Metamask-extension: Meta Mask Hacked?

Without any additional information provided on a public thread, such as transaction logs or knowledge of phishing sites that may or may not have been visited, we are not able the pinpoint the cause of the issue. If you have any additional sensitive information please send it to support at metamask dot io

I'm encountering the same exact issue! My account was completely emptied out! I got robbed for almost 1ETH.

It's happening ONLY to the non-loose accounts on meta mask!

@iamjaime Does this scenario seem to depict your issue https://metamask.helpscoutdocs.com/article/37-ghost-accounts-ether-sending-away-whenever-funding-an-account.

I'm encountering same issue too. I've sent 48 ether to my wallet and someone sent 4.xx ether to another wallet and spent 43.xx ether as txfee and it was first use this time but transaction history says it has been used since 133days ago

0x627306090abaB3A6e1400e9345bC60c78a8BEf57
this is my wallet address

@leekt216 seems that is a Ganache address that is used for testing purposes. Which is the default seed phrase for Ganache and is available for everyone that has installed it.
http://truffleframework.com/docs/advanced/truffle-with-metamask
Around half way down, there is a warning when sending ETH to any addresses that are generated by this default seed phrase on the Main Ethereum Network.

Hi guys, did you succeed to recover any tokens from your Metamask? It happened to me the same. First in the morning l realised l don’t have any Neurochain token that l have just bought, then within an hour after l opened my Metamask, the rest all disappeared, 0 balance. I am writing emails to support, l did whatever they suggested to me but nothing helped. I think they hacked me!

i will never use Metamask for ever , and i will make a video in my youtube channel with 132k followers and beware them . Metamask not secure anymore . You have to resolve this big problem and compensate our money .

Thank you for your support, but how can l compensate my money? If l can help or add anything to your tube, l am here willing to say something. 

Sent from Yahoo Mail for iPad

On Friday, April 6, 2018, 8:58 pm, tarseb90 notifications@github.com wrote:

i will never use Metamask for ever , and i will make a video in my youtube channel with 132k followers and beware them . Metamask not secure anymore . You have to resolve this big problem and compensate our money .

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

Me too. I trun in eth Metamask. At once these eth were truned out to 0x2d7311279A3ba818Db2aD84eED09324A2577188A. All records of 0x2d7311279A3ba818Db2aD84eED09324A2577188A on etherscan is in. 0x2d7311279A3ba818Db2aD84eED09324A2577188A is thife.

Thank you for your reply. It happened that All my coins are back to my acc.now. I sent so many emails to them and it seems they are helping and solving problems. They were testing Beta...They replied very fast after my emails...l lost about 28$ at the end.I hope you will be able to get them back too. Good luck.Maria

Sent from Yahoo Mail for iPad

On Tuesday, April 10, 2018, 5:12 pm, leonlee723 notifications@github.com wrote:

Me too. I trun in eth Metamask. At once these eth were truned out to 0x2d7311279A3ba818Db2aD84eED09324A2577188A. All records of 0x2d7311279A3ba818Db2aD84eED09324A2577188A on etherscan is in. 0x2d7311279A3ba818Db2aD84eED09324A2577188A is thife.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

can you give me the email that you used ?

Sure.[email protected] attn to James. They were very supportive. I am not angry with them anymore, hi!Good luck.M.

Sent from Yahoo Mail for iPad

On Tuesday, April 10, 2018, 7:15 pm, tarseb90 notifications@github.com wrote:

can you give me the email that you used ?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

@Mijako mind sharing your ticket number on [email protected] ?

Maybe it’s that one, not sure, l sent hips of emails..12265.

Sent from Yahoo Mail for iPad

On Wednesday, April 11, 2018, 12:36 am, Adam notifications@github.com wrote:

@Mijako mind sharing your ticket number on [email protected] ?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

@Mijako Thanks. From ticket number 12265, it seems like you were able to restore your MetaMask wallet, after (unintentionally I assume) creating a new wallet, and found your original accounts unseen. Glad you were able to restore successfully.
For future/user issues, you could send your queries to [email protected] again, (though I hope you'll not face any issues in your MetaMask transactions anymore). Thanks again to help clarifying!

Not at all. I am quite new, reading from other people being hacked...so this is the first thing you think when you open your acc.and there is 0 balance. I didn’t do anything at all, just register into my Metamask and saw empty acc. Today l registered and realised there is again one token missing, but from this experience l think it will not be difficult to bring it back. I hope so. Just don’t understand why it is keep happening you add a new token and the amount of tokens, but when you register again, they disappeare. Am l doing something wrong?Thank you.Kind regards,Marija

Sent from Yahoo Mail for iPad

On Wednesday, April 11, 2018, 1:19 pm, Adam notifications@github.com wrote:

@Mijako Thanks. From ticket number 12265, it seems like you were able to restore your MetaMask wallet, after (unintentionally I assume) creating a new wallet, and found your original accounts unseen. Glad you were able to restore successfully.
For future/user issues, you could send your queries to [email protected] again, (though I hope you'll not face any issues in your MetaMask transactions anymore). Thanks again to help clarifying!

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

I have had the Same thing Happen.. It even says Phishing address on the on the OUT address..

What can I do?

I sent to Metamask few emails...one day everything was bach.Good luck.Marija

Sent from Yahoo Mail for iPad

On Monday, May 7, 2018, 3:46 am, ProZack39 notifications@github.com wrote:

I have had the Same thing Happen.. It even says Phishing address on the on the OUT address..

What can I do?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

EVERYONE PLEASE EMAIL METAMASK!!!!

[email protected]

Sent from Yahoo Mail for iPad

On Monday, May 7, 2018, 3:28 pm, ProZack39 notifications@github.com wrote:

EVERYONE PLEASE EMAIL METAMASK!!!!

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

my metamask wallet was hacked also! I sent ethereum from stocks.exchange to my metamask wallet but only received a small portion of my withdrawal so I checked the etherscan transaction and noticed that over two hundred dollars $200.00 of my withdrawal had been sent to another ethereum address before it ever reached my metamask wallet. I contacted metamask about this matter and they are not taking responsibility for my fund's being stolen! stating that I must have visited a phished site, or I have malware installed on my PC which both are not true! I will not use metamask anymore until this matter is resolved and will continue to inform metamask & ethereum user's that metamask is not safe and obviously have a serious bug in they're security feature that they refuse to be held accountable for.

https://etherscan.io/tx/0xe1553296e99490d9f675f61c17a5db359ccbc6ca397368bfdb09a00319775cfb

https://etherscan.io/tx/0xe1553296e99490d9f675f61c17a5db359ccbc6ca397368bfdb09a00319775cfb

It's a Freaking shame. I also tried to email them to get them to lock my
account when I first noticed it happening. They wouldn't or couldn't.

On May 22, 2018 11:15 AM, "Blackstuntman" notifications@github.com wrote:

my metamask wallet was hacked also! I sent ethereum from stocks.exchange to
my metamask wallet but only received a small portion of my withdrawal so I
checked the etherscan transaction and noticed that over two hundred dollars
$200.00 of my withdrawal had been sent to another ethereum address before
it ever reached my metamask wallet. I contacted metamask about this matter
and they are not taking responsibility for my fund's being stolen! stating
that I must have visited a phished site, or I have malware installed on my
PC which both are not true! I will not use metamask anymore until this
matter is resolved and will continue to inform metamask & ethereum user's
that metamask is not safe and obviously have a serious bug in they're
security feature that they refuse to be held accountable for.

https://etherscan.io/tx/0xe1553296e99490d9f675f61c17a5db359ccbc6ca397368bfdb09a00319775cfb

https://etherscan.io/tx/0xe1553296e99490d9f675f61c17a5db359ccbc6ca397368bfdb09a00319775cfb

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391050884,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiRFDS6XtbMpq1YP0LlfSt6jw_Cazdks5t1DmngaJpZM4RxmYc
.

@blackstuntman this is not enough information to determine what happened but when you say

noticed that over two hundred dollars $200.00 of my withdrawal had been sent to another ethereum address before it ever reached my metamask wallet.

This suggests that it's not an issue with metamask, as metamask cannot interfere with sent funds before their arrival.

If you want further diagnosis you'll need to provide more information about your accounts, which is for the exchange and which is from metamask. I recommend you do that privately via the support email thread you started.

Malware and phishing targeting cryptocurrency users are extremely common these days, we've seen many users with cases that were infected and did not realize it. While I'm not sure that's your case (they likely would have taken everything), you should take care to properly identify the source of the anomolous transaction to ensure you are safe.

@prozak39

get them to lock my account

We do not control anyone's account and are unable to do this. This lack of centralized control is what draws a lot of people to cryptocurrency. However the responsibility of security and understanding comes with that, and it's a lot to take on. If you'd like someone to manage your private keys for you, I recommend a bank-like enetity such as coinbase.

What do you mean not enough evidence? Just simply check my etherscan
activity! It clearly shows my withdrawal from stocks.exchange was
successful sent to my metamask wallet address via blockchain, it also shows
seconds after it arrived over $200.00 of the over $300.00 initial
withdrawal was sent to another wallet before it ever reached my metamask
wallet. Upon further investigation you can also see that the stolen fund's were
sent to another ethereum address with over 1,000,000.00 dollars in ethereum
asset's! Metamask needs to reimburse me for my lost fund's and take full
responsibility for this security breache because it's not my fault!

On May 22, 2018 11:35 AM, "kumavis" notifications@github.com wrote:

@Blackstuntman https://github.com/Blackstuntman this is not enough
information to determine what happened but when you say

noticed that over two hundred dollars $200.00 of my withdrawal had been
sent to another ethereum address before it ever reached my metamask wallet.

This suggests that it's not an issue with metamask, as metamask cannot
interfere with sent funds before their arrival.

If you want further diagnosis you'll need to provide more information
about your accounts, which is for the exchange and which is from metamask.
I recommend you do that privately via the support email thread you started.

Malware and phishing targeting cryptocurrency users are extremely common
these days, we've seen many users with cases that were infected and did not
realize it. While I'm not sure that's your case (they likely would have
taken everything), you should take care to properly identify the source of
the anomolous transaction to ensure you are safe.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391057303,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AlsquAuQVwv6qn2f9VO-9ccaQ0Xmfej3ks5t1D5EgaJpZM4RxmYc
.

0xf7c8c83e06645708da2873aa01e2b5b55a613ca52f13b318800fb1de867e6c7e
https://etherscan.io/tx/0xf7c8c83e06645708da2873aa01e2b5b55a613ca52f13b318800fb1de867e6c7e
5637208 https://etherscan.io/block/5637208 3 days 18 hrs ago
0x0f85ffa9c291a2b4ee5f0647725c7c41e5d6981a OUT
0x090b0ca0b824b1bc7e67df944fc9c63989e92ba0
https://etherscan.io/address/0x090b0ca0b824b1bc7e67df944fc9c63989e92ba0 0
.337026 Ether 0.0097881
0xe1553296e99490d9f675f61c17a5db359ccbc6ca397368bfdb09a00319775cfb
https://etherscan.io/tx/0xe1553296e99490d9f675f61c17a5db359ccbc6ca397368bfdb09a00319775cfb
5637204 https://etherscan.io/block/5637204 3 days 18 hrs ago
0x97e12bd75bdee72d4975d6df410d2d145b3d8457
https://etherscan.io/address/0x97e12bd75bdee72d4975d6df410d2d145b3d8457
IN 0x0f85ffa9c291a2b4ee5f0647725c7c41e5d6981a 0.53321221 Ether 0.00063

On Tue, May 22, 2018 at 11:46 AM, hassan perry hassanperry33@gmail.com
wrote:

What do you mean not enough evidence? Just simply check my etherscan
activity! It clearly shows my withdrawal from stocks.exchange was
successful sent to my metamask wallet address via blockchain, it also shows
seconds after it arrived over $200.00 of the over $300.00 initial
withdrawal was sent to another wallet before it ever reached my metamask
wallet. Upon further investigation you can also that the stolen fund's were
sent to another ethereum address with over 1,000,000.00 dollars in ethereum
asset's! Metamask needs to reimburse me for my lost fund's and take full
responsibility for this security breache because it's not my fault!

On May 22, 2018 11:35 AM, "kumavis" notifications@github.com wrote:

@Blackstuntman https://github.com/Blackstuntman this is not enough
information to determine what happened but when you say

noticed that over two hundred dollars $200.00 of my withdrawal had been
sent to another ethereum address before it ever reached my metamask wallet.

This suggests that it's not an issue with metamask, as metamask cannot
interfere with sent funds before their arrival.

If you want further diagnosis you'll need to provide more information
about your accounts, which is for the exchange and which is from metamask.
I recommend you do that privately via the support email thread you started.

Malware and phishing targeting cryptocurrency users are extremely common
these days, we've seen many users with cases that were infected and did not
realize it. While I'm not sure that's your case (they likely would have
taken everything), you should take care to properly identify the source of
the anomolous transaction to ensure you are safe.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391057303,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AlsquAuQVwv6qn2f9VO-9ccaQ0Xmfej3ks5t1D5EgaJpZM4RxmYc
.

Well that's the thing!!!! The guy that stole my $$$ doesn't have my private
key!

On Tue, May 22, 2018, 11:59 AM Blackstuntman notifications@github.com
wrote:

0xf7c8c83e06645708da2873aa01e2b5b55a613ca52f13b318800fb1de867e6c7e
<
https://etherscan.io/tx/0xf7c8c83e06645708da2873aa01e2b5b55a613ca52f13b318800fb1de867e6c7e
>
5637208 https://etherscan.io/block/5637208 3 days 18 hrs ago
0x0f85ffa9c291a2b4ee5f0647725c7c41e5d6981a OUT
0x090b0ca0b824b1bc7e67df944fc9c63989e92ba0
https://etherscan.io/address/0x090b0ca0b824b1bc7e67df944fc9c63989e92ba0
0
.337026 Ether 0.0097881
0xe1553296e99490d9f675f61c17a5db359ccbc6ca397368bfdb09a00319775cfb
<
https://etherscan.io/tx/0xe1553296e99490d9f675f61c17a5db359ccbc6ca397368bfdb09a00319775cfb
>
5637204 https://etherscan.io/block/5637204 3 days 18 hrs ago
0x97e12bd75bdee72d4975d6df410d2d145b3d8457
https://etherscan.io/address/0x97e12bd75bdee72d4975d6df410d2d145b3d8457
IN 0x0f85ffa9c291a2b4ee5f0647725c7c41e5d6981a 0.53321221 Ether 0.00063

On Tue, May 22, 2018 at 11:46 AM, hassan perry hassanperry33@gmail.com
wrote:

What do you mean not enough evidence? Just simply check my etherscan
activity! It clearly shows my withdrawal from stocks.exchange was
successful sent to my metamask wallet address via blockchain, it also
shows
seconds after it arrived over $200.00 of the over $300.00 initial
withdrawal was sent to another wallet before it ever reached my metamask
wallet. Upon further investigation you can also that the stolen fund's
were
sent to another ethereum address with over 1,000,000.00 dollars in
ethereum
asset's! Metamask needs to reimburse me for my lost fund's and take full
responsibility for this security breache because it's not my fault!

On May 22, 2018 11:35 AM, "kumavis" notifications@github.com wrote:

@Blackstuntman https://github.com/Blackstuntman this is not enough
information to determine what happened but when you say

noticed that over two hundred dollars $200.00 of my withdrawal had been
sent to another ethereum address before it ever reached my metamask
wallet.

This suggests that it's not an issue with metamask, as metamask cannot
interfere with sent funds before their arrival.

If you want further diagnosis you'll need to provide more information
about your accounts, which is for the exchange and which is from
metamask.
I recommend you do that privately via the support email thread you
started.

Malware and phishing targeting cryptocurrency users are extremely common
these days, we've seen many users with cases that were infected and did
not
realize it. While I'm not sure that's your case (they likely would have
taken everything), you should take care to properly identify the source
of
the anomolous transaction to ensure you are safe.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391057303
,
or mute the thread
<
https://github.com/notifications/unsubscribe-auth/AlsquAuQVwv6qn2f9VO-9ccaQ0Xmfej3ks5t1D5EgaJpZM4RxmYc

.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391065281,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiREL-980uKFWjRFGDTpytl9oDGRzkks5t1EPrgaJpZM4RxmYc
.

And the Thief's are now removing fund's from that account because now it only shows a little over 80,000.00 dollars in ethereum asset's where as two days ago it was over 1,000,000.00!

Exactly! NO ONE HAS MY PRIVATE KEYS! ALSO! I DO NOT! KEEP THEM ON MY PC OR
ANY OTHER PLACE THAT CAN BE COMPROMISED! I'M VERY CAREFUL ABOUT MY PRIVATE
KEYS!

On May 22, 2018 12:02 PM, "ProZack39" notifications@github.com wrote:

Well that's the thing!!!! The guy that stole my $$$ doesn't have my private
key!

On Tue, May 22, 2018, 11:59 AM Blackstuntman notifications@github.com
wrote:

0xf7c8c83e06645708da2873aa01e2b5b55a613ca52f13b318800fb1de867e6c7e
<
https://etherscan.io/tx/0xf7c8c83e06645708da2873aa01e2
b5b55a613ca52f13b318800fb1de867e6c7e
>
5637208 https://etherscan.io/block/5637208 3 days 18 hrs ago
0x0f85ffa9c291a2b4ee5f0647725c7c41e5d6981a OUT
0x090b0ca0b824b1bc7e67df944fc9c63989e92ba0
<https://etherscan.io/address/0x090b0ca0b824b1bc7e67df944fc9c63989e92ba0

0
.337026 Ether 0.0097881
0xe1553296e99490d9f675f61c17a5db359ccbc6ca397368bfdb09a00319775cfb
<
https://etherscan.io/tx/0xe1553296e99490d9f675f61c17a5
db359ccbc6ca397368bfdb09a00319775cfb
>
5637204 https://etherscan.io/block/5637204 3 days 18 hrs ago
0x97e12bd75bdee72d4975d6df410d2d145b3d8457
<https://etherscan.io/address/0x97e12bd75bdee72d4975d6df410d2d145b3d8457

IN 0x0f85ffa9c291a2b4ee5f0647725c7c41e5d6981a 0.53321221 Ether
0.00063

On Tue, May 22, 2018 at 11:46 AM, hassan perry hassanperry33@gmail.com
wrote:

What do you mean not enough evidence? Just simply check my etherscan
activity! It clearly shows my withdrawal from stocks.exchange was
successful sent to my metamask wallet address via blockchain, it also
shows
seconds after it arrived over $200.00 of the over $300.00 initial
withdrawal was sent to another wallet before it ever reached my
metamask
wallet. Upon further investigation you can also that the stolen fund's
were
sent to another ethereum address with over 1,000,000.00 dollars in
ethereum
asset's! Metamask needs to reimburse me for my lost fund's and take
full
responsibility for this security breache because it's not my fault!

On May 22, 2018 11:35 AM, "kumavis" notifications@github.com wrote:

@Blackstuntman https://github.com/Blackstuntman this is not enough
information to determine what happened but when you say

noticed that over two hundred dollars $200.00 of my withdrawal had
been
sent to another ethereum address before it ever reached my metamask
wallet.

This suggests that it's not an issue with metamask, as metamask cannot
interfere with sent funds before their arrival.

If you want further diagnosis you'll need to provide more information
about your accounts, which is for the exchange and which is from
metamask.
I recommend you do that privately via the support email thread you
started.

Malware and phishing targeting cryptocurrency users are extremely
common
these days, we've seen many users with cases that were infected and
did
not
realize it. While I'm not sure that's your case (they likely would
have
taken everything), you should take care to properly identify the
source
of
the anomolous transaction to ensure you are safe.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<
https://github.com/MetaMask/metamask-extension/issues/
3132#issuecomment-391057303
,
or mute the thread
<
https://github.com/notifications/unsubscribe-auth/AlsquAuQVwv6qn2f9VO-
9ccaQ0Xmfej3ks5t1D5EgaJpZM4RxmYc

.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
3132#issuecomment-391065281>,
or mute the thread
980uKFWjRFGDTpytl9oDGRzkks5t1EPrgaJpZM4RxmYc>
.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391066205,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AlsquFX3Vtz4B9FZcZppsp5374_spt61ks5t1ESLgaJpZM4RxmYc
.

I really think Metamask has some involvement. They continue to let this
Happen. SMDH

On Tue, May 22, 2018, 12:14 PM Blackstuntman notifications@github.com
wrote:

Exactly! NO ONE HAS MY PRIVATE KEYS! ALSO! I DO NOT! KEEP THEM ON MY PC OR
ANY OTHER PLACE THAT CAN BE COMPROMISED! I'M VERY CAREFUL ABOUT MY PRIVATE
KEYS!

On May 22, 2018 12:02 PM, "ProZack39" notifications@github.com wrote:

Well that's the thing!!!! The guy that stole my $$$ doesn't have my
private
key!

On Tue, May 22, 2018, 11:59 AM Blackstuntman notifications@github.com
wrote:

0xf7c8c83e06645708da2873aa01e2b5b55a613ca52f13b318800fb1de867e6c7e
<
https://etherscan.io/tx/0xf7c8c83e06645708da2873aa01e2
b5b55a613ca52f13b318800fb1de867e6c7e
>
5637208 https://etherscan.io/block/5637208 3 days 18 hrs ago
0x0f85ffa9c291a2b4ee5f0647725c7c41e5d6981a OUT
0x090b0ca0b824b1bc7e67df944fc9c63989e92ba0
<
https://etherscan.io/address/0x090b0ca0b824b1bc7e67df944fc9c63989e92ba0

0
.337026 Ether 0.0097881
0xe1553296e99490d9f675f61c17a5db359ccbc6ca397368bfdb09a00319775cfb
<
https://etherscan.io/tx/0xe1553296e99490d9f675f61c17a5
db359ccbc6ca397368bfdb09a00319775cfb
>
5637204 https://etherscan.io/block/5637204 3 days 18 hrs ago
0x97e12bd75bdee72d4975d6df410d2d145b3d8457
<
https://etherscan.io/address/0x97e12bd75bdee72d4975d6df410d2d145b3d8457

IN 0x0f85ffa9c291a2b4ee5f0647725c7c41e5d6981a 0.53321221 Ether
0.00063

On Tue, May 22, 2018 at 11:46 AM, hassan perry <
[email protected]>
wrote:

What do you mean not enough evidence? Just simply check my etherscan
activity! It clearly shows my withdrawal from stocks.exchange was
successful sent to my metamask wallet address via blockchain, it also
shows
seconds after it arrived over $200.00 of the over $300.00 initial
withdrawal was sent to another wallet before it ever reached my
metamask
wallet. Upon further investigation you can also that the stolen
fund's
were
sent to another ethereum address with over 1,000,000.00 dollars in
ethereum
asset's! Metamask needs to reimburse me for my lost fund's and take
full
responsibility for this security breache because it's not my fault!

On May 22, 2018 11:35 AM, "kumavis" notifications@github.com
wrote:

@Blackstuntman https://github.com/Blackstuntman this is not
enough
information to determine what happened but when you say

noticed that over two hundred dollars $200.00 of my withdrawal had
been
sent to another ethereum address before it ever reached my metamask
wallet.

This suggests that it's not an issue with metamask, as metamask
cannot
interfere with sent funds before their arrival.

If you want further diagnosis you'll need to provide more
information
about your accounts, which is for the exchange and which is from
metamask.
I recommend you do that privately via the support email thread you
started.

Malware and phishing targeting cryptocurrency users are extremely
common
these days, we've seen many users with cases that were infected and
did
not
realize it. While I'm not sure that's your case (they likely would
have
taken everything), you should take care to properly identify the
source
of
the anomolous transaction to ensure you are safe.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<
https://github.com/MetaMask/metamask-extension/issues/
3132#issuecomment-391057303
,
or mute the thread
<
https://github.com/notifications/unsubscribe-auth/AlsquAuQVwv6qn2f9VO-
9ccaQ0Xmfej3ks5t1D5EgaJpZM4RxmYc

.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
3132#issuecomment-391065281>,
or mute the thread
980uKFWjRFGDTpytl9oDGRzkks5t1EPrgaJpZM4RxmYc>
.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391066205
,
or mute the thread
<
https://github.com/notifications/unsubscribe-auth/AlsquFX3Vtz4B9FZcZppsp5374_spt61ks5t1ESLgaJpZM4RxmYc

.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391070093,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiRPquvQRXvaJCLLIif37znFR_YKBEks5t1EdqgaJpZM4RxmYc
.

Does this sound appropriate?
https://metamask.helpscoutdocs.com/article/37-ghost-accounts-ether-sending-away-whenever-funding-an-account

Mine was nothing like this.. It just had me sending all my assets to a
Account that was Labeled PHISHING!!
Really!!! You cant di ANYTHING BUT WATCH THESE PEOPLE STEAL FROM THIER
CUSTOMERS

On Tue, May 22, 2018, 12:19 PM Thomas Huang notifications@github.com
wrote:

Does this sound appropriate?

https://metamask.helpscoutdocs.com/article/37-ghost-accounts-ether-sending-away-whenever-funding-an-account

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391071480,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiRMlrqzLgmsj6XrHRzKdZigrmhrBgks5t1EiDgaJpZM4RxmYc
.

No this isn't the situation at all. because I've never sent anything to
that address before. It's completely a mystery! And by the looks of that
account it's has been stealing ethereum and ethereum assets for quite some
time. And is now in the process of funneling those assets God knows where!

On May 22, 2018 12:19 PM, "Thomas Huang" notifications@github.com wrote:

Does this sound appropriate?
https://metamask.helpscoutdocs.com/article/37-
ghost-accounts-ether-sending-away-whenever-funding-an-account

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391071480,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AlsquBZFWvkCxPdq0KJOBhwH8zWJXrtDks5t1EiDgaJpZM4RxmYc
.

I really think Metamask has some involvement. They continue to let this Happen.

we don't have any control of user accounts or the blockchain

THESE PEOPLE STEAL FROM THIER CUSTOMERS

@ProZack39 we dont have any customers, we are an open source wallet
if you don't want to use metamask some other options are parity, mycrypto, myetherwallet, status.im, cipher, toshi

Yea I know.. I'm currently in the Process of Moving everything! Which is a
Pain in the Butt!!!!

Horrible Experience with Metamask! If yall cant do any better you should
SHUT DOWN! Don't keep promoting something that will Hurt People in the Long
Run

On Tue, May 22, 2018, 1:07 PM kumavis notifications@github.com wrote:

THESE PEOPLE STEAL FROM THIER CUSTOMERS

@ProZack39 https://github.com/ProZack39 we dont have any customers, we
are an open source wallet
if you don't want to use metamask some other options are parity, mycrypto,
myetherwallet, status.im, cipher, toshi

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391086948,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiRCc8gKiNT-tHks172jTNVv5t6F5hks5t1FPLgaJpZM4RxmYc
.

@Blackstuntman

Just simply check my etherscan activity!

its difficult to review etherscan without knowing what what addresses are what

is 0x0f85ffa9c291a2b4ee5f0647725c7c41e5d6981a your metamask address? or a different ethereum address you own?

@ProZack39 how do I move tokens from Dex without going through metamask?

@ProZack39 did you submit your metamask state logs to the support email? helps investigate what happened

You can use a Ledger.. I went ahead and spent the $$$ it's the Only real
way to Own your coins.

On Tue, May 22, 2018, 1:15 PM Blackstuntman notifications@github.com
wrote:

@ProZack39 https://github.com/ProZack39 how do I move tokens from Dex
without going through metamask?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391089646,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiRIljJGKA632qApTPA96JwDbgzI7lks5t1FXKgaJpZM4RxmYc
.

@kumavis yes that's my metamask wallet address. Just follow the most recent transactions from a couple of days ago, because I haven't used metamask since because I'm too afraid to, and you will see exactly what happened.

how do I move tokens from Dex without going through metamask?

@Blackstuntman likely the best way is to import your seed phrase into another ethereum browser like mist, status.im, parity

@Blackstuntman did you provide your metamask state logs to the support email thread?

@Blackstuntman having the state logs might help verify, but it looks like you might have approved the tx (the ~$200) earlier but it could not execute because you did not have enough ether. After receiving ether here, the tx was able to execute and went through.

That unexpected behavior is discribed here https://metamask.helpscoutdocs.com/article/37-ghost-accounts-ether-sending-away-whenever-funding-an-account

the empty account + sweep on retrieval seen here
https://etherscan.io/address/0x090b0ca0b824b1bc7e67df944fc9c63989e92ba0
is typical of a centralized exchange deposit flow. do you remember sending eth to an exchange recently?

Is there an explanation for Mine?

0x60609608f67dc7e83f496e152b768f439d819292

On Tue, May 22, 2018, 1:31 PM kumavis notifications@github.com wrote:

@Blackstuntman https://github.com/Blackstuntman having the state logs
might help verify, but it looks like you might have approved the tx (the
~$200) earlier but it could not execute because you did not have enough
ether. After receiving ether here
https://etherscan.io/tx/0xe1553296e99490d9f675f61c17a5db359ccbc6ca397368bfdb09a00319775cfb,
the tx was able to execute and went through.

That unexpected behavior is discribed here
https://metamask.helpscoutdocs.com/article/37-ghost-accounts-ether-sending-away-whenever-funding-an-account

the empty account + sweep on retrieval seen here
https://etherscan.io/address/0x090b0ca0b824b1bc7e67df944fc9c63989e92ba0
is typical of a centralized exchange deposit flow. do you remember sending
eth to an exchange recently?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391094604,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiRDeQ2KhF9r7OifMMGG8evn2tAZiiks5t1FlqgaJpZM4RxmYc
.

State logs can be downloaded from the settings menu with the "Download State Logs" button

Be sure to email them to support and not post them in a public place like this github thread

@ProZack39 its really hard to follow your situation in this thread of lots of users. Please send your state logs to [email protected]

tell me your email so i can find your support thread

I already have.. its not a mystery. The Address that my funds went too
literally Says "PHISHING" ON IT.

On Tue, May 22, 2018, 1:37 PM kumavis notifications@github.com wrote:

@ProZack39 https://github.com/ProZack39 its really hard to follow your
situation in this thread of lots of users. Please send your state logs to
[email protected]

tell me your email so i can find your support thread

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391096784,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiREztLNgeuBkTHBVKndPdDMaF3Yxfks5t1FrsgaJpZM4RxmYc
.

@ProZack39 does this "free airdrop" advertisement look familiar?

https://etherscan.io/address/0x903bb9cd3a276d8f18fa6efed49b9bc52ccf06e5#comments

Unless you think there may be a Ending where I get my funds back I'd rather
not waist more time on it

On Tue, May 22, 2018, 1:40 PM Zack Sanderson zcsanderson72@gmail.com
wrote:

I already have.. its not a mystery. The Address that my funds went too
literally Says "PHISHING" ON IT.

On Tue, May 22, 2018, 1:37 PM kumavis notifications@github.com wrote:

@ProZack39 https://github.com/ProZack39 its really hard to follow your
situation in this thread of lots of users. Please send your state logs to
[email protected]

tell me your email so i can find your support thread

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391096784,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiREztLNgeuBkTHBVKndPdDMaF3Yxfks5t1FrsgaJpZM4RxmYc
.

Yea I clicked on an Airdrop link. But that still doesn't explain how they
steal my$$ without my Private key.

On Tue, May 22, 2018, 1:42 PM Zack Sanderson zcsanderson72@gmail.com
wrote:

Unless you think there may be a Ending where I get my funds back I'd
rather not waist more time on it

On Tue, May 22, 2018, 1:40 PM Zack Sanderson zcsanderson72@gmail.com
wrote:

I already have.. its not a mystery. The Address that my funds went too
literally Says "PHISHING" ON IT.

On Tue, May 22, 2018, 1:37 PM kumavis notifications@github.com wrote:

@ProZack39 https://github.com/ProZack39 its really hard to follow
your situation in this thread of lots of users. Please send your state logs
to [email protected]

tell me your email so i can find your support thread

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391096784,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiREztLNgeuBkTHBVKndPdDMaF3Yxfks5t1FrsgaJpZM4RxmYc
.

@ProZack39 ok I've found the txs where your tokens were sent out

here is the first of them. Did you ever participate in an "airdrop" where you had to give your private key or seed phrase to the website? we've seen those before

this would have required either
1) giving your seedphrase / private key to a website
2) manually approving all of these transactions (possibly by being told they were doing something else)

Unless you think there may be a Ending where I get my funds back I'd rather not waist more time on it

there's no way to recover these funds. but learning what went wrong could help prevent this in the future.

@kumavis I've considered this explanation but can't see it being a valid reason for over $200.00 to have gone missing from my withdrawal of over $300.00 from stocks.exchange. because I only use idex and even if the miner fees pilled up causing 'ghost accounts' it would have never accumulated to over 200.00. I'm new to using metamask as well as ethereum so I don't have many transactions in etherscan, the transaction fees are only cents. You can add up all the transaction fees and it doesn't come close to over $200.00 in ethereum fees

@Blackstuntman not $200 in fees but just the amount required to pay for the tx ($6.57 fees + ~$200 value transfer) that you would have earlier approved, perhaps days before

basically the approved tx sits around waiting for you to be able to pay for it

i think its very likely that it was a late but successful deposit into an exchange like shapeshit/coinbase/poloniex/etc

Right! They asked for my private key.. but i'm not an idiot. I immediately
X out of the website. They still got me.

On Tue, May 22, 2018, 1:58 PM kumavis notifications@github.com wrote:

@ProZack39 https://github.com/ProZack39 ok I've found the txs where
your tokens were sent out

here
https://etherscan.io/tx/0x50fc0f4989f15f6b74941c977b24a7471de27cb9162f174d183466eee82fb942
is the first of them. Did you ever participate in an "airdrop" where you
had to give your private key or seed phrase to the website? we've seen
those before

this would have required either

1. giving your seedphrase / private key to a website
2. manually approving all of these transactions (possibly by being
   told they were doing something else)

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391103406,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiRAMQovLnlanpvSUo489pXc98ywulks5t1F_BgaJpZM4RxmYc
.

No not at all. Wouldn't the identity of the exchange be identified via etherscan if I had? The only exchange I ever sent anything to is idex and that show's where I sent the 0.1 whatever ethereum $131.00 to iDex. I don't know what the hell happened so what's up with the account that my 0.3 ethereum was sent to? Do you see anything abnormal about that account? And why would my 0.3 ethereum even go to that address it's not an exchange. Then they sent it to another ethereum address with over 1 million dollars in ethereum assets and now they are moving those assets in fear that they will be confiscated. Metamask really let me down they better step up! if they can't reimburse user's they should shut down or increase security. I want my damn fund's back!

@ProZack39
Ok so my current guess is that it was part of the 0-eth airdrop. You might have approved multiple 0-eth transactions that were actually each token transfers. This would have been subtle and hard to detect from the metamask confirmation screen as it only shows estimated cost of ether transferred. The new version of metamask has first-class support for tokens and shows a special token confirmation screen and attempts to estimate USD value of the token transfer.

If true, this is more advanced than your typical phishing scheme but entirely possible. The phishing arms race is really active right now in cryptocurrency and its hard to stay ahead. I would suggest staying away from sketchy "free money" websites while things are still wild-west.

It was an eos Airdrop.

On Tue, May 22, 2018, 2:31 PM kumavis notifications@github.com wrote:

@ProZack39 https://github.com/ProZack39
Ok so my current guess is that it was part of the 0-eth airdrop. You might
have approved multiple 0-eth transactions that were actually each token
transfers. This would have been subtle and hard to detect from the metamask
confirmation screen as it only shows estimated cost of ether transferred.
The new version of metamask has first-class support for tokens and shows a
special token confirmation screen and attempts to estimate USD value of the
token transfer.

If true, this is more advanced than your typical phishing scheme but
entirely possible. The phishing arms race is really active right now in
cryptocurrency and its hard to stay ahead. I would suggest staying away
from sketchy "free money" websites while things are still wild-west.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MetaMask/metamask-extension/issues/3132#issuecomment-391113160,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AhXiRPjIjHBSozHGGBwpEpJpOcjnnfAgks5t1GeZgaJpZM4RxmYc
.

@Blackstuntman

Wouldn't the identity of the exchange be identified via etherscan if I had?

no not necesarily. exchanges generate hundreds of thousands of temporary one-use accounts all the time, and don't publicly advertise that they belong to the exchange.

Metamask really let me down they better step up!

If you'd like additonal help, you'll need to submit your metamask state logs to metamask support

@ProZack39

It was an eos Airdrop.

Likely it was a fake site pretending to be an eos airdrop. There's a lot of those.

If you have further questions, please send a message to [email protected] and be sure to include your state logs.