this is my second article related to hackers and the bad guys from crypto, but this time is with happy ending:
They used a fake Uniswap user interface and prompt the user to connect their Metamask wallet to it, then showed an error message and request for secret keys.
but let's see how Harry himself describe the process:
The bad actor(s) would deploy a malicious dapp interface (in this case it was a fake Uniswap UI) and prompt the user to connect their MetaMask account. The kit would then mimic the MetaMask popup and throw an error state to then prompt the user to enter their secret. Once the user did, it would send the user’s input to their database via a REST API and direct the user to the legitimate app.
You can see the process in this short clip:
After identifying the bad actors and the victims, Harry found another fake domains used for fooling people:
The next move was to contact Binance and request for the victim's email in the process of returning the funds. Within an hour, they established the connection and after some verifications, the money was refunded.
For being protected, please read mycrypto.com instructions for staying safe, far from bad eyes.
Also, If you run a website, web extension, or something else, do not allow users to enter raw private keys, mnemonic phrases, or keystore files into your product. It is harmful to allow it and users need to learn from the very beginning of their journey that it’s not a safe method of accessing their funds.
This is a happy ending episode between hackers and their victims, but remember there are more cases with reversal situations. Please be careful and look twice where you want to send your money.