First of all,
No Corez users were affected by the hack on our site. This was strictly the owner and many others (unrelated) that were targets. Odd hack and we won't say we didn't crack a couple of wallets to learn more about it ;)
The hacker or hackers would get in through a dApp within the internal browsers in the chosen wallet. The ones we noticed the most while researching are:
- Trust Wallet
There are vulnerabilities where the hacker(s) can move between these few and get the user's seed phrase rather quickly. We're not sure if the next part was to taunt, some bot move, hacker signature, or what asides a means to sell assets.
The hacker(s) would mint an NFT within the wallet through Opensea and sell the seed phrases in plain site on Opensea for a portion of the wallet's full value. Other hackers would come in and pillage. It was pretty freaky seeing this and sad. One wallet we allegedly looked at had an NFT by the owner expressing frustration. We were taken for over 20k USD in investments and the hacker played a different game with the owner.
The hacker took over many social accounts, and banks. He or she cracked Kracken and took all assets, the few wallets mentioned above were burgled and none recoverable; Kracken the uncrackable just locked the account and hasn't said a word about missing assets... so much for their HUGE recovery fund. Gemini was another target, props to them for locking and not letting the hacker get anything out! eToro made it as well, others were left alone from what we gathered.
The hacker was able to use mirror pools and other methods to deflect any payments coming into MetaMask and other wallets. Drained LP pools on PancakeSwap and JumpTask. It was a week of password change alerts and watching red.
Aside from Kracken, the worst to cooperate or say anything period is TWITTER. The business account is compromised still and there is plenty of proof of who owns the brand/site. They have done nothing after quite some time of proving identity and ownership. There are still links to company assets for sale. The hacker was able to install a repeating file in the Cpanel. We knew which files to delete thankfully Bluehost was quick to shut down the site and restrict anything important.
We looked at analytics and there were thousands of attempts to send out that personal information from a subdomain made by the hacker. Literally a folder with all of the admin info available for sale being blocked by Blue Host. We have proof of it happening to at least 10 others. Same styles of NFTs, not sure of names but just addresses. Scary how fast things can disappear and how crappy some sites are.
None of our money will be recovered and it was a huge waste of time trying to cooperate with companies that did nothing but watch and lock us out of our own accounts. Huge frustration and this will be an ongoing battle, so until our team is ready to rock again we are going to let JohnWix take over for now.
Same concept and we are barely getting started with them. A couple of other companies are joining in to bring a group of crypto enthusiasts and people that like getting extra cash online together.
The new site is https://johnwix.icu for the time being. We will write another one on the side and likely change hosts for the reopening of Rah10coreZ because of how this was handled even with all of the security in place, the reaction time and cooperation from most businesses involved were horrible. The owner was quick to react about everything, but couldn't do much without cooperation from the companies he was getting disowned from, reverifying, and then booted from because of all bot staff... or ignorant staff.
The struggle is real. We all practice good security protocols while on the web or off. We found a tool to be helpful instead of an in-browser password lock (one way the hacker could get all the passwords, the only thing that stopped most attacks was 2FA) get a key. Check out the company below they offer a great service to authenticate passwordless. Biometric thumb drives I just got one not long ago it is actually pretty neat. Series 5 are definitely a team favorite. Check out some of the keys and see if any fit you. I adapted quickly to a different form of security plus mine is really cute!
Link to: YubiStore
Snag a YubiKey today or check out some of their other services. When it comes down to it, nobody will provide you with the support you need after an attack like this. Sadly it's an epidemic.
This is not to scare anyone it's just a wake-up call, especially considering we thought we were protected and paid enough for protection from something to go this far and on for so long. Some sites, as mentioned TWITTER won't even give back our accounts and are just letting the hacker or group of them continue to commit felonies on their services. We've documented much and hope we can make an impact, but the sad truth is we're not going to save anyone. May helps some people realize and save themselves. It's all on you. Hope everyone is enjoying the holidays. Figured I'd cover for the owner since he's handling enough already. Take care and be safe all!
Editor and Moderator for Rah10coreZ
Editor for JohnWIx