Yesterday, my wallet's private key was compromised, and I lost all access to my wallet to an unknown hacker.   What hurts more is that I lose all the onchain activity and reputation I've built with this wallet over the years.   I must have signed a malicious contract that somehow gave the exploiter access to my private key.   The attacker transferred 0.089 ETH from my Arbitrum account to his wallet at 0xC3c4649b2b3e8e057188bbC5D3DFBC7432737602 https://arbiscan.io/tx/0x00a83225aa7d2f1a93e9322048488e0774c61489e707f34e57dca25bf81ffb21…     Then, when I tried to transfer my remaining $DAI tokens to another wallet I own, all the transactions were automatically redirected to another wallet (0x356575bB05A3C335a254fACa5366f7C996C97fC4).   https://arbiscan.io/tx/0x1288f1c3db164514c5c46739b677a09ad0d79fff7f8ed4f9e3665f678a32cec4…   Someone at @peckshield's TG brought to my notice that this @binance deposit address 0x03E8729D4B815c575E0654f794293F04F12f1DA7 belongs to the exploiter.     They have been exploiting wallets with smaller balances thinking it would go unnoticed. But this impunity, over time, can make them exploit many more accounts over time. The exploiter proceeded to transfer tokens to Tornado Cash to clean all trails.   My tokens on Arbitrum, Binance & zkEVM were drained completely.   I lost ~$300 and the ability to use my wallet for further use.   I lose the ability to vote on governance forums, withdraw my stakes, verify my onchain identity, and worst of all, the research I've been posting on Mirror for 2 years now.   These are the wallets that belong to the hacker:

• 0x356575bB05A3C335a254fACa5366f7C996C97fC4
• 0xC3c4649b2b3e8e057188bbC5D3DFBC7432737602
• (Binance deposit address) 0x03E8729D4B815c575E0654f794293F04F12f1DA7

The mistake I clearly made was that I have been using the wallet with a private key on my Metamask for years which I had not noticed. This made my wallet and onchain activity riskier than others.   Also, metamask does not have the option to check & revoke approvals, if any.   What I tried to do is import my wallet to @Rabby_io and revoke all access that I had granted earlier.   It is probably the best Ethereum wallet out there.   But since any ETH I deposit into my compromised wallet gets withdrawn automatically to another wallet owned by the hacker, it is now impossible to revoke any contracts at the moment. Any help in identifying the hacker would be appreciated.  

Suggestions

I have been told that this could have been done through a virus on my laptop that then gave access to my laptop, but I doubt it. I got it checked and found nothing.

What I would suggest for all of you is to check which contracts you have given access to and revoke the ones that seem suspicious.

Rabby Wallet by DeBank has inbuilt functions to see approvals from your wallet.