Money always attracted thieves, so money operators, such as banks and cashiers, had necessary protection measures implemented. The crypto industry also operates money, except that the responsibility for safeguarding it is completely on the users’ shoulders. The emotional talk of ConsenSys employee, Taylor Monahan, called ‘The Original Sin’ that she made during Bogota Ethereum Devcon in December, questioned this paradigm.
Taylor Monahan is the founder and CEO of MyCrypto, a specialized Ethereum wallet that was acquired by MetaMask’s parent company, ConsenSys, in February last year.
On April 18, Taylor Monahan shook the crypto Twitter with a long thread about a sophisticated attack on MetaMask crypto wallets that had been going on for several months and resulted in more than 5,000 ETH (around $10 million) of stolen funds. Taylor speculated that the attacker could have access to some old database that contained wallet keys.
Some facts from Taylor Monahan’s findings:
- The theft of funds occurred at specific hours, mainly from 10 AM to 4 PM UTC. After initial withdrawals there were secondary ‘visits’ to the same wallets, draining the residual funds, again at specific hours, from 4 PM to 10 PM UTC.
- Most of the thefts occurred on weekends.
- Sometimes, accounts were checked for new assets after a few weeks or months.
- The attacker swapped small amounts to ETH right inside the wallet and then withdrew them.
- The attacker did not touch little-known tokens, staked funds and NFTs.
- An attacker consistently "vacuumed" the target accounts by moving small funds from one user’s wallet to another. When a large enough amount was collected, the hacker withdrew funds.
- The final stage is transferring everything stolen to BTC using various centralized swaps.
Interestingly, Taylor Monahan mentioned that the hackers had targeted experienced, seasoned veterans of the crypto world as well as MetaMask employees! “No one knows how,” she added.
It looked strange, though, that Taylor Monahan publicly revealed a security incident, basically accusing the sister company, without proper internal investigation. Already in the evening same day, Taylor corrected herself clarifying that the exploit was not specific to MetaMask.
MetaMask denied the claim that the hack was Metamask specific exploit
Whether this was a whistleblowing attempt about a terrible security situation in the crypto industry or another attention-grabbing morning Tweet is yet to be clarified. In any case, we join Taylor Monahan’s recommendation — "please don't keep all your assets in a single key or secret phrase for years", and continue to Observe.