作宇：KevinY，Artela Co Founder

After recovering the stolen assets, I have been approached by friends seeking advice these days. For the first time, I have gained a thorough understanding of blockchain security. I would like to share some of my experiences and lessons with you:

1. More than a month ago, hacker A pretended to be an investor of a Silicon Valley fund and contacted me through a friend, saying that he wanted to discuss investment opportunities. I saw that it was a verified TG account and did not take much precautions. After the other party used my Calendly to make an appointment, he said that he could not enter the link when the meeting started. Then he sent a meeting contact with their fund domain name. I didn't think too much and clicked it and ran a phishing link.

2. After running it, I immediately realized that there was a problem, so I disconnected my computer from the Internet, which allowed me to change the passwords of key accounts, transfer assets, and remove information from my computer. Because many of my friends’ accounts are my funds, and the private keys are also stored on my computer, I have more than 40 MetaMask, Phantom, and Keplr wallets on my computer. I spent more than 10 hours exporting the accounts, which was exhausting.

At this time, I found that I had several thousand U on Rage Trade, which was no longer allowed by the agreement, so I went to Discord to seek customer service help. I spent the whole day trying to figure it out and my private key was stolen by hacker B who pretended to be a customer service representative.

3. After discovering the theft, I contacted the security company immediately, and the funds were quickly frozen after entering MEXC. The exchange needs the police to provide a freezing certificate to extend the freezing period. Because I am in the United States, I tried to contact the police in both China and the United States at the same time, and obtained the police documents at the two key nodes of 48 hours and 14 days. 100,000 words of communication and coordination with the police are omitted here. Friends with experience in need can privately contact me.

4. MEXC provided the email address of the other party’s account based on the documents provided by the police. After getting the email address, I wanted to yell at the other party, so I sent a threatening email. The other party replied that he was not a hacker, but an operator of a non-custodial wallet.

The hacker tried to use his product to exchange ETH for XMR, but because the amount was large and the wallet reserve was insufficient, he deposited my ETH into MEXC and manually exchanged it for XMR, which was immediately frozen. After another 100,000 words of communication, the police of a third country were even involved. After half a month, the other party's wallet agreed to return the assets and the matter was resolved.

Some experience: I think luck played a big role in my recovery of assets, so prevention is really important. It is extremely difficult to recover assets after they are lost. Here are two lessons I learned:

1. You must separate your work computer and asset computer. I have always insisted on this point, but last year I traveled around the world too much and it was too troublesome to operate two computers, so I didn’t insist on it for the sake of convenience.

2. Don’t operate while tired. I would never make a mistake when I was awake when I saw the phishing link from hacker B, but the reality is that it was fatal enough.

3. After the theft occurs, you must immediately seek help from a security company to assist in tracking the assets and freeze the assets as soon as they enter the centralized exchange. If the centralized exchange is not blocked, the difficulty of recovering the assets will be greatly increased. I would like to express my special thanks to @GoPlusSecurity @SlowMist_Team.

4. Freezing and recovering assets both require the assistance of the police, which is precisely the most difficult and uncontrollable part of the entire process, because the police often lack basic knowledge and are unable to locate the "defendant" in most of these cases. There is a lot of communication and coordination work involved.

5. Try everything possible to locate and contact the other party. Frankly speaking, after the theft, it is all about luck. Don't give up any possibility, but also be on guard to prevent secondary damage in this process. I hope everyone can be safe and smooth.