According to the inference, the input method saved the mnemonic input and stored it in a certain file on the phone. A certain software on Android phones carries a virus that has permission to scan all files on your phone and took your mnemonic.

In the early morning of the 28th, my OKX wallet used for gaming was hacked, and 500 sAID from Gaib was transferred away, along with various tokens and a few worthless NFTs scattered across ETH, BNB, BASE, and XLAYER.

I lost about 600u in total... The wallet is ruined.

What's strange is: the theft occurred after I linked my OKX wallet to the Gaib official website on the 25th and unstaked the 500 sAID stablecoins from GAIB, and on the early morning of the 28th, the unstaked sAID had just returned to the wallet when it was immediately transferred away, and then the other tokens and NFTs on different chains were successively transferred away.

Why does it feel like there’s an issue with the unstaking link from GAIB?

The fact that assets across chains were stolen indicates that this was a leak of the private key or the mnemonic phrase.

If I had clicked on a phishing link and authorized it, I would usually only lose assets from one chain, not so many chains being compromised.

However, I have always handwritten my mnemonic phrase in a small notebook stored in a safe; I manually imported my OKX wallet at home, one word at a time, and had no opportunity for leakage.

So how was the private key leaked?

Additionally, during the day on the 27th, I downloaded a VPN client called Kele Cloud and even bought a month of VPN service; this Kele Cloud VPN is also very suspicious.

From the second image, after I downloaded the Kele Cloud VPN client on the 27th, this wallet did not interact with any smart contracts that day.

#钱包被盗
#okx钱包被盗
#VPN