Scammed for $20k, seeking advice on what went wrong

A scammer gained access to two of my wallets and within 5 minutes, managed to drain about $20K worth of coins (at the time).

I know I'm at fault here, but I'm trying to learn from this. I'm aware I can kiss these coins goodbye.

What baffles me is how they accessed not one, but two of my different seed phrases.

Some of my suspicions:

  1. The seed phrases were stored in 1Password (I know, stupid, it's now fixed). However, there were other seeds in there for wallets containing about $5K, which the scammer didn't touch. Why would they leave those?
  2. 10 days earlier, I used to bridge ETH to SOL. But I confirmed it was legit, and only connected one of the compromised wallets.
  3. Hours before the hack, I used [this guide]( to filter some Google Shopping search results using uBlock Origin, but nothing seemed out of the ordinary.
  4. I had some apps cracked by m0nkrus, but they are considered legit as far as community trust goes. Also, these were installed quite some time ago.

Here's a breakdown of the transactions that occurred during the scam:

# Wallet 1a (ETH): 0xdcD7F0CC4B01d02Ab3963270F0Dd242ee2108d6C

  • 2.92 ETH stolen and transferred to 0xAfFD49F769F2Afc92b98C0BcAE86FBFb567f8F6D, then moved to FixedFloat (0x4E5B2e1dc63F6b91cb6Cd759936495434C7e972F).
  • 1,456.38 AGRS and 0.019 ETH stolen and transferred to 0x9a49DD07481B3B6e6452F7970CfE9Bfb12F234D6, where they currently remain.

    # Wallet 1b (BNB): 0xdcD7F0CC4B01d02Ab3963270F0Dd242ee2108d6C

124,583.39 SAITO and 55.44 XCAD swapped for 4.02 BNB via 0x1a1ec25DC08e98e5E93F1104B5e5cdD298707d31, then 4.49 BNB transferred to 0x9a49DD07481B3B6e6452F7970CfE9Bfb12F234D6.

# Wallet 2 (BNB): 0x805b2c2012f5Ea9607f4F2B8F8BeAdD126D10c7b

52,665.91 SAITO swapped for 1.59 BNB, which was then transferred to 0x9a49DD07481B3B6e6452F7970CfE9Bfb12F234D6.

The BNB from Wallet 1b and Wallet 2 was consolidated in 0x9a49DD07481B3B6e6452F7970CfE9Bfb12F234D6, and 6 BNB were moved to 0x6297EC9F725919A5FD2ca95240f59e09585871dA, before being transferred to a FixedFloat hot wallet (0x4727250679294802377dD6cA6541B8E459077c9).

The address 0x1a1ec25DC08e98e5E93F1104B5e5cdD298707d31 appears to be a contract linked to ongoing scams, judging from the comments posted on it, but I wasn't able to infer anything from these.

I've also filed a police report and reached out to FixedFloat. They've responded that they can investigate the scammer's server and order logs, potentially retrieving the IP address and other identifying details.

Any help would be appreciated!

25 thoughts on “Scammed for $20k, seeking advice on what went wrong”

  1. Hello davesp1. It looks like you might have found a new scam? If so, please report this scam by crossposting to r/CryptoScams, r/CryptoScamReport, or visiting For tips on how to avoid scams, click here.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

  2. Portalbridge could likely be the cause.

  3. Why should 1Password be a bad storage for your seeds? When you are doing everything correct there should not be a problem.

  4. OP did you enter some of the seeds into 1password with a certain device and other with another. Were some entered more recently than others? Possible key stroke logger on your computer?

  5. Maybe old allowances on compromised or malicious contracts? Have you checked allowances on revoke?

  6. Sorry for loss

    0xAfFD49F769F2Afc92b98C0BcAE86FBFb567f8F6D is a Fixedfloat deposit address. 0x6297EC9F725919A5FD2ca95240f59e09585871dA is also a Fixedfloat deposit address.

    0x1a1ec25DC08e98e5E93F1104B5e5cdD298707d31 is a Metamask hot wallet

    Basically from what I can see is the hacker moved your funds to two fixedfloat deposit addresses and most likely moved to a different wallet from there.

    You can contact fixedfloat to put a temp freeze but they wont do anything without a LE subpeona.

  7. Lol, dude, metal seed phrase case and call it a day. Anything else is just stupid. Don’t type anything related to a seed online.

  8. The biggest problems for crypto holders is: 1st having their crypto on a hot wallet,
    2nd not knowing how wallets works.
    3rd not knowing how the seed phrase work

  9. Could have been the malware or something else you’ve downloaded ages ago and the scsmmers decided now to take the funds after the pump, they don’t do it straight away

  10. This is why I gave up crypto. No way to get anything back. All I see is post of huge gains and losing it all to a scam. People hate on cash but I can get it back from the bank.

  11. This is my theory but I believe one of the apps/websites has developers or people behind the scenes that steal money from wallets. Some one I knew who went to prison came back 7 months later and someone took their money from select wallets. He swore he never put his seed password anywhere online it was strictly on paper in a locked storage container hidden away. His money was untouched while he was using his accounts until he got arrested and then it was wiped when someone noticed his lack of activity.

  12. Check your emails on the dark net. Your password manager probably got hacked. Always store keys physically.

  13. Storing your seed phrases the way you did is vehemently stupid. That’s the cause. You don’t need to do anymore investigation.

  14. The best advice is, use a wallet that supports password offset. There are several now, but for shitcoins, try SafePal.

  15. Sorry for your loss… What’s the correct way to store seed phrases? in a stick in a book?

  16. I am sorry this happened, thank you for sharing. What exactly is the problem with a password manager like 1Password ? Personally I use Dashlane but what could go wrong ?

  17. Writing down your seed on a piece of paper and storing it in a safe place. So easy, so simple. I don’t know why people feel they need to reinvent the wheel.

    There is no help anyone can give you. It’s gone forever. The only thing that can help is to ignore the scammers in your DMs.

Comments are closed.