Stolen ENS Name

My wallet wasn’t compromised. I have taken a number of steps to safeguard my crypto and assets, including 2FA Yubico keys to permit transactions from coinbase.com

1 Like

The Scorpio in me wants to track every NFT that this person owns and report it, but that would cause trouble for others. There has to be a way to target a single entity, regardless of the wallet they use. I’ll find a way. Someone will. This is still the “Wild West”, but plain thievery cannot be tolerated…

That’s what’s strange about my situation. Nothing else in my “compromised” wallet was touched. It makes me think that I signed something I didn’t read clearly while my old computer was possibly hijacked. Or, there’s something about the ENS names that make them vulnerable. Idk. But this is the only ENS name that I’ve transferred to another wallet (from MM to CB) and it was months later before being stolen. Again, I think I must have signed something I didn’t look at closely enough. Still a mystery, but I’ll figure it out

There is an exploit that prompts the victim to accept a wallet transaction which grants the attacker permission to control your .eth name. It communicates directly to the ENS registrar contract. The attacker phishes victims into thinking it is some other type of approval transaction with things like fake websites. I can look through your transactions and see if that happened, if you want.

If you have the time and resources, I’d love to know how it happened. Not only to avoid future mistakes like this, but warn others what to be on the lookout for.

What would you need from me?

I’ll see if I can find anything, just message me the old wallet address.

2 Likes

My original address: 0x361fC0ED3D5a3d0bDfDfde855E46d9c04de6b7eE

The address I transferred “registrant” to: 0x2d63bf0766c94d54955b6cb4044babe6b0b58bab

The thief: 0x6F69D2Efe0e663506d4Ee3A5DdB72D14aE8f8D56

I’ve since bought the name back under a different wallet…Only bc it’s important to my son. I hate myself for it, but this person will get theirs one way or another. Anything for my kids.

@daylon.eth Would something like revoke.cash be able to kill the permissions for the approval transaction? I guess it would depend too on if gas could be sent to the wallet without getting swept.

In this instance, I was only able to find a single transaction in which the theft transfer happened. I would guess it happened through a fake website that looked like Opensea or some other reputable site, and the approval and transfer was all one process. I’m not certain about revoke.cash, but it never hurts to review what has approvals to your wallet and remove anything you don’t know or recognize.

1 Like