Bnb swap to busd hacked?

Im confused, i just tried to swap.bnb to busd, $249 it went through. And showed quickly in my wallet, then 1 min later it went?

I looked at bscan and it says it was swapped for some luna-swap io which is a scam…? How has this happened? All i did was swap via the swap button.

You can see the transactions. And i didnt make them… what can i do? Cheers

6 Likes

Hello @mk1gti , can you drop more details about this transaction so that we can look into it

3 Likes

Its an odd one, the more i look into it…
I see i swapoed from bnb to busd, all fine, it showed up, then it vanished??

I looked on the transaction list, to see it was sent via my wallet address to another, but nothing else has been touched?

Im just in the process of moving my funds to a new metamask.

But i do have tokens staked which is going to cause issues im sure…

Has my metamask been compromised? As ive never given out my seed ect. Ive changed the password and deleted from my browser, but have a copy on my phone which i can use. But i dont want to risk looking at anything…

Would they have got my seed already? Or just managed to get in via my browser? And they dont know my password to reveal seed?

Cheers

4 Likes

Paste a public address or a transaction hash

1 Like

Hi @mk1gti ,

In addition to Stephanae who is helping you can also see this too -

The link nakedwinnie shares there will take you to a chat that is at first a bot but as you click through, it should connect you to a live agent.

2 Likes

This was the transaction hash 0xa65b52a910427458a589136607eb45bd032b32484fb049ec2b780eeeebf60dec

Please check and confirm that this is correct . As this hash could not be found on the scan

1 Like

Thats what it shows under the bep-20 token tab. It shows it gong out. Ive tried to upload a pic

1 Like

To this address and tge comments say it all lol 0x48736EF1755344dAc8F47A722fE884Be475C9b2b

But the transaction dosent show in my busd or bnb anymore? Only on the bsc scan…

Okay now it seems this wallet is compromised. But not completely. Because it has interacted with an address that has malicious activity. Be careful how you connect your wallet to sites that you have not fully verified .

1 Like

I see, i will still set up a new metamask, and wait until my vesting time ends before i try to unstake my tokens, from the current metamask. as they are locked for 6 months,
I cant think of any sites ive connected my wallet to that were untrustworthy…

I just hope it was a one time thing…

1 Like


I confirm that you have been cheated. This is the address you transferred to. Many people who have the same experience as you have been cheated by the same person.

2 Likes

Please don’t disclose your private key, don’t interact with strange contracts, and don’t click strange links

2 Likes

I saw this, but cant see how? Am i now not safe to try and swap from bnb to busd anymore?

Why were the rest of my funds not touched? Thank my lucky stars!

1 Like

Please transfer your remaining funds to your new wallet immediately and keep your private key

2 Likes

Dang @mk1gti I’m so sorry this happened. It does sounds like you’re compromised. Getting a brand new wallet with new seed and all is probably your best bet.

You can review and revoke allowances on your current wallet. For ethereum mainnet I use revoke(dot)cash but I’ve never used one that’s for Binance Smart Chain. Looking around, it looks like people recommend allowance(dot)beefy(dot)finance but I can’t verify this and I’d suggest researching it. Revoking permissions for contracts could possibly help, but really getting that new wallet is going to be the safest move.

Heads up, it costs gas to revoke permissions.

2 Likes

I should share, reviewing and/or revoking permissions is good to do and review pretty regularly. I try to review my wallet permissions weekly, revoking permissions from basically everything that I’ve interacted with that I’m not using at that moment. This is the same as what I shared above - check that Knowledge Base article.

There are so many ways to get compromised. I feel like I’m forever learning about security. A cold wallet isn’t a bad idea to add either. It’s basically like a set of keys someone would need to get in. Two well known ones are Trezor and Ledger. If you end up getting one, buy directly from these companies and not 3rd parties - there are scams this way too. Before you get one read up on them and understand what can be on them/can’t, how to use, etc.

Here are some articles -

1 Like

Superb thank you so much, i do have a ledger, but as i say some of my tokens are locked in a launchpad, i just dont want to lose them if possible. I thought i was good at security :laughing: i guess not. It could of been alot worse. Ive moved all my tokens to another account now.

I never knew about revoking. If i revok i guess if i need it back i can get it?

I do see one on bscan i dont like the look of… i only have a few on there, i will get rid of the one that looks funny.

Thank you so much! Everyday is a school day.

3 Likes

You got it! I’m glad this wasn’t too bad for you and hoping all your tokens staked are ok. You could always try reaching out to that team to see if there is a way they could help you ( I’m sure you know this but just to share - don’t share seed - don’t share screen - etc, etc)

Reviewing/revoking permissions is a good tool. I saw someone recommend debank(dot)com too - again I can’t verify this one so research but I have seen it shared a bunch. That Knowledge Base article from MetaMask is a good resource. I try to revoke for everything when at all possible and yep, you can give permissions back - the only catch is this costs gas to do again.

I am not positive if revoking permissions if you’re staking on a site is an issue - I will try to find out this answer for my own learning purposes too! I’m with you - always learning here!

2 Likes

Hey @mk1gti -

One more thing I wanted to share. You may totally already know this, so I apologize if so but just in case - in addition to revoking permissions, always making sure your accounts are disconnected from dapps is good practice too. This is different from revoking permissions. See this article for more information. Wishing you all the best! -

3 Likes