
Stolen Ethers from MyEtherWallet and IG:shanefr0mmaine - eth_vig
This is the story of my stolen ETH from MyEtherWallet and the culprit:<p>This morning I tried to enter the BAT ICO using MyEtherWallet. I had 20 ETH in my account. Later this evening, I wanted to transfer my ETH away and to my dismay, they weren&#x27;t there. This was strange. This led me down a pretty interesting chase.<p>This is the account history of MyEtherWallet account: https:&#x2F;&#x2F;etherscan.io&#x2F;address&#x2F;0x7aaafe93355498af4E6Bf33267168c4e5E27408C
A transfer in, two attempts at BAT ICO and a tx-out for 19.88 ETH: https:&#x2F;&#x2F;etherscan.io&#x2F;tx&#x2F;0x21fcf9025650b3e8bc68da56c1e1755869ee754da8bce29255500a89710280a4
The last transaction out was the fraudulent one which I hadn&#x27;t done.<p>Who was this transaction to? An account with hash of public key: 0xe847F9abc3C8986De276648224E916821BD7D68f. This account basically sends the transaction forward to another account 0x8271b2e8cbe29396e9563229030c89679b9470db. A quick scan of the transaction reveals that this account is receiving a lot of transactions constantly and currently has over $1.6M in ETH.
Who is this account transacting with? Well, some of the connected accounts (outgoing tx) have similar amounts of ethers – emptying accounts all the time. This is HUGE and been going on for a while!<p>Who owns this fraudulent account? A quick Google search and I land on a Poloniex conversation between zyplok and smallbit concerning a microtransaction from the same account gone awry. Zyplok owns the account. Who&#x27;s zyplok and what does the internet know about zyplok?<p>Well, a lot! For starters, Zyplok.com is a &quot;bitcoin mining&quot; system run by IG:shanefr0mmaine. A few more searches later, the github (https:&#x2F;&#x2F;github.com&#x2F;ar7ik) and an address in Portland, Maine.<p>So what&#x27;s next? While zyplok depletes a ton of accounts, I&#x27;ll report the activity to Poloniex, Kraken and the other exchanges. And zyplok, if you&#x27;re reading this, can I get my ETH back please? (new address: 0x8D707851d45Efcc6553fF4ABfE93B20003920aab)
======
insomniasexx
Hey eth_vig,

I'm following trailing from this Ethereum Chamber . net scam shit and was
googling addresses and found this post.

Can you get in touch with me when you have a second. Would love to compare
notes. taylor at myetherwallet com

Thanks.

------
ssijak
What are the most frequent ways that people steal cryptocoins? By malware
which is programmed to search for specific wallets and issue transactions to
the fraudulent wallets?

~~~
eth_vig
I'm still trying to figure out how my account was compromised. I created a new
wallet yesterday to participate in the BAT ICO. Phishing attack maybe?

