cryptostaker | peanuts

Introducing Frosty, our AI-powered smart contract auditing tool that outperformed every other tool we evaluated. It runs in ~1-2 hours, can be 100x cheaper than a manual audit, and is now part of every smart contract review at Coinbase. Here's how we built it: https://t.co/rrjAQifHIC

Hey everyone, My Metamask just got hacked for ~13k USD today. Not sure if my credentials are affected as well, if anyone received something suspicious from me, don't click on any links or entertain them. My suspicion is on me running npm i and npm run start on a folder I downloaded 10 hours ago, which spun up the localhost. I didn't realize I was hacked until 10 hours later when I wanted to transfer some money elsewhere. It seems like my wallet is simultaneously drained from all chains (zksync, base, op, polygon, eth) My wallet address: 0x7c982E9563C6D6863eB62d65225530791cfDd341 Some malicious addresses: 0xcc9967aefced28d139a333ba15b7f8c60e0ef058 It all started when someone approached me on LinkedIn and asked me if I could do some audit work for him. Seems innocent. He wanted me to check his react app and will give me some solidity code to audit. I thought that was harmless enough, so I asked him for more documentations. He gave me a link to a gitlab folder with a react app and javascript. I don't know much about javascript but I know how to run npm i and npm start, so I did just that. I gave him my opinions on the website (it was really pretty shitty, I should have known something was up on hindsight), but the solidity code was nowhere to be found in the Gitlab link. I thought it was probably in another link, so I asked him for it. He did not reply. 10 hours later, I found out I was hacked. Post-mortem, I read through the javascript files and notice some connections here and there to web3js and Metamask. Still really don't understand what happened in the script. I really didn't expect to be hacked, especially coming from an auditing industry. What an irony. I thought I was safe enough, didn't download any executables and programs, made sure I kept my seed phrase safe offline, but I guess social engineering attacks finds its way. Note to all security auditors and everyone else out there: If you have to deploy something to a local server, make sure your Metamask is not connected to your browser. Try to use incognito every time as well. Even better, don't download and run any folders/file, and if you have to, make to log out of all your wallets and don't save anything in the browser. Also, I probably won't use LinkedIn anytime soon, what a letdown. Better get clients through the web3 connections. I thought I wanted to try something new. I know the money is probably gone forever and this is a pricey lesson, but if anyone is able to help or if anyone wants to know more information, please reach out to me. Also, I'd appreciate a share, ensure that nobody else fall victim to this type of hack as well.