'Did Mark Cuban's wallet just get drained?': 'Shark Tank' investor loses around $1M in crypto scam. What happened and how can you avoid his costly mistake?

Bethan Moorcraft
'Did Mark Cuban's wallet just get drained?': 'Shark Tank' investor loses around $1M in crypto scam. What happened and how can you avoid his costly mistake?
'Did Mark Cuban's wallet just get drained?': 'Shark Tank' investor loses around $1M in crypto scam. What happened and how can you avoid his costly mistake?

Even “Shark Tank” investors get bitten sometimes. In the case of Mark Cuban, it appears to have been to the tune of $1 million after the billionaire investor was apparently the victim of an online cryptocurrency scam.

The possibility of a sizable crypto theft was first flagged on Sept. 15 by a blockchain observer on X (formerly known as Twitter).

“Did Mark Cuban’s wallet just get drained? Wallet inactive for 160 days and all assets just moved,” user WazzCrypto posted on the platform, along with a screenshot showing a string of transfers — all within a few minutes — out of a digital wallet bearing Cuban’s name.

Don't miss

Cuban confirmed his misfortune to crypto news outlet DL News. The billionaire businessman and investor believes he downloaded a dodgy version of the popular crypto wallet software MetaMask “with some s— in it.”

He told the outlet: “I went on MetaMask for the first time in months. They must have been watching.”

Altogether, approximately $870,000 across 10 cryptocurrencies was taken from Cuban, according to DL News.

It remains unclear exactly how Cuban’s wallet was hacked. He hasn’t made any public remarks and did not immediately respond to a CNBC request for comment.

It’s possible the version of MetaMask he downloaded may have been a trojan horse — a type of malicious software that disguises itself as a legitimate program that can give hackers access to your network, files and data. It’s also possible hackers gained access to his account via phishing, meaning he was tricked into providing his log-in credentials.

Even digitally savvy individuals such as Cuban, who became a billionaire in 1999 at age 40 during the dot-com boom, can fall prey to cyberattacks.

What is phishing?

Phishing is an attempt by hackers or cyber criminals to lure people into sharing sensitive personal information — such as usernames, passwords, credit card details and social security numbers — which they can then use to exploit or steal from you.

They do this by sending maliciously crafted emails, text messages or even phone calls from seemingly trustworthy sources, such as a colleague, acquaintance or an organization such as a bank or the IRS.

Most of these emails or messages aim to entice victims into clicking on a dodgy link that will ask for certain log-in credentials or other personal information.

Read more: Thanks to Jeff Bezos, you can now cash in on prime real estate — without the headache of being a landlord. Here's how

Phishing has proven to be a very popular and lucrative scam for fraudsters. The FBI’s Internet Crime Complaint Center (IC3) received 800,944 complaints in 2022, with losses exceeding $10.3 billion. Phishing schemes were the number one crime type with 300,497 complaints and, for the first time, investment schemes reported the highest financial loss to victims.

IC3 reported that victims aged 30-39 were the largest reporting group, while the greatest dollar loss was incurred by citizens aged 60 and up.

It’s very difficult to gain complete cyber security, but here are some ways to reduce your risk of taking common bait and becoming a phishing victim.

How to protect yourself from scams

First and foremost, you have to educate yourself so that you understand what a phishing email or malicious link might look like.

In email form, fraudsters will typically use a subject line that entices you to open the message, such as an alert, an update, a required action or a request for information. For instance, you could receive an email from someone pretending to be from your bank asking you to sign in via a dodgy link (whereby they can steal your credentials) in order to update some information.

There are ways to identify fraudulent messages. You should always check the sender email address for unusual spellings or email domains. Often, they’ll try to look like a legitimate domain so as not to rouse suspicion, but they might have one slight difference like a number or symbol instead of a letter (such as name@gmai!.com).

The U.S. Cybersecurity & Infrastructure Security Agency warns people to watch out for generic greetings (such as “Dear valued member,” “Dear account holder” or “Dear customer”), spelling or layout errors, spoofed hyperlinks and suspicious attachments.

Whether you’re using email, social media or even just browsing the internet and thinking about clicking on a pop-up ad, you should never download an attachment, an application or even a software patch if you’re not sure what it is as you could unwittingly download a trojan horse.

Likewise, you should always hover your mouse over a hyperlink before clicking in order to see where the link will take you. Similar to dodgy email domains, it’s easy to fake URLs through spelling errors and other anomalies.

Finally, there are digital hygiene practices that every American should put in place. Wherever possible, you should consider using multi-factor authentication (MFA) to gain access to your online applications and accounts. Beyond putting in your username and password, MFA requires more verification factors, such as a pin from a text message or phone app, in order to gain access.

You should also make every effort to keep your digital software and internet browsers up to date with appropriate antivirus software installed. While none of these actions are completely fail-safe, they could protect you from a costly slip up in the future.

What to read next

This article provides information only and should not be construed as advice. It is provided without warranty of any kind.

Advertisement