TL;DR: I lost nearly $100k in value. $60k+ in $DEGEN (1M+ tokens) that I was airdropped and diamond handing. ETH, ENS domains, NFTs…gone across chains. But I’m not going anywhere - I’m still building.

I wish this were an April Fools’ joke.

Some may say that I shouldn’t tell this story, just pretend like it didn’t happen and hide it from the public. Guilt & shame aren’t healthy emotions in any context but especially not for a space where transparency, freedom, and ownership are the hallmark characteristics.

The trick is to always move forward. Learn from the past, but don’t live in it.

What Happened

Yesterday, the family and I drove down to rural Alabama to visit my Dad for Easter. While fishing, we talked politics (a family tradition), sports, Farcaster, and $DEGEN.

My dad (a 60-something retired engineer) is pretty tech-aware and showed interest, so I showed him my wallet, and walked him through how it all works.

As someone who believes in “alternative economies”, he was impressed with the various coins like $DEGEN and Higher, and we both marveled at the emerging value happening on chain.

But then he said something that made me think: “it’s great for those who are in it, but right now it’s Monopoly money to the rest of the world.” And to some extent, he’s right. It is.

To outsiders, we’re playing games with money.

Of course inside we don’t believe that, but to observers it can certainly seem that way.

Fast forward a couple hours, we had said our goodbyes and had stopped for dinner. While waiting on our food, I glanced down at the DEGEN widget on my home screen and saw that it was moving so of course I opened my wallet to check.

And it was all gone.

I’ve seen this before with a data glitch so I hard closed and reopened.

Still gone.

Then I checked the transaction history.

And my heart sank.

Knot in stomach. You know the feeling.

Everything of value had been moved to another wallet.

This is not my wallet. But they were my assets.

In 4 years of being “very onchain”, I’d never been hacked, drained, or duped like this.

I’m generally very careful: rotating wallets with risky assets, revoking signatures and approvals regularly, and using wallet validator apps for unknown transactions.

I know how this stuff works and I know to be cautious, but something has slipped through the cracks.

Always move forward.

What I Did Next

  1. Revoke all the things. I double checked revoke.cash, and the only thing out of the ordinary that I saw were some legacy OpenSea contracts that I had missed as well as a weird approval on Polygon from 2022. I’m likely missing something, but as of now that’s the only thing I can come up with that went wrong: I missed revoking an approval from two years ago and the thief finally checked my address. And that sucks. But it is what it is. I revoked those remaining approvals and continued moving forward.

  2. Check for Sweeper Bots & Private Key Compromise. I then sent a little bit of ETH to the wallet to see if it was immediately drained. If that ETH was immediately drained, it’s a clear indication of one of two things: sweeper bots or private key compromise. The ETH was not immediately drained.

  3. Recover What They Missed. They took most of the value, but not all of it: I noticed that while they stole some ENS domains, they (thankfully!) didn’t capture my identity ENSs (derekbrown.eth, etc.). So I sent ETH for gas into the compromised wallet and begin changing ownership of those domains to a new address that I’m now using as my primary (see below). I changed my connected address on Farcaster. I sent a couple of my remaining NFTs that I care about to the new primary. I’m also the signer on a couple of Safe wallets, so I revoked that as well, just to be on the safe side.

  4. Mourn … but move forward. I’m not going anywhere. I’m not burned on the chain. So now it’s time to (re)build. The chain is about freedom and ownership…in good times and in bad.

How I’m moving forward

  1. Start the rebuild. I’ve created a brand new wallet to act as my primary. Even though my private key seems in tact and there’s no bot activity, I’m not taking chances. Like I mentioned above, the attacker thankfully left my primary identity ENS name (derekbrown.eth), and I’ve transferred ownership of it to my new wallet.

  2. Protect others. I’ve reported the address to Etherscan as a phisher/thief and I’m reporting stolen assets to CEXs and marketplaces. I put together this post, and as I learn more, I’ll share with the community.

  3. Be thankful. I’m thankful for what they didn’t take. My identity ENS domains. My Custom Punk that I built for me. My Farcaster account. The Safe wallets I”m an owner of.

  4. Buy where you believe. I’m going to be buying back into the Farcaster ecosystem: $DEGEN, $HIGHER, and $ENJOY…granted at much higher prices and with much lower upside…but still.

  5. Recover soft assets: onchain reputation and identity. I’m formulating a plan to recover & rebuild my onchain activity. As with any theft, a large part of what was lost wasn’t financial, but the fact that I’ve been building onchain for years and have an associated identity here. There’s an element of violation to any theft, and this is no different.

  6. Give others a way to help. In addition to collecting this post, I’ve launched a Hypersub called Candle. In addition to Farcaster and this blog, Candle will be the way I start to rebuild my onchain identity and reputation. Check it out by clicking below.

How you can help

  1. Follow me on Farcaster. I’m still here: @derek - I’ve laid off the Twitter for the past few months, and haven’t looked back.

  2. Subscribe to this Paragraph. I’m writing here, and will be doing so even more. Subscribe here for longform content from me on everything from startups to consumer crypto. You can subscribe or collect this post here:

Update (4/3/24): See below cast for what I believe happened.