A user lost the equivalent of R $ 6,300 in Ethereum when he was stolen in less than 100 seconds after accidentally putting his recovery phrase in an online repository.
Hackers diverted funds in less than 2 minutes with the help of malicious bots (robots) that monitor code confirmations on GitHub, an online file and project storage area.
The victim who used the MetaMask wallet admitted the error in a post on Reddit on Tuesday (26):
“A few days ago, a hacker took my mnemonic and stole $ 1,200 in Ethereum from my Metamask wallet in less than 100 seconds,” revealed the user. “Hackers were using a bot to search for mnemonic phrases on GitHub and I accidentally left it in my code in a repository while I was uploading it to a Hack Money hackathon.”
Mnemonic phrases (or seeds) are combinations of 12 words placed in a specific order that allow the user to restore access to a cryptographic wallet.
They should not be stored online or presented to others unless you are willing to take the risk of letting them access your funds.
Blocked funds
In this case, hackers still left nearly R $ 3,700 in ERC-20 tokens in the victim’s wallet, according to the report. However, the values are blocked in the Compound DeFi protocol (cETH), used to lend cryptocurrencies to other people.
“Although some coins and tokens remain, the bot will suck up any Ethereum I have to stop me from moving my coins and/or overcoming my attempts by providing more gas * [used to pay transaction fees on the network],” wrote the user.
In other words, whoever pays a higher fee is more likely to get their order processed on the network.
Scrap for other users
After paying dearly for the error, the user decided to leave a message for other enthusiasts:
“I just want you all to be aware of never keeping a digital copy of your mnemonic or private key. Especially not online, ”he said.
The victim further said that those using the MetaMask wallet should “randomly generate private keys for new accounts not associated with any mnemonics and imported into the wallet”.
Finally, he declared:
“I was very upset and scared at first, but I can’t insist on that and I’m going to move on,” he said. “I don’t have to stress for thousands, when I can focus on making millions.”
Source: (https://criptonizando.com/)
