When I opened up my wallet yesterday, for the first time in a couple weeks, I noticed my wallet was drained of most of its funds. It wasn’t just my Solana wallet either, my Avalanche and Ethereum wallets on Metamask were drained as well. I stored my private keys in lastpass which I think is how the attacker got them given the LastPass security breach at the end of 2022, but I’m not ruling out some keylogging malware. What steps do people recommend I take next?
I’m looking for multiple private investigators to help me track down the funds, I’m filing a police report, and I’ve moved all remaining funds to my Solana Saga phone and am buying some backup hardware wallets. I’ll never store backup seed phrases digitally ever again.
You can see the tx here on October 29th where the attacker transferred my funds out
WKwhuEHbGcoGi2TBw628wEBg2cdgpncZ9qqqZDczLUKgLV478uKSu3bMveTzg9g6yTCK54jKefe5dboRmMEadxD
They eventually land in this address
5ndLnEYqSFiA5yUFHo6LVZ1eWc6Rhh11K5CfJNkoHEPs
which could be some app or maybe the attacker is congregating all stolen funds there. Not sure.
I’ve been in the space since 2016 and it’s tough to lose everything like this after all I’ve already gone through. I thought I was safe by using lastpass but I guess not. My master password was used for quite a few other accounts I have so I guess all that needed to happen was me entering it into a malicious form just once by accident. Screw passwords I wish the whole world was all on hardware / biometric keys by now. In total the attacker took about $30k USD worth of tokens from me.
Beware of anyone who DM’s you and claims they can help recover your crypto. I’m sorry this happened to you. It truly sucks.