New Threat to Bitcoin and Altcoin Holders

Reddit User who accidentally left the wallet's recovery phrase in the GitHup repository, an online file storage space, lost $1,200 worth of Ethereum. Although it may seem like a difficult situation to realise, it turned out that hackers were preparing malicious bots. 

How Ethereum was lost

Reddit user ‘A hacker took my recovery phrases and stole $ 1200 Ethereum from my Metamask wallet in under 100 seconds. The hackers were using a bot to scan mnemonic emoticons across GitHub, and I accidentally left it in the GitHub repository while accidentally sending it to a Hack Money hack-hon.’

Mnemonic phrases are combinations of 12 words set in a specific order that allow you to restore access to a cryptocurrency wallet.  Private keys are the ‘last line of defence.’  If someone gets their hands on even one, they can gain full access to your wallet and the funds held in it.  You should not upload your private keys or your recovery phrase to open-source repositories like GitHup, or anywhere else that is publicly available for that matter. The user stated that he had $700 worth of ERC-20 tokens locked in a DeFi protocol called Compound, which is used to lend crypto to other people. However, when he withdrew the money, he stated that the bot could send each ETH to the wallet he specified. In Ethereum, you need a token to pay transaction fees to transfer tokens. When two people try to move the same amount of Ethereum at the same time, the one with the higher fee is likely to be processed. But the bot automatically processes higher fees and wins the race every time.

‘Although some cryptocurrencies and tokens remain, the bot will pull any Ethereum to prevent me from moving my cryptocurrencies and/or outpace my attempts by providing more gas,’ the user said. A similar situation was reported last September, when hackers compromised a wallet containing a set of rare Crypto Kitties, a set of rare Ethereum tokens representing a unique digital ‘cat’.

The hacker stole $1,200 worth of Ethereum in less than 100 seconds. Once a malicious bot attaches itself to a wallet, it similarly redirects all incoming ETH, effectively turning the heist into a hostage situation. Because of the lack of funds to pay for gas, there was no other way to release the tokens.  Despite this situation, the owners were ultimately able to free the bad kitties. While some may blame such situations on a lack of personal cybersecurity, individual users should not make such mistakes.   As previously reported, a group of well-intentioned hackers recently discovered that two crypto exchanges had accidentally exposed thousands of users' private keys, totalling over $18 million.