The significant money in the cryptocurrency industry makes it a prime target for hackers. Over the years, various exploits and schemes have emerged, targeting crypto investors and their portfolios. Investors, regardless of their experience, may still fall victim.

Pinoy Investor Falls Victim

Recently, in an interview with BitPinas, a long-time cryptocurrency investor who we will call Fernando, recounted how a Telegram exploit drained several of his wallets stored on his personal computer.

The investor, who learned about Bitcoin in 2009 but hesitated to buy it due to skepticism about peer-to-peer transactions with international individuals, began engaging in crypto in 2014. His initial investments were in various crypto-mining ventures, which he used to grow and circulate his funds.

He noted that he doesn’t trade crypto but participates in launchpads, private sales, airdrops, NFT web3 games, and token trading.

Before the exploit, Fernando had previously fallen victim to a scam after the 2018 bear market when he and his friends unknowingly invested in a fraudulent scheme.

How It Happened

“During that time, ang akala ko isang wallet lang yung nacompromise; ‘di ko alam paano nangyari. I am not writing any seed phrase inside my computer, ‘di ako nagse-save sa google ng seed phrase, sinusulat ko sa notebook,” he narrated. 

[“During that time, I thought only one wallet was compromised; I didn’t know how it happened. I don’t write seed phrases inside my computer, and I don’t save them on Google. I write them in a notebook.”]

While auditing his wallets, he found that multiple wallets had been compromised: five MetaMask wallets—two for airdrops, two active, and one for a vault. He was clueless as to how his funds were stolen since it happened instantly and he was sure to secure his funds to prevent such instances.

He discovered how the exploit happened months after his wallets were drained. After the incident, he refrained from crypto transactions and did not check his social accounts until he received a message from a colleague asking why he was sending files through Telegram. This made him suspicious, as he hadn’t opened the app for two to three months.

Upon opening Telegram, he noticed that his display picture had been changed. He realized his wallets had been compromised through the messaging platform.

“That’s when I realized I was hacked through Telegram. It was around October, but I only realized this around March 2023. I also checked my Ronin wallet and found they had tampered with it,” he shared.

In April 2023, CertiK Alert published a critical security vulnerability that could allow hackers to exploit media files sent via Telegram. This is the vulnerability that led to Fernando’s Telegram being hacked.

The investor highlighted that his personal computer might have been hacked after he shared a media file through Telegram, which allowed hackers to copy and duplicate his data through the underlying information in the file. He noted that files within browsers can store login data for crypto wallets. He discovered this six months after the exploit while attempting to recover a wallet through MetaMask technical support.

What Happened to His Funds?

In total, Fernando lost five MetaMask wallets, two Ronin wallets, and two Phantom wallets, all containing various tokens and NFTs from airdrops, pre-sales, and prior investments totaling over $800,000 or ₱46.4 million.

“It’s just a notification on my wallet; my NFTs and funds are gone. What happens when you get hacked like this is that it converts all your tokens into the native network token. For example, if you have a token on the BNB network, it converts to BNB and then releases the funds. It’s quick, and there’s nothing left, not even for gas fees. I’ve seen my funds being converted and couldn’t send them out because the transaction was already executed by the script,” he explained.

He added that even now, compromised wallets continue to automatically drain any received tokens, including those with no value.

Reporting the Incident

To recover his NFTs, Fernando attempted to contact OpenSea and report the incident to ban the stolen assets. However, the NFT marketplace required him to submit a police report first. This posed a dilemma, as reporting digital assets to the authorities is challenging due to the lack of open acceptance and recognition of such assets under current regulations in the country.

“If you file a police report, are you going to tell them it’s ₱46.4 million? I just let it go; it’s less hassle,” he said.

In 2023, the Philippine National Police Anti-Cybercrime Group (PNP ACG) issued an advisory cautioning the public about play-to-earn (P2E) crypto games, highlighting their potential for earning cryptocurrencies and NFTs, along with security risks and high entry costs. However, the advisory received mixed reactions from the crypto community due to outdated information about Axie Infinity’s prices. Some appreciated the awareness initiative despite inaccuracies, while others criticized the timing during a bear market.

What Is a Sweeper Bot?

Sweeper bots are coded scripts used on blockchain addresses to perform automated outgoing transactions. While useful for legitimate purposes, they are often deployed maliciously by hackers to move assets from one address to another.

Sweeper bots exploit the public nature of blockchain data, accessing information about pending transactions from the network’s transaction pool. Before a legitimate transaction is validated and completed, these bots can detect and quickly move assets from the target address, effectively intercepting and stealing funds.

“Like all computer programs, whether a script is malicious or not depends on who programmed it, what it’s designed to do, and where it is deployed. After all, being able to move assets programmatically from one address to another could be a very convenient functionality. However, sweeper bots are often deployed maliciously,” a MetaMask blog read.

Advice to Avoid This Kind of Exploit

• Be cautious when sharing media files or sensitive information through messaging platforms.
• Avoid storing seed phrases or sensitive login information for crypto wallets on computers or in cloud storage services.
• Regularly audit and monitor crypto wallets for any suspicious activity or unauthorized transactions.
• Avoid connecting personal emails to cryptocurrency accounts to avoid receiving malicious emails.
• Avoid cracked software and purchase only from official platforms.
• Utilize security features offered by crypto wallet providers, such as encryption and two-factor authentication.
• Stay informed about security best practices and emerging threats in the cryptocurrency space.
• Use hardware wallets to further safeguard assets.

This article is published on BitPinas: How a Pinoy Investor Lost ₱40 Million in Crypto Sweeper Bot Exploit

What else is happening:

.alm-btn-wrap{display:block;margin:0 0 25px;padding:10px 0 0;position:relative;text-align:center}.alm-btn-wrap:after{clear:both;content:””;display:table;height:0}.alm-btn-wrap .alm-load-more-btn{appearance:none;background:#ed7070;border:none;border-radius:4px;box-shadow:0 1px 1px rgba(0,0,0,.04);color:#fff;cursor:pointer;display:inline-block;font-size:15px;font-weight:500;height:43px;line-height:1;margin:0;padding:0 20px;position:relative;text-align:center;text-decoration:none;transition:all .3s ease;user-select:none;width:auto}.alm-btn-wrap .alm-load-more-btn.loading,.alm-btn-wrap .alm-load-more-btn:hover{background-color:#e06161;box-shadow:0 1px 3px rgba(0,0,0,.09);color:#fff;text-decoration:none}.alm-btn-wrap .alm-load-more-btn:active{box-shadow:none;text-decoration:none}.alm-btn-wrap .alm-load-more-btn.loading{cursor:wait;outline:none;padding-left:44px;pointer-events:none}.alm-btn-wrap .alm-load-more-btn.done,.alm-btn-wrap .alm-load-more-btn:disabled{background-color:#ed7070;box-shadow:none!important;opacity:.15;outline:none!important;pointer-events:none}.alm-btn-wrap .alm-load-more-btn.done:before,.alm-btn-wrap .alm-load-more-btn:before,.alm-btn-wrap .alm-load-more-btn:disabled:before{background:none;width:0}.alm-btn-wrap .alm-load-more-btn.loading:before{background:#fff url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/ajax-loader.gif) no-repeat 50%;border-radius:3px;content:””;display:inline-block;height:31px;left:0;margin:6px;overflow:hidden;position:absolute;top:0;transition:width .5s ease-in-out;width:30px;z-index:0}.alm-btn-wrap .alm-elementor-link{display:block;font-size:13px;margin:0 0 15px}@media screen and (min-width:768px){.alm-btn-wrap .alm-elementor-link{left:0;margin:0;position:absolute;top:50%;transform:translateY(-50%)}}.ajax-load-more-wrap.white .alm-load-more-btn{background-color:#fff;border:1px solid #e0e0e0;color:#787878;outline:none;overflow:hidden;transition:none}.ajax-load-more-wrap.white .alm-load-more-btn.loading,.ajax-load-more-wrap.white .alm-load-more-btn:focus,.ajax-load-more-wrap.white .alm-load-more-btn:hover{background-color:#fff;border-color:#aaa;color:#333}.ajax-load-more-wrap.white .alm-load-more-btn.done{background-color:#fff;border-color:#ccc;color:#444}.ajax-load-more-wrap.white .alm-load-more-btn.loading{background-color:rgba(0,0,0,0);border-color:rgba(0,0,0,0)!important;box-shadow:none!important;color:hsla(0,0%,100%,0)!important;outline:none!important;padding-left:20px}.ajax-load-more-wrap.white .alm-load-more-btn.loading:before{background-color:rgba(0,0,0,0);background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/ajax-loader-lg.gif);background-position:50%;background-size:25px 25px;height:100%;left:0;margin:0;top:0;width:100%}.ajax-load-more-wrap.light-grey .alm-load-more-btn{background-color:#efefef;border:1px solid #e0e0e0;color:#787878;outline:none;overflow:hidden;transition:all 75ms ease}.ajax-load-more-wrap.light-grey .alm-load-more-btn.done,.ajax-load-more-wrap.light-grey .alm-load-more-btn.loading,.ajax-load-more-wrap.light-grey .alm-load-more-btn:focus,.ajax-load-more-wrap.light-grey .alm-load-more-btn:hover{background-color:#f1f1f1;border-color:#aaa;color:#222}.ajax-load-more-wrap.light-grey .alm-load-more-btn.loading{background-color:rgba(0,0,0,0);border-color:rgba(0,0,0,0)!important;box-shadow:none!important;color:hsla(0,0%,100%,0)!important;outline:none!important;padding-left:20px}.ajax-load-more-wrap.light-grey .alm-load-more-btn.loading:before{background-color:rgba(0,0,0,0);background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/ajax-loader-lg.gif);background-position:50%;background-size:25px 25px;height:100%;left:0;margin:0;top:0;width:100%}.ajax-load-more-wrap.blue .alm-load-more-btn{background-color:#1b91ca}.ajax-load-more-wrap.blue .alm-load-more-btn.done,.ajax-load-more-wrap.blue .alm-load-more-btn.loading,.ajax-load-more-wrap.blue .alm-load-more-btn:hover{background-color:#1b84b7}.ajax-load-more-wrap.green .alm-load-more-btn{background-color:#80ca7a}.ajax-load-more-wrap.green .alm-load-more-btn.done,.ajax-load-more-wrap.green .alm-load-more-btn.loading,.ajax-load-more-wrap.green .alm-load-more-btn:hover{background-color:#81c17b}.ajax-load-more-wrap.purple .alm-load-more-btn{background-color:#b97eca}.ajax-load-more-wrap.purple .alm-load-more-btn.done,.ajax-load-more-wrap.purple .alm-load-more-btn.loading,.ajax-load-more-wrap.purple .alm-load-more-btn:hover{background-color:#a477b1}.ajax-load-more-wrap.grey .alm-load-more-btn{background-color:#a09e9e}.ajax-load-more-wrap.grey .alm-load-more-btn.done,.ajax-load-more-wrap.grey .alm-load-more-btn.loading,.ajax-load-more-wrap.grey .alm-load-more-btn:hover{background-color:#888}.ajax-load-more-wrap.infinite>.alm-btn-wrap .alm-load-more-btn{background-color:rgba(0,0,0,0)!important;background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/spinner.gif);background-position:50%;background-repeat:no-repeat;border:none!important;box-shadow:none!important;cursor:default!important;opacity:0;outline:none!important;overflow:hidden;text-indent:-9999px;transition:opacity .2s ease;width:100%}.ajax-load-more-wrap.infinite>.alm-btn-wrap .alm-load-more-btn:before{display:none!important}.ajax-load-more-wrap.infinite>.alm-btn-wrap .alm-load-more-btn:active,.ajax-load-more-wrap.infinite>.alm-btn-wrap .alm-load-more-btn:focus{outline:none}.ajax-load-more-wrap.infinite>.alm-btn-wrap .alm-load-more-btn.done{opacity:0}.ajax-load-more-wrap.infinite>.alm-btn-wrap .alm-load-more-btn.loading{opacity:1}.ajax-load-more-wrap.infinite.skype>.alm-btn-wrap .alm-load-more-btn{background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/spinner-skype.gif)}.ajax-load-more-wrap.infinite.ring>.alm-btn-wrap .alm-load-more-btn{background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/spinner-ring.gif)}.ajax-load-more-wrap.infinite.fading-blocks>.alm-btn-wrap .alm-load-more-btn{background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/loader-fading-blocks.gif)}.ajax-load-more-wrap.infinite.fading-circles>.alm-btn-wrap .alm-load-more-btn{background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/loader-fading-circles.gif)}.ajax-load-more-wrap.infinite.chasing-arrows>.alm-btn-wrap .alm-load-more-btn{background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/spinner-chasing-arrows.gif)}.ajax-load-more-wrap.alm-horizontal .alm-btn-wrap{align-items:center;display:flex;margin:0;padding:0}.ajax-load-more-wrap.alm-horizontal .alm-btn-wrap button{margin:0}.ajax-load-more-wrap.alm-horizontal .alm-btn-wrap button.done{display:none}.alm-btn-wrap–prev{clear:both;display:flex;justify-content:center;margin:0;padding:0;width:100%}.alm-btn-wrap–prev:after{clear:both;content:””;display:table;height:0}.alm-btn-wrap–prev a.alm-load-more-btn–prev{display:inline-block;font-size:14px;font-weight:500;line-height:1;margin:0 0 15px;padding:5px;position:relative;text-decoration:none}.alm-btn-wrap–prev a.alm-load-more-btn–prev:focus,.alm-btn-wrap–prev a.alm-load-more-btn–prev:hover{text-decoration:underline}.alm-btn-wrap–prev a.alm-load-more-btn–prev.loading,.alm-btn-wrap–prev a.alm-load-more-btn–prev.loading:focus{cursor:wait;text-decoration:none}.alm-btn-wrap–prev a.alm-load-more-btn–prev.loading:before,.alm-btn-wrap–prev a.alm-load-more-btn–prev.loading:focus:before{background:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/ajax-loader-lg.gif) no-repeat 0;background-size:16px 16px;content:””;display:block;height:16px;left:-18px;position:absolute;top:50%;transform:translateY(-50%);width:16px}.alm-btn-wrap–prev a.alm-load-more-btn–prev.skype.loading:before{background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/spinner-skype.gif)}.alm-btn-wrap–prev a.alm-load-more-btn–prev.ring.loading:before{background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/spinner-ring.gif)}.alm-btn-wrap–prev a.alm-load-more-btn–prev.fading-blocks.loading:before{background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/loader-fading-blocks.gif)}.alm-btn-wrap–prev a.alm-load-more-btn–prev.chasing-arrows.loading:before{background-image:url(https://bitpinas.com/wp-content/plugins/ajax-load-more/build/frontend/img/spinner-chasing-arrows.gif)}.alm-btn-wrap–prev a.alm-load-more-btn–prev button:not([disabled]),.alm-btn-wrap–prev a.alm-load-more-btn–prev:not(.disabled){cursor:pointer}.alm-btn-wrap–prev a.alm-load-more-btn–prev.done{display:none!important}.alm-listing,.alm-paging-content{outline:none}.alm-listing:after,.alm-paging-content:after{clear:both;content:””;display:table;height:0}.alm-listing{margin:0;padding:0}.alm-listing .alm-paging-content>li,.alm-listing>li{position:relative}.alm-listing .alm-paging-content>li.alm-item,.alm-listing>li.alm-item{background:none;list-style:none;margin:0 0 30px;padding:0 0 0 80px;position:relative}@media screen and (min-width:480px){.alm-listing .alm-paging-content>li.alm-item,.alm-listing>li.alm-item{padding:0 0 0 100px}}@media screen and (min-width:768px){.alm-listing .alm-paging-content>li.alm-item,.alm-listing>li.alm-item{padding:0 0 0 135px}}@media screen and (min-width:1024px){.alm-listing .alm-paging-content>li.alm-item,.alm-listing>li.alm-item{padding:0 0 0 160px}}.alm-listing .alm-paging-content>li.alm-item h3,.alm-listing>li.alm-item h3{margin:0}.alm-listing .alm-paging-content>li.alm-item p,.alm-listing>li.alm-item p{margin:10px 0 0}.alm-listing .alm-paging-content>li.alm-item p.entry-meta,.alm-listing>li.alm-item p.entry-meta{opacity:.75}.alm-listing .alm-paging-content>li.alm-item img,.alm-listing>li.alm-item img{border-radius:2px;left:0;max-width:65px;position:absolute;top:0}@media screen and (min-width:480px){.alm-listing .alm-paging-content>li.alm-item img,.alm-listing>li.alm-item img{max-width:85px}}@media screen and (min-width:768px){.alm-listing .alm-paging-content>li.alm-item img,.alm-listing>li.alm-item img{max-width:115px}}@media screen and (min-width:1024px){.alm-listing .alm-paging-content>li.alm-item img,.alm-listing>li.alm-item img{max-width:140px}}.alm-listing .alm-paging-content>li.no-img,.alm-listing>li.no-img{padding:0}.alm-listing.products li.product{padding-left:inherit}.alm-listing.products li.product img{border-radius:inherit;position:static}.alm-listing.stylefree .alm-paging-content>li,.alm-listing.stylefree>li{margin:inherit;padding:inherit}.alm-listing.stylefree .alm-paging-content>li img,.alm-listing.stylefree>li img{border-radius:inherit;margin:inherit;padding:inherit;position:static}.alm-listing.rtl .alm-paging-content>li{padding:0 170px 0 0;text-align:right}.alm-listing.rtl .alm-paging-content>li img{left:auto;right:0}.alm-listing.rtl.products li.product{padding-right:inherit}.alm-masonry{clear:both;display:block;overflow:hidden}.alm-placeholder{display:none;opacity:0;transition:opacity .2s ease}.ajax-load-more-wrap.alm-horizontal{display:flex;flex-wrap:nowrap;width:100%}.ajax-load-more-wrap.alm-horizontal .alm-listing{display:flex;flex-direction:row;flex-wrap:nowrap}.ajax-load-more-wrap.alm-horizontal .alm-listing>li.alm-item{background-color:#fff;border:1px solid #efefef;border-radius:4px;height:auto;margin:0 2px;padding:20px 20px 30px;text-align:center;width:300px}.ajax-load-more-wrap.alm-horizontal .alm-listing>li.alm-item img{border-radius:4px;box-shadow:0 2px 10px rgba(0,0,0,.075);margin:0 auto 15px;max-width:125px;position:static}.ajax-load-more-wrap.alm-horizontal .alm-listing:after{display:none}.alm-toc{display:flex;padding:10px 0;width:auto}.alm-toc button{background:#f7f7f7;border:1px solid #efefef;border-radius:4px;box-shadow:none;color:#454545;cursor:pointer;font-size:14px;font-weight:500;height:auto;line-height:1;margin:0 5px 0 0;outline:none;padding:7px 10px;transition:all .15s ease}.alm-toc button:focus,.alm-toc button:hover{border-color:#ccc;color:#222}.alm-toc button:hover{text-decoration:underline}.alm-toc button:focus{box-shadow:0 0 0 3px rgba(0,0,0,.05)}
.pace { -webkit-pointer-events: none; pointer-events: none; -webkit-user-select: none; -moz-user-select: none; user-select: none; }
.pace-inactive { display: none; }
.pace .pace-progress { background: #2280ee; position: fixed; z-index: 2000; top: 0; right: 100%; width: 100%; height: 5px; -webkit-box-shadow: 0 0 3px rgba(255, 255, 255, 0.3); box-shadow: 0 0 2px rgba(255, 255, 255, 0.3); }

• SEO Powered Content & PR Distribution. Get Amplified Today.
• PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
• PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
• PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
• PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
• Source: https://bitpinas.com/feature/interview-40-million-exploit/