Earlier this year in May, I had stated that I lost "1,200 in 100 seconds" the full post can be read here:https://ift.tt/35rQ0ZA TL;DR from the post:I had forgotten to gitignore a file that had my mnemonic phrase in it. I was submitting a project to the Eth Global Hackathon and one of the required fields was to add the public git repository along with the submission. I was a little iffy about it, but I sent it anyway. Which only a minute later funds were being depleted from my account due to a bot draining the funds from it and I couldn't do much as my email was being bombarded with notifications from ether scan alerts.Hacked Address: https://etherscan.io/address/0x1b3e1786c3f8524ca0f3175b0b37bcc1bee5a6d5Nearly 90 transactions happening fast afResults from the post:After I made that post and let all of the crypto world know about my mishaps, my story was featured on popular sources like Decrypt and many others. I was interviewed by people in both DM's and on the video to ask for more information about the story. I was invited on by Dapp University to make a video about it on youtube. One of the things that I like the most was all of the people who gave solutions on how to recover my locked funds. "Locked" meaning if ever I tried to send Eth to that address to pay for the gas fee, the bot(s) would instantly withdraw the eth and hijack the transaction. The hacker(s) took around $500 in actual assets, but there were about $600-$700 of eth remaining that was essentially locked in the DeFi compound.finance that had a chance to be recovered. Of all the solutions I was suggested to me, only a few that stood out:" What we need to do is write a script that broadcasts a transaction sending eth to that wallet and a transaction from that wallet to a wrapper contract which atomically rescues the compound funds and sends them to your safe wallet. And if we do so at a time where the ethereum blocks are relatively empty. It should work "Another way was to follow Operation Crypto kitties RescueAnd many other instances that involve writing a smart contract to beat the bot with gas fees.How I Actually Recovered the Funds:With all the wild solutions that were presented to me, I decided to try my luck at just rescuing them by simply trying to catch them at a time where the server the bot was on had some downtime. Near the end of July, I saw the funds in DeFi remain untouched appreciating in value. The $700 that was locked ultimately grew to $1,200. There was only one issue, I lost the private and mnemonic key to that address. Ironically, what got me into this mess, also got me out. With all the people reaching out to me, I sent my private key to different people in DMs who wanted to run tests and offer a solution however with no avail, they gave up hope. So I sorted through hundreds of messages until I found the private key I sent to someone on discord and reclaimed access.Around this time, the ethereum gas fees were high like the weather, and all these DeFi coins were pumping hard so ultimately I spent around $100 in gas fees alone trying to recover these coins. I sent the coins to the wallet, praying to hope the bot was not activated, and swiftly sending those tokens to a safe wallet. I couldn't send all the tokens since some of them had debt tied to them so I only withdrew 99% of the available amount before the collateralized coins were liquidated. All in all, the process in which I recovered the coins was very simple and very lucky.The transaction in which I recovered my locked funds. https://ift.tt/33gQgs1 Conclusion- DO NOT SEND YOUR PRIVATE KEYS NOR MNEMONIC PASS PHRASES TO ANYONE. THIS CASE WAS A SPECIAL INCIDENT lol- News spread fast, and essentially live forever- Triple check your code before you deploy sensitive information in a public git repository- Thank Goodness for Decentralized Finance- EthGlobal will have an important PSA about it for every future Hackathon they host about private key security- I hope this happy ending enlightens your day.
Submitted September 09, 2020 at 10:31PM
No comments:
Post a Comment