure out the whole story of the theft. It all started with the hotel's public Wi-Fi, a brief phone call, and a series of stupid mistakes I made.

Like most cryptocurrency enthusiasts, even when staying in a hotel with my family, I brought my laptop, intending to handle some work in my spare time. My wife repeatedly told me to completely put aside work for those three days, and looking back now, I really should have listened to her.

So, like everyone else, I connected to the hotel's public Wi-Fi. This network required no password; access was granted simply through a mandatory authentication portal.

I handled my work as usual, without doing anything risky: I didn't create a new wallet, click on any unfamiliar links, or use any suspicious decentralized applications (dApps). I just browsed social media platforms like X, checked my wallet balance, and checked Discord and Telegram.

Just then, I received a call from a friend in the cryptocurrency field. We talked about market conditions, Bitcoin, and some recent developments in the cryptocurrency industry.

Little did I know that someone nearby was eavesdropping on our conversation and immediately realized I worked in the cryptocurrency industry. That was my first mistake. This person not only recognized that I was using a Phantom wallet but also deduced that I held a considerable amount of tokens.

That's why I became his target.

Public Wi-Fi is characterized by all devices sharing the same network, making devices far more visible than you might imagine, with no real security isolation between users. This provides hackers with an opportunity to launch man-in-the-middle attacks. In this attack model, a hacker lurks between you and the internet, much like someone secretly opening and altering a letter before it reaches you.

While browsing the web on the hotel's Wi-Fi, I discovered that one website appeared to load normally, but malicious code had been injected into it. I was completely unaware of it at the time. If I had installed some security tools beforehand, I might have noticed the anomaly, but I didn't.

Normally, some websites will ask users to sign certain content using their wallets. In this case, Phantom Wallet will pop up a prompt window for the user to confirm approval or rejection. Usually, users will directly confirm authorization based on their trust in the website and browser. But that day, I really shouldn't have done that.

I was performing a token exchange on the decentralized exchange Jupiter Exchange when malicious code tampered with the process, popping up a wallet authorization request instead of the exchange instruction I was supposed to execute. Actually, I could have easily detected the malicious request by carefully checking the transaction details, but because I was genuinely operating on the Jupiter platform, I didn't suspect anything.

What I signed that day was not an asset transfer transaction at all, but a power of attorney agreement.

This is why wallet thefts often happen several days later.

That malicious code was cunning; it didn't directly ask me to transfer the platform's SOL token, as that would be too obvious. Instead, it popped up requests with vague wording like "Authorize Access," "Approve Account Permissions," or "Confirm Session."

To put it simply, I essentially authorized another unfamiliar address to perform operations on my behalf.

I approved the request because I assumed it was a normal procedure required for the Jupiter platform. The Phantom Wallet's pop-up message was entirely technical; it didn't display any transfer amount or indicate that it was an instant transfer.

At this point, the hacker had all the necessary conditions to steal my assets. He waited until I left the hotel before transferring the SOL, various tokens, and all non-fungible tokens (NFTs) from my wallet.

I never imagined something like this would happen to me. Fortunately, this wallet wasn't my main wallet; it was just a hot wallet for daily operations, not a long-term storage wallet. Nevertheless, I still made many mistakes, and I believe the main responsibility lies with me.

First, I shouldn't have connected to the hotel's public Wi-Fi; I should have used my phone's mobile hotspot instead.

Secondly, my mistake was being too careless and discussing cryptocurrency in a public place like a hotel, completely ignoring the possibility of others overhearing. My father always warned me never to let outsiders know I was involved in the cryptocurrency field. The consequences could have been much more serious; in reality, some people have been kidnapped or even murdered because of their cryptocurrency holdings.

Another fatal mistake was approving the wallet authorization request without carefully verifying it. Because I assumed the request originated from the Jupiter platform, I failed to thoroughly analyze its details. This serves as a reminder: regardless of the application, you must be extremely vigilant and carefully verify any wallet authorization request. These requests could easily be intercepted and tampered with by hackers, and the initiator might not be the application you initially believed to be.

In the end, I lost about $5,000 from this wallet. Although the situation could have been worse, it still upset me a lot.

Disclaimer: As a blockchain information platform, the articles published on this site represent only the personal views of the authors and guests and do not reflect the position of Web3Caff. The information contained in the articles is for reference only and does not constitute any investment advice or offer. Please comply with the relevant laws and regulations of your country or region.