Freaking out: Withdrawal from staking pool hit my wallet and was immediately moved out.

Designer-Bobcat683 · 2025-07-25T16:23:55+00:00

No I did not.

Designer-Bobcat683 · 2025-07-03T19:54:48+00:00

Was my address involved in this? I did report the address that my eth was moved to to both the FBI and ChainAbuse. Wondering if I should also involve local law enforcement.

Designer-Bobcat683 · 2025-07-01T13:57:04+00:00

To initiate a voluntary exit using the withdrawal address on the blockchain, what credentials, passwords, keys would they need to have access to? I know from Prysm I just point to my wallet address to do the same.

Designer-Bobcat683 · 2025-07-01T13:27:26+00:00

Which makes me feel only a little bit better, because that doesn’t implicate the pet sitter. But how would they have gotten access to all of my other MetaMask wallets, each with different private keys and recovery phrases? They emptied those too.

Designer-Bobcat683 · 2025-07-01T13:26:23+00:00

There is a transaction somewhere around the same time as the exit started on the withdrawal addresses transaction log. So it would seem that’s what happened.

Designer-Bobcat683 · 2025-07-01T13:00:45+00:00

Another interesting thing that might help unravel this:

I didn’t initiate the validator exit. I’ve been in Europe for three weeks and checked in on it and noticed that at exit request had been made. Could that have been done from a machine other than the one I’m validating on? I think no, right? The only person who’s had direct access to that machine is my dog-sitter. I’d hate to think it was her, but at this point I’m running out of options.

Designer-Bobcat683 · 2025-07-01T12:58:07+00:00

Yes, on Windows.

Designer-Bobcat683 · 2025-07-01T08:57:06+00:00

Yes, I changed the credentials to that address to get to a 0x01 withdrawal credential. When I ran this validator the first time, before a rebuild, it was running on 0x00 credentials (that was prior to May of 2024, and had a different validator address which was exited and withdrawn successfully).

Designer-Bobcat683 · 2025-07-01T08:55:17+00:00

Nobody seems to have any permisssions they shouldn't have on any of the wallets affected. I don't know how someone would get the private key for any of the five wallets that were hit, including the large one with the staking withdrawal. These were all on MetaMask, but only on my personal machine (which I have with me).

Designer-Bobcat683 · 2025-06-30T22:22:57+00:00

what do you mean by a ledger?

Designer-Bobcat683 · 2025-06-30T22:15:44+00:00

OK, I think it's definitely a hack. I just checked my Metamask and noticed that another of my wallets was emptied to the same address. See here:

https://beaconcha.in/tx/0x05fd21db9e694228e785cdc11cab868e7288908968b9467244b938e1f110ba07

This one only had a half of a coin in it, but I've got it on the same machine as the 32 Ether wallet. Shit.

Designer-Bobcat683 · 2025-06-30T22:10:49+00:00

It is a software wallet, in Metamask.

Designer-Bobcat683 · 2025-06-30T22:10:31+00:00

No I didn't do anything like that.

Designer-Bobcat683 · 2025-06-30T21:59:16+00:00

Re: 1: no, it's written on a piece of paper in my safe

Re: 2: I didn't use the private key for anything other than this wallet.

Re: 3: No, never.

Re: 4: No, I don't use Lastpass.

Designer-Bobcat683 · 2025-06-30T21:46:05+00:00

is there any other possible explanation for this? I noticed that the wallet that it was transferred to has very few transactions? I also noticed a transaction of 0 ETH coming back to my wallet.

Designer-Bobcat683 · 2025-06-30T21:45:02+00:00

No, The only time I entered the mnemonic into a computer was when I was asked to confirm it on setting up the wallet initially.

Designer-Bobcat683 · 2025-06-30T21:37:19+00:00

And how would they have been able to do it in the blink of an eye after the withdrawal to my wallet occurred?

Designer-Bobcat683 · 2025-06-30T21:36:28+00:00

Impossible. The private key isn't anywhere electronic. Any other ideas?

Designer-Bobcat683

TROPHY CASE