- Hacker makes away with $1,200 worth of Ethereum in 100 seconds
- Malicious bots have been scanning GitHub uploads for user private keys
- Users need to start been extra security conscious to protect their private keys
Ethereum News Today – one Reddit user lost $1,200 worth of ETH after accidentally leaving his wallet’s recovery phrase in a GitHub repository. A malicious actor made away with the user’s funds. While this seems like an uncommon situation, it appears the cybercriminals already had malicious bots in play because the user’s funds were gone in less than 100 seconds.
The affected user still has ERC-20 tokens worth $700 locked in their Compound DeFi but cannot withdraw the funds. Mnemonic phrases are 12-word combinations set in a unique order that allows users to gain access to their crypto wallet. If another party gets hold of a user’s Menomonic phrase they can have access to the user’s wallet and funds.
Do Not Upload Your Private Keys on Open-source Repositories Like GitHub
Users are advised to not upload seed phrases or private keys on a public, open-source repository like GitHub. The user remarked that he still has $700 worth of ERC-20 tokens in the Compound DeFi protocol. The Compound DeFi is used to lend crypto to other users. But if he withdraws tries to withdraw money, it is sent to another wallet where the bot siphons every ETH he transfers.
In Ether, you will need a token to cover transaction fees (they are known as gas). If two individuals try to move a similar amount of Ether at the same time, the user with greater fees will be processed ahead of the other. But the bot put in place by hackers is submitting transactions with higher fees automatically and winning the race on every occasion.
A Similar Incident Happened Last Year When Hackers Compromised a Wallet Containing Non-Fungible ETH Tokens
A similar case happened last September. At the time when malicious actors compromised a user wallet containing rare CryptoKitties (non-fungible Ethereum tokens). The cybercriminals compromised the wallet after a malicious bot put in play by them connected to the wallet and started to reroute the incoming ETH. It effectively turned the heist into a hostage situation. In the end, the user managed to break free.
Many could blame situations like this on a lack of personal cybersecurity wits. However, individual users are not the only ones prone to such mistakes. Recall when a group of white hat hackers discovered that two exchanges had exposed thousands of user private keys accidentally. These user funds reached the tune of $18 million. It is recommended that users start looking after their private keys.