Post-Mortem Analysis On How I Lost My Crypto
I already wrote about it, but that was only a little spoiler as the thing was still too fresh. As you know... 2024 didn't started good for PVM, who's wallet got hacked twice and lost his crypto. Yes crypto bro.... PVM got "hacked" not once but twice!
They say you're not a true degen if you don't get scammed or hacked one in your lifetime, and to be honest... I managed to stay safe since 2015! I always been extra careful with the links I use, or with emails I open... but this time couldn't be avoided.
I still think if it was anything I could have done different and the outcome to be less heart-breaking ... but this time it wasn't me being caught off guard. This hack had a lot of "pedal power" and stole my Optimism... literally!
As Uthred of Bebbanburg often said... Destiny is all! Maybe destiny wanted me to lose my big bag of crypto! I've got drained of $POOL, $OP, $ACX and all USDC! Total losses at current prices is above $35,000 and the issue is that the value will get bigger when the bull run will start!
Let's start with the post-mortem analysis and with an explanation of what happened! The first time I was drained of $ACX and $OP on Optimism and the staked GMX on Arbitrum, which makes it weird! I got drained on two chains at the same time, which makes it scary!
How it started? I used Velodrome to swap $ACX to USDC, and completed three swaps. Swapped exactly 1500 ACX each time as that was the allowance I approved and two of the swaps completed without any issues. The third one failed but I didn't though that was suspicious.
I sent the USDC from the two swaps to Crypto.Com and was no issue ... until I checked the transactions. It was then when I discovered the extent of the failed swap, and that the allowance for the tokens was set to maximum! My stash of $ACX and $OP got drained! Boom... $8,000 worth of crypto gone!
I opened a ticket with Velodrome support on 19th of December 2023 and got an answer on the 3rd of January 2024. Took them two weeks to tell me that is "less likely to be after the interaction with Velo".
That long delayed answer came after I was drained the second time, suspiciously enough after interacting again with Velodrome, and after I asked for answers on the general chat. The feedback was rude and lacked empathy, saying it didn't happen after interacting with the official UI. Let me tell you something... all my links are bookmarked and the protocols I constantly use are always open. It was after using the official UI.
On Arbitrum I lost all my staked GMX, and the bonus I've build since 2022. It was painful to see how one year of hard work was gone so quick. What makes it terrifying is that the GMX was staked and the drainer got it out without effort, then sent everything to a ghost wallet.
The Cryptoverse was always a scary place, the OGs will remember the Ethereum Dark Forest term and some of the big hacks that happened throughout the history... but this touched home. Lost almost everything in 2022, with Celsius, Luna, FTX, Infinity Skies, Holdnaut and some other shady projects... and now it happened again!
Wasn't happy with the answer or the support my ticket received and asked Metamask crypto savvy people for an opinion. They investigated the issue and the support team said it was very likely that the drainer was approved in that 3rd swap that failed.
That transaction led to a chain of transactions that took place while I was doing other transactions, when I was thinking I approve something but bad stuff was happening in the background. Basically the execution of the swap got reverted and the drainer started to pick and chose the most valuable assets I had.
They said that nasty stuff could still be in the Velodrome code, after the two hacks and attacks over their UI. Well... yes... Velodrome was attacked twice in a month and they still got away with it. They even said that "the other people that got hacked by that drainer didn't interacted with Velodrome". Wait a minute bro... more people got hacked?
What doesn't kill you make you stronger! That's totally fake... what doesn't kill you makes you cripple and paranoid. The only consolation was that I didn't lost it all! This drain could have been worst!
From my general knowledge, and from the answers I've got from others, a drainer tool can be deployed on more than one smart-contract . I was disappointed by Velodrome's lack of support and I wanted to withdraw the ACX - ETH LP I had in there.
And once again... I got drained! How can I explain the feeling you have when you see that you got robbed of you hard work? Maybe an image can share more vibes? A heatwave goes to your body, you refuse to believe that it happen, and you hope it was only a bad dream!
I wanted to move any remaining crypto, and start fresh with a new wallet. I started with claiming the earned $VELO, then silly enough decided to lock it for one year. I wanted to forget about it, and leave it dormant with the other chuck of $VELO I already locked in the past.
Done a handful of transactions and got drained again! Boom... all my USDC was gone, along with the $POOL. Nearly $20,000 of USDC and 3000 $POOL tokens were lost on the 2nd of January! The drainer took the USDC I had staked on PoolTogether and probably is winning prizes now!
Is it just a coincidence that both drains happened after using Velodrome or is their UI still infected? Happy new year! Time to touch some grass and keep telling myself that loosing $35,000 is not that bad!
Life goes on! There's no rest for the wicked! My new year resolution was to earn $35,000 worth of crypto... by October! Did I set an impossible goal? Time will tell... but I didn't come so far just to come so far! It's game on!
UMA Ambassador/ Across Committee/ Horizen Ambassador
Bookmark the Blockchain: Structured Research Meets Community Wisdom
Dyored.com: Track, research and bookmark crypto projects in-depth, stay updated on market dynamics, and connect with a community dedicated to making safer, more informed decisions in the crypto world
0 comments