Obligatory this didn't happen today, it happened Christmas day.

TL;DR: I got scammed out of 8.6 Ethereum, or about 22,000$

Transaction: 0x8b9223289156047cc08dea656bd5d479695bc6c7bc48917253be0bc4e02c1246

--

It was Christmas day, and I was sitting on the porcelain chair regretting my prior Eggnog decisions, curiously checking up on a totally unrelated crypto, Quantum. In poking around, I came across a Medium post with a bunch of high-fives (or claps, or whatever their rating system is) talking about an air-drop for QTUM. It referenced a "tool" that you could link to your Web3 wallet to see what aidrops were currently active that you were eligible for.

So I linked up, clicked the button, and up popped a signing request. This should have been first :sirens: AWOOGA :sirens: moment.

Now, for those that don't know, a signing request is a request for approval to send a transaction. The kicker in this case though, was that the signing request had no information (Exodus, the wallet I use, didn't show any details of the transaction I was being asked to send - destination, quantity, etc).

In my ignorance with the advent of Web3 standards and lack of knowledge of how things work, I legitimately thought this was normal - that it was asking to reveal my public address (or seomthing). Again, the prompt to approve the signing request did not contain anything indicating I was sending currency (no destination address was shown, no value / quantity, etc - nothing).

After the third or fourth back to back pop-up, that feeling of dread sank in... and my sins became very painfully clear. I sent all of my Ethereum, Polygon, BAT, and Render, unknowingly, to this scammer.

Because of how crypto works, there is no recourse (not even in taxes - thefts aren't claimable, and unrealized gains aren't either).

I reached out to Exodus and mostly got canned responses back. There's nothing they can do, obviously (other than fix their fucking app to show critical information that would have prevented this from happening in the first place)

Hopefully my fuck-up can serve as a reminder to anybody involved in the Crypto world to remain vigilant, and always remember that you're your own worst enemy.

--

Technical Details

The Medium post I was reading has been taken down, and the user/ post is flagged for review. https://medium.com/@SolanaSharkXX803/qtum-qtum-airdrop-eligibility-step-by-step-guide-84bd69fba6ab

The Web3 site it linked to for "checking for airdrops" (dappradar.vip) has also been taken down. Both were up and active on Christmas.

The link in the TL;DR at the top is the transaction, if you're curious, where I unknowingly and unwillingly sent the entirety of my Ethereum holdings. Hopefully Exodus Wallet fixes their own apps' shortcoming...

The destination (scam) address is 0x0000C5d73291e9ae226E7fE59ea1e6b68bE30000, which itself is an Ethereum App, owned by 0x2915d0f44448cCEbBe95eBCa9193ceb2E462AbBF.

The actual scammed currency gets transparently forwarded to 0x000037bB05B2CeF17c6469f4BcDb198826Ce0000.

At the time of this writing, this scammer has successfully scammed 60.89 Eth (~159,000$) of which 8.636 Eth is mine.