spoock.md

Theft from Individual SPooCK

Date: August 17th, 2023

Amount Stolen: $38,362

Tags: 🎙️ Contagious Interview

---

Details

Hello,

On 17th August 2023, at 12:50 AM (UTC), I experienced a significant loss of investor funds amounting to $38,032 in the form of Crypto assets (BUSD).

The security of my admin wallet was breached (0xec448cC26A97Ff84339C27ec754320F1D52f7566). While the exact method of compromise remains uncertain, the attacker successfully accessed the admin wallet and drained a contract holding these funds.

Below are the transactions on BSC Scan ( https://bscscan.com/tx/ ) executed by the attacker, all directed to wallet address: 0x55066E19Abdb8cB38F6A98A96186c0B657Ce3295:

1. TX: 0x88b6ebb4a730422413c25645ab83ce80dc5e2e0a26662214483d21a256fc04cf (1,000 BUSD)

2. TX: 0xd29cd90608685a761143139a83cbec1ab4cf58e4f4627f95ecb0d18883e005ef (1,000 BUSD)

3. TX: 0x197e56940d2187a16af229d890431cb77b348df9673170a6255179056e81601e (16,000 BUSD)

4. TX: 0x054f40109c36079e4efdd2b350940c313248870cb549e89d638068bf38bdf395 (16,000 BUSD)

5. TX: 0xc41e0856386b93ffb29c236021f01d04a94fdbc9414e04de41db9c8fdbdd9d37 (1,000 BUSD)

6. TX: 0x95667ddf7e5989c85f44583b5ace76aa0d84ad0dafbf8374e85d583a4e1f8d64 (1,000 BUSD)

7. TX: 0xf3611cef7ca085a96a785beddd669e71f132612df8915f283bec1bddbfa0bc05 (1,000 BUSD)

8. TX: 0x7d5e7cdfdddfcafb0dccc6cb24ee5cd6b684d7d42ddf890e404243a40a130698 (1,000 BUSD)

9. TX: 0xd3df2b133766308f52b2c308273ef2bc8ffa4a139a78a33a239849d556208bf4 (32 BUSD)

Subsequently, the total amount of 38,032 BUSD was transferred through the following wallets:

1. 0xe9f8CeF0FDfa4E6b455ab02a5FAa8Df794F83774 - TX :0x7f534c94511944d202672ecabf170ae34038268dc9670c343209a46ec2247ef2

2. 0x45B9A47Bdff8039B2318eB4f037A7a1de4820CBE - TX: 0x01ef5e0a57dbc7afedd6b3a78b7e1f300a6d8a43f00b2d218abb97e00232cd4d

3. 0x081AE3ee8d505D2CfC86f0c297FAB5A65A831998 (possible ChangeNOW) - TX: 0x9c5c6fcb944673c11ca072c6c8547dbe1eae8abd473e1b073702912d5501c48b

(0xe9f8CeF0FDfa4E6b455ab02a5FAa8Df794F83774 has withdraw linked Simple Swap TX: 0xa580d7477fef34870a02c2fd5a239c1ef1b3433489ce9653744c43b781aaeb0f)

I am deeply concerned about the safety of the investors' funds. Following the breach, I have discarded the compromised wallet, revoked its access, and fully re-installed the system's Windows.

The total value lost amounts to approximately $38,362 USD, broken down as follows:

Investor's Funds: ~$38,032 USD

Personal Funds (across ETH, BSC & Polygon): ~$330 USD

My primary objective is to trace the attacker. If the funds were withdrawn to an exchange, I intend to pursue legal actions against the perpetrator and recover the stolen assets. I am open to suggestions and guidance on the best approach moving forward.

I have also filed an Action Fraud report pertaining to this incident.

Thank you for your attention to this matter.

Sincerely,

SPooCK

Submitted on Aug 27, 2023 By SPooCK

On-Chain

• 0xec448cc26a97ff84339c27ec754320f1d52f7566 - Victim
• 0x92c42f41c2a2104b5fc468859c20ea2d186a1a17 - Victim
• 0x55066E19Abdb8cB38F6A98A96186c0B657Ce3295 - Direct Theft
• 0xe9f8CeF0FDfa4E6b455ab02a5FAa8Df794F83774
• 0x45B9A47Bdff8039B2318eB4f037A7a1de4820CBE
• 0x081AE3ee8d505D2CfC86f0c297FAB5A65A831998
• 0xea939998fad5ff82d04a37668680073d5f5ef143
• TBpocvWxXWgLDoMCVNDXDKZtikn5FS6odh
• TDRz3EKe4QMpAVri7WoWtQjymqPuJ6SHPU
• TEie2SWkPm4cEdna3X4JkM6KuF215VaSqV
• TMogEBUWaJXppbs8inu583fnbDHmhEHvMn
• TNJzVCQKadtJykJdh82zK8WCQxUD9dcpcr
• TWJnEMdVTdp3dfkpHsrWMy4tz1q3e51hfA
• TWoJ9PvYDiyK54nxRu4HeqkUYARMKxaRTu
• TWvAmAt7upe6JSLzAYV7bocFGqHqhzDwPG
• TYmHrykm4XG7q1BaAm12yFmQZN22QEoW4J

🤔

Also, both of the victims I found, who we assuminged were "attacked" by the same person, refused to share how it happened and blocked me. Also both of them are Blockchain Devs.

Why did you think they were victims?

I don't think, I know, their ENS name is public, and interreacted with the hacker. Both of them knew an Upwork profile which infected them with a phishing "work requirement" file. Neither of them wanted to disclose the profile.

"Victim" 1:

• https://twitter.com/bunhouth
• https://stackoverflow.com/users/4710358/bun-houth
• https://gist.github.com/BunHouth
• https://upwork.com/en-gb/freelancers/~018bdf05f7fd7414dc
• bunhouth.eth
• https://etherscan.io/tx/0xfafc480c16bc6d71d0f1c03f9c1a65d5f89015971f0da4374380abadf9b76671

"Victim" 2:

• https://twitter.com/iafhurtado
• https://upwork.com/freelancers/~01b830b8c51f54f474
• https://portfolio-iafhurtado.vercel.app/#contact
• jaibo.eth
• https://etherscan.io/tx/0x18af51f6042562db8171d799a6a09ae205e936846375dd962b52c47b7ce06708

URLs

• https://chainabuse.com/report/481298c5-e74b-4791-aaee-1a2909e0a070