The Victim's Confession: My Private Key was Leaked, and 30 Million USD was Stolen.

The leakage of private keys has become an eternal heartache for victims, and it also reminds us how important the placement of crypto wallets is. This article is derived from a long tweet written by Kuan Sun and compiled by Wu Shuo. (Summary: Loss of more than $48 million, Turkish exchange BTCTurk theft event funds tracking) (Background supplement: The truth about the theft of Japan's DMM Bitcoin: North Korean hackers steal 4502 bitcoins in social attacks) Original link: Disclaimer: This article is a reprint content, readers can get more information through the original link. If the author has any objection to the reprint form, please contact us, and we will modify it according to the author's requirements. Reproduced for information sharing only, does not constitute any investment advice, and does not represent Wu Shuo's views and positions. A stupid price, an expensive lesson A bizarre drama, an unfinished pursuit The $30 million stolen in 2022 was said before, there is a kind of happiness called "false alarm", then there is a kind of pain called "I could have been". The night of June 4 to the early morning of June 5, 2022 was such a day for me. The whole incident is full of stupidity, bizarreness, coincidence, ignorance, and deep regret, I myself have not been able to come out of the shadows for a long time after the incident, this is the first time in my life to encounter a more serious safety accident, so the pain caused to me can be imagined, the total loss at the time of the case was about 15 million US dollars (June 2022 price), but if you calculate today (September 2025), then the value has appreciated to nearly 30 million US dollars. A considerable part of the assets are still asleep at the on-chain address, but the pain caused to the parties is still so vivid every time they think about it. It has been more than 3 years since the incident, and now I can also look at this incident more objectively, and I have better sorted out the maximum possible path of the whole thing. It is always good to learn some experience from past mistakes, and even better if you learn from the experience of others. In the past two days, some netizens said that I was very calm about the Venus phishing incident this time, which is completely related to this matter, after all, after experiencing similar incidents, I must also have some experience and growth. This is a very basic security incident, and the core of the point is the "private key leak", such a low-level error, but accompanied by an extremely expensive bill. But in the subsequent pursuit, there are also a lot of dramas and twists and turns, which may inspire others, although I hope that no one can use these. On the evening of June 4: alarm bells on Tron It was USDD mining, I was eating out that night, casually opened my wallet with my mobile phone to look at my own information in the USDD protocol, found that something seemed wrong, returned home to open the computer, used the browser to take a closer look, only to find that $2.75 million worth of funds had been transferred out (victim address: TDFFoNasXaFoGb7CxtmcRgQHNiMpW1GQR5). At that moment, my whole body panicked. At that time, many friends comforted me that it might be a problem with the USDD protocol itself, or a vulnerability in the TronLink wallet. I even contacted Justin Sun in a panic to see if there was a big ecological problem. And at the same time, all assets on Tron are transferred to the Binance wallet. This step is actually a major directional mistake that I made in a panic. Because the real problem isn't USDD or Tron, it's that my entire environment has been exposed. June 5 morning: a tangled night Thinking that the problem is in Tron or USDD, the directional error is very fatal, at that time, I encountered a major security incident for the first time, there were many opinions, and I was affected by many noises, which made me think that my funds on other chains may be temporarily safe. At this time, my EVM wallet actually has more assets, but the EVM wallet is different from the Tron private key, and the generation time is also very far. So, on the night of June 4, I spent the night in anxiety and panic, thinking that since the disaster had happened, it might stop there. Many people will ask, why didn't you rush to transfer all the EVM funds at that time? In fact, the mental process at that time was like this. My mental process went like this: I did think about transferring the funds from the EVM wallet; There are large DeFi structured positions in the EVM wallet, mainly in Alpace Finance to build a particularly large number of leveraged mining (Leveraged Yield Farming) positions, really unlocking the cumbersome operations, by no means a simple process such as withdrawal - transfer; I actually couldn't sleep at all that night, but my family was around, and I was asked if I was okay, and my heart was more or less out of the starting point of reassuring each other's emotions, I thought about "sleeping for my family", instead of staying up late to operate assets while I was actually very energetic. Although many exchanges and friends have given me a brand new hardware wallet out of goodwill, but I have been "troublesome", has not been useful, that night I actually plugged in the ledger, the first time I tried to use it, not afraid of everyone's jokes, I saw the link after a large list of addresses, let me choose one of them, I was a little unsure, and the time was already 2 – 3 o'clock in the morning, I think at this time in a panic as a novice don't make mistakes, or tomorrow to find a tutorial to learn slowly. So I said to myself, "Let's get it tomorrow morning." It is such a seemingly random decision, but it has become a watershed that changes fate. The Early Morning of June 5th: A Real Nightmare I finally managed to sleep at 4 a.m., but I didn't expect that the real disaster was approaching. In the absence of an alarm clock, I woke up at 7:50 a.m., and when I woke up, I saw a screen full of Imtoken transfer reminders, and the whole person at that time immediately fell into an ice cellar. Looking closely at the browser, my EVM wallet (address: 0x5b76247e1fa700107d3eaf5ad4de09d0aca611bc) was completely emptied between 5 and 7 a.m. Beijing time. At this point, it finally became completely clear to me that this was a complete private key leak. What's more sad is that all this is not done with one click of the automated instruction, but the hacker operated on the chain for more than two hours, slowly dismantling my position, and then gradually transferring the funds. And during the operation, there are many mistakes, such as multiple failures during swap, which does not look like a professional hacker at all. In other words – if I had been there and had stayed in front of the computer instead of going to sleep, even if I was "racing" against them, I would probably have saved most of my money. That's what hurts my heart the most to this day: I could have been. Looking back, I gave myself a lot of reasons that night: it was too late, my family was around, I wasn't familiar with Ledger, and it was too much trouble to transfer structured positions...... But these are not the root causes. There was only one real reason – I wasn't security conscious enough. If I had really realized at the time that it was "might have made me...