So, I've been using MetaMask to trade on various DEX. On 6 March, all of my tokens were moved out of my MetaMask wallet. I am using a cold wallet to HODL but always keep a small balance for trading in Metamask. Is it possible someone could have gained access when I connected Metamask to some new yield farms like pooltoken.finance or meerkat.finance? It's impossible for someone to have gotten access to my seed phrase.
I traced the funds and this seems to be highly professional and large scale. the funds all end up in this account: 0x0823beBa3f1F0CAad19Ce9e5724C4f5CE0a2Fb97. Unlikely to collect so many seed phrases from so many people.
Anyone has any thoughts?
Best Answer
You did not provide the transaction hash of the stolen tokens so it's hard to pinpoint the exact cause.
However, since you have been experimenting with many DEX, it is possible that one of those was a scam that exploit the "approve" call you made before swaping. Typically, many DEX ask you to "approve" an unlimited amount of tokens before doing a swap. A scammer could design a DEX that allows him to withdraw all the tokens that you have approved. This has nothing to do with you private key, seed phrase or Metamask. If you did approve an unlimited amount of tokens to a contract, they can in fact do anything they want with your tokens including transferring them to another address.
The "approve" function should always only be called on contracts that you trust (or have read the code).
EDIT: In fact no, this is not what happened. The transaction you provided do not use the transferFrom() function that would have been use if you had approved tokens. Here we see direct transfer() that must be initiated by you or anyone who has the private key of your account. So, either you lost your private key, or you made these transfers yourself thinking that your were making a swap (the scammer could make a fake DEX website where you do transfers to him instead of swaps - you then approved these transfers in Metamask).