Over 5,000 ether has been stolen from the MetaMask wallets of cryptocurrency veterans across multiple chains since December 2022, according to a MetaMask developer known as Tay.
At press time, the amount of ether stolen is worth $10.5 million. The ongoing hack deliberately targets “OGs who are reasonably secure,” the dev noted on Twitter, but it remains unclear how the sophisticated hacker is pulling it off.
“This is NOT a low-brow phishing site or a random scammer… It ONLY [steals from] OGs,” Tay wrote.
The MetaMask dev speculates that the hacker acquires a data cache from the victim’s device. “My best guess … is that someone has got themselves a fatty cache of data from [over a year ago] and is methodically draining the keys as they parse them from the treasure trove.”
Though information on the hacker’s methods remains unclear, all victims have something in common besides being embedded in the space for several years: their wallet keys were created between 2014 and 2022.
According to the MetaMask dev, the hacker will commit a secondary theft in the hours following their initial heist to collect assets and dust that they initially missed. Large thefts are carried out by swapping assets into ether within the victims’ wallets and then into bitcoin through a centralized swapper. A week later, the bitcoin is washed through a crypto mixer in order to make it difficult to trace.
Tay has urged MetaMask users to split their crypto across multiple keys.