MetaMask User Falls For Phishing Scam, but Whitehat Hacker Returned $117,000

A major phishing attack was interrupted thanks to the efforts of a whitehat hacker who outsmarted the thief before they could complete the job.

Right Before Your Eyes

A real-time crypto heist played out on Reddit. User ‘007happyguy’ invited the r/CryptoCurrency subreddit to watch while hundreds of thousands of dollars in crypto holdings were drained from their MetaMask.

A malicious actor gained access to their account via a phishing scam and the internet was privy to watch the emptying its contents.


As 007happyguy explained, the phisher presented themselves as tech support on Discord and directed them to a site that prompted them to connect their wallet. When the wallet failed to connect on the first attempt, the site asked for the wallet seed phrase. 

The user duly provided the private key in a moment of tiredness when ‘my warning radar was off.’ The thief had already drained $130,000 from their account by the time the victim posted on Reddit to report the ongoing theft.

Not all heroes wear capes, some have whitehats. (Source: Freepiks)

Thwarting the Attack

Fortunately, a fellow Reddit user directed the unhappy 007happyguy to whitehat hacker Alex Manuskin. He was a former blockchain researcher at ZenGo. From there, Manuskin established that 007happyguy was indeed the owner of the account. 

The next stage of the plan was a little counter-intuitive: Manuskin requested the private keys to access the account and stop the theft. As a last resort, and since the account was already being drained, 007happyguy obliged Manuskin, allowing the good samaritan to access the account. 

Manuskin was then able to ensure that any ETH sent to the account for gas fees was immediately sent back out again.

The whitehat hacker then used a technique involving flashbots to move money out of the compromised account. Flashbots allowed him to pay for the transactions without having ETH in the source wallet. 


In total, the process took around 6 hours to complete, saving $117,000 of the initial $240,000. A hard lesson for the victim, but less hard than it might otherwise have been.

Following the rescue operation, 007happyguy updated the Reddit post to express his gratitude: “I am overjoyed that he [Alex] did what he did. It’s amazing for both his stepping in and spending hours to save this and no less for his 100% total honesty and integrity.”


If you’re thinking of keeping large sums of crypto in an online hotwallet – don’t. Never give your private keys to anyone ever. 

Beware of people claiming to be tech support who contact you through Telegram, Discord, Twitter, or other social media channels. Keep vigilant at all times.

Always take time to ensure the integrity and provenance of any site you visit, especially any site that asks for personal information. Stay SAFU.

Source :

Leave a Reply

Your email address will not be published. Required fields are marked *