After Three Days on Hotel Wi-Fi, My Crypto Wallet Was Drained

marsbitPubblicato 2026-01-09Pubblicato ultima volta 2026-01-09

Introduzione

While on vacation, the author connected to an unsecured hotel Wi-Fi network without a password, only a captive portal login. After discussing cryptocurrency topics on a phone call in a shared space, an attacker nearby identified him as a crypto user with a Phantom wallet. The attacker executed a man-in-the-middle attack, injecting malicious code into a webpage the author visited. While using JupiterExchange for a swap, a fraudulent transaction approval request was triggered, disguised as a legitimate platform action. The author approved what appeared to be an authorization or session confirmation—not a direct fund transfer—granting the attacker permission to access his wallet. Days after leaving the hotel, the attacker drained his SOL, tokens, and NFTs. The author lost around $5,000 from a secondary hot wallet, emphasizing mistakes: using public Wi-Fi, discussing crypto in public, and approving transactions without thorough verification. He advises using mobile hotspots, avoiding public crypto discussions, and scrutinizing every wallet request.

Original Author:The Smart Ape

Original Compilation: Deep Tide TechFlow

A few days ago, I went with my family to a very nice hotel for the year-end holiday. One day after leaving the hotel, my wallet was completely drained. I couldn't figure out why, as I hadn't clicked on any phishing links or signed any malicious transactions.

After hours of investigation and seeking help from experts, I finally uncovered the truth. It all turned out to be due to the hotel's Wi-Fi network, a brief phone call, and a series of foolish mistakes.

Like most cryptocurrency enthusiasts, I brought my laptop with me, thinking I could squeeze in some work while on vacation with my family. My wife repeatedly insisted that I shouldn't work during these three days—I really should have listened to her.

Like other guests, I connected to the hotel's Wi-Fi network. This network didn't require a password; it only needed to be logged into via a captive portal.

I worked as usual in the hotel without doing anything risky: I didn't create new wallets, click on strange links, or visit suspicious decentralized applications (dApps). I just checked X (Twitter), my balances, Discord, Telegram, etc.

At one point, I received a call from a crypto friend, and we chatted about market trends, Bitcoin, and other cryptocurrency-related topics. But what I didn't know was that someone nearby was eavesdropping on our conversation and realized I was involved in cryptocurrency. This was my first mistake. The other party learned from our conversation that I was using a Phantom wallet and that I was a user with significant holdings.

This made me his target.

In public Wi-Fi networks, all devices share the same network, and the visibility between devices is actually much higher than you might think. There is almost no real protection between users, which creates an opportunity for "Man-in-the-Middle Attacks." The attacker acts like a middleman, quietly inserting themselves between you and the internet, much like someone secretly reading and tampering with your mail before it reaches you.

While I was browsing the web on the hotel Wi-Fi, one website appeared to load normally, but in reality, malicious code was injected behind the page. I didn't notice anything unusual at the time. If I had installed some security tools, I might have detected these issues, but unfortunately, I hadn't.

Normally, websites might request your wallet to sign certain operations. The Phantom wallet would pop up a window, and you could choose to approve or reject. Generally, you would sign without suspicion because you trust the website and the browser. However, I shouldn't have done so that day.

Just as I was performing a token swap on the @JupiterExchange platform, the malicious code triggered a wallet request that replaced my normal swap operation. I could have detected it as a malicious request by carefully checking the transaction details, but since I was already performing a swap on Jupiter, I didn't suspect anything.

That day, I didn't sign any transaction to transfer funds; instead, I signed an authorization. This was the reason my assets were stolen days later.

The malicious code didn't directly ask me to send SOL (Solana), as that would have been too obvious. Instead, it requested me to "authorize access," "approve account," or "confirm session." In simple terms, I was actually giving another address permission to operate on my behalf.

I approved it because I mistakenly thought it was related to my operation on Jupiter. The message that popped up in the Phantom wallet at the time looked very technical, showing no amounts and no prompt for an immediate transfer.

And that was all the attacker needed. He waited patiently until I left the hotel before taking action. He transferred my SOL, withdrew my tokens, and moved my NFTs to another address.

I never thought something like this would happen to me. Fortunately, this wasn't my main wallet but a hot wallet used for specific operations, not for long-term asset holding. But even so, I made many mistakes, and I believe I am primarily responsible for this.

First, I should never have connected to the hotel's public Wi-Fi. I should have used my phone's hotspot for internet access.

My second mistake was talking about cryptocurrency in the hotel's public area, where many people might have overheard our conversation. My father once warned me never to let others know you're involved in cryptocurrency. This time, I was lucky; some people have even faced kidnapping or worse because of their crypto assets.

Another mistake was approving the wallet request without paying full attention. Because I was sure the request came from Jupiter, I didn't analyze it carefully. In fact, every wallet request should be carefully reviewed, even on applications you trust. Requests can be intercepted and may not actually come from the app you think.

In the end, I lost about $5,000 from a secondary wallet. While it wasn't the worst-case scenario, it was still very frustrating.

Domande pertinenti

QWhat was the primary security vulnerability that led to the author's wallet being drained?

AThe author connected to the hotel's unsecured public Wi-Fi network, which allowed an attacker to perform a Man-in-the-Middle (MitM) attack, intercept and inject malicious code into web pages, and trick the author into signing a malicious transaction approval.

QHow did the attacker identify the author as a potential target for the cryptocurrency theft?

AThe attacker overheard the author's phone conversation about cryptocurrency, market trends, and Bitcoin in a public area, which revealed that the author used a Phantom wallet and was a sizable holder.

QWhat specific action did the author unknowingly approve that led to the theft days later?

AThe author approved a malicious transaction that granted authorization or permission for another address to operate on their behalf, rather than directly transferring funds. This approval was disguised as part of a normal token swap on Jupiter Exchange.

QWhat security measures does the author mention could have prevented this incident?

AThe author states they should have used a mobile hotspot instead of public Wi-Fi, avoided discussing cryptocurrency in public, and carefully inspected every wallet transaction request, even from trusted applications.

QWhat was the financial impact of the attack on the author?

AThe author lost approximately $5,000 from a secondary hot wallet used for specific operations, not their main wallet, which mitigated the severity of the loss.

Letture associate

$467K In Crypto Seized As Spain Cracks Down On Illegal Piracy Platform

Spanish police seized €400,000 ($467,000) in cryptocurrency from two cold wallets hidden inside a wall thermometer during a raid in Almería. Three suspects were arrested in connection with the country’s largest illegal Spanish-language manga distribution platform, operational since 2014. The site generated over €4 million ($4.55 million) in ad revenue by offering pirated content. Authorities have not confirmed whether they can access the seized funds, as cold wallets require PINs or seed phrases. The case highlights challenges law enforcement face in handling crypto seizures, illustrated by custody failures in other countries like South Korea.

bitcoinist1 h fa

$467K In Crypto Seized As Spain Cracks Down On Illegal Piracy Platform

bitcoinist1 h fa

Kicked Out of PayPal, Musk Aims for a Comeback in the Crypto Market

Elon Musk's X (formerly Twitter) has launched its "Smart Cashtags" feature, generating approximately $1 billion in trading volume within days of its April 2026 pilot launch. The feature allows users to click on stock or crypto tickers (or even full Solana token contract addresses) in posts to view real-time price charts and discussions without leaving the app. Initially available to iPhone users in the US and Canada, with a partnership in Canada enabling direct trading via the Wealthsimple app. This move is part of Musk's broader "Everything App" vision, spearheaded by the upcoming X Money platform. Analysts, such as Mizuho's Dan Dolev, see this as a potential disruptor to the US payments market, even prompting a downgrade of PayPal's stock. X Money's beta offers services like 6% APY on deposits, cashback, and P2P transfers, with speculation it may later incorporate crypto trading and stablecoin settlements for faster transactions. However, the ambitious plan faces significant regulatory scrutiny. Senator Elizabeth Warren has questioned the sustainability of the high 6% yield and raised concerns over X's banking partner, Cross River Bank, which has a history of regulatory violations. Additional risks involve the "GENIUS Act," which may create loopholes for stablecoin issuance without full FDIC insurance coverage, potentially leaving users unprotected. The integration of social trading on a platform with over 500 million users could inject new liquidity and retail interest into the crypto market. Yet, it also amplifies risks like herd mentality and the blurring of lines between entertainment and financial speculation. Musk's return to finance, after his ouster from PayPal, hinges on balancing innovation with regulatory compliance.

marsbit2 h fa

Kicked Out of PayPal, Musk Aims for a Comeback in the Crypto Market

marsbit2 h fa

Tether’s Mega-Freeze: $344M USDT Locked Down In Major Operation With US Authorities

Tether has frozen $344 million in USDT held in two Tron wallets at the request of US authorities, including OFAC, after the wallets were linked to sanctions evasion and criminal activity. The company emphasized its routine cooperation with global law enforcement, having supported over 2,300 cases and frozen more than $4.4 billion in assets to date. This action contrasts with increased scrutiny on rival stablecoin issuer Circle, which faces a lawsuit over its alleged failure to promptly freeze $280 million stolen in the Drift Protocol hack. Tether also announced a collaboration with Drift Protocol to support recovery efforts with nearly $150 million in backing.

bitcoinist2 h fa

Tether’s Mega-Freeze: $344M USDT Locked Down In Major Operation With US Authorities

bitcoinist2 h fa

Shenzhen's Airdrop Hunters Are Now Turning to Hong Kong Stock IPOs

Shenzhen, a city synonymous with ambition and rapid growth, has long been a hub for those capitalizing on information and opportunity gaps. From its origins as a small fishing village, it has transformed into a global center for electronics, manufacturing, and innovation, home to giants like Huawei, Tencent, and DJI. Arez, a typical Shenzhen entrepreneur in his early thirties, runs an airdrop farming studio in Nanshan. In 2023, his team profited significantly from major airdrops including Arbitrum, Starknet, and LayerZero. At its peak, the operation managed thousands of on-chain addresses, utilizing scripts, IP proxies, KYC resources, and capital rotation to maximize returns. Now, like many others in Shenzhen’s dynamic speculative economy, Arez and his peers are shifting focus—this time to Hong Kong’s IPO market, seeking new avenues for profit in ever-evolving financial landscapes.

marsbit2 h fa

Shenzhen's Airdrop Hunters Are Now Turning to Hong Kong Stock IPOs

marsbit2 h fa

Four Outrageous Details Hidden in Justin Sun's Lawsuit Against WLFI

Cryptocurrency billionaire Justin Sun has filed a lawsuit against World Liberty Financial (WLFI), accusing its executives of fraud, theft, and other violations. The complaint highlights four key allegations: First, it details the controversial history of WLFI co-founder Chase Herro, including past scams, a prison record, tax liens, and alleged visits to Jeffrey Epstein’s private island. Second, Sun claims WLFI secretly upgraded its smart contract without token holder approval, granting itself the power to freeze and seize WLFI tokens—a move allegedly used against Sun. WLFI defended the action as necessary to protect user interests. Third, the dispute may have been fueled by Sun’s $100 million purchase of TRUMP meme tokens issued by a Trump-affiliated project. WLFI reportedly objected, though the purchase was allegedly approved by a Trump family member involved with both projects. Finally, Sun accuses WLFI of operating an unlicensed money transmission business due to its centralized control over token transfers, potentially violating federal and state laws. WLFI CEO Zach Witkoff dismissed the suit as a desperate distraction from Sun’s own misconduct. Herro did not directly address the allegations.

marsbit2 h fa

Four Outrageous Details Hidden in Justin Sun's Lawsuit Against WLFI

marsbit2 h fa

Trading

Spot

Futures