Author: The Smart Ape
Compiled by: Deep Tide TechFlow
Original title: After Three Days on Hotel Wi-Fi, My Crypto Wallet Was Drained of $5000
A few days ago, I went with my family to a very nice hotel for a year-end holiday. One day after leaving the hotel, my wallet was completely emptied. I was puzzled, as I had neither clicked on any phishing links nor signed any malicious transactions.
After hours of investigation and seeking help from experts, I finally figured out the truth. It turned out to be due to the hotel's Wi-Fi network, a brief phone call, and a series of foolish mistakes.
Like most cryptocurrency enthusiasts, I brought my laptop with me, thinking I could squeeze in some work while on vacation with my family. My wife repeatedly insisted that I not work during these three days—I really should have listened to her.
Like other guests, I connected to the hotel's Wi-Fi network. This network didn't require a password; it only needed to be logged in through a captive portal.
I worked as usual in the hotel without doing anything risky: I didn't create new wallets, click on strange links, or access suspicious decentralized applications (dApps). I just checked X (Twitter), my balances, Discord, Telegram, etc.
At one point, I received a call from a crypto friend, and we chatted about market trends, Bitcoin, and other cryptocurrency-related matters. But what I didn't know was that someone nearby was eavesdropping on our conversation and realized I was involved in cryptocurrency. This was my first mistake. The eavesdropper learned from our conversation that I was using a Phantom wallet and that I was a user with a significant holding.
This made me his target.
In a public Wi-Fi network, all devices share the same network, and the visibility between devices is actually higher than you might think. There is almost no real protection between users, which creates an opportunity for a "Man-in-the-Middle Attack." The attacker acts like a middleman, quietly inserting themselves between you and the internet, much like someone secretly reading and tampering with your mail before it reaches you.
While I was browsing the web on the hotel Wi-Fi, one website appeared to load normally, but in reality, malicious code had been injected behind the page. I didn't notice anything unusual at the time. If I had installed some security tools, I might have detected these issues, but unfortunately, I hadn't.
Normally, a website might request your wallet to sign certain operations. The Phantom wallet would pop up a window where you could choose to approve or reject. Generally, you would trust the website and browser and sign without worry. However, that day, I shouldn't have.
Just as I was performing a token swap on @JupiterExchange, the malicious code triggered a wallet request that replaced my normal swap operation. I could have detected it as a malicious request by carefully checking the transaction details, but because I was already performing a swap on Jupiter, I didn't suspect a thing.
That day, I didn't sign any transaction to transfer funds; instead, I signed an authorization. This was exactly why my assets were stolen days later.
The malicious code didn't directly ask me to send SOL (Solana), as that would have been too obvious. Instead, it requested me to "authorize access," "approve account," or "confirm session." In simple terms, I was actually giving another address permission to operate on my behalf.
I approved it because I mistakenly thought it was related to my operation on Jupiter. At the time, the message popped up by the Phantom wallet looked technical, didn't show any amount, and didn't prompt for an immediate transfer.
And that was all the attacker needed. He patiently waited until I left the hotel before taking action. He transferred my SOL, withdrew my tokens, and moved my NFTs to another address.
I never thought something like this would happen to me. Fortunately, this wasn't my main wallet but a hot wallet used for specific operations, not for long-term asset holding. Even so, I made many mistakes, and I believe I am primarily responsible.
First, I should never have connected to the hotel's public Wi-Fi. I should have used my phone's hotspot instead.
My second mistake was talking about cryptocurrency in the hotel's public area, where many people could have overheard our conversation. My father once warned me never to let others know you're involved in cryptocurrency. This time, I was lucky; some people have even faced kidnapping or worse because of their crypto assets.
Another mistake was approving the wallet request without paying full attention. Because I was sure the request came from Jupiter, I didn't analyze it carefully. In fact, every wallet request should be carefully reviewed, even on trusted applications. Requests can be intercepted and may not actually come from the app you think.
In the end, I lost about $5000 from a secondary wallet. While it's not the worst-case scenario, it's still very frustrating.
Twitter:https://twitter.com/BitpushNewsCN
BitPush TG Discussion Group:https://t.me/BitPushCommunity
BitPush TG Subscription: https://t.me/bitpush
