Hacker Steals $1,200 Worth of ETH Using GitHub Bots

Hackers have managed to steal $1,200 worth of ether (ETH) from a Reddit user after he accidentally left his wallet’s recovery phrase in a GitHub repository for less than two minutes.

According to Reddit user’s post, the hackers have set up automated bots to scrape GitHub – a popular website to publish code and work on projects – looking for cryptocurrency wallets’ private keys, mnemonic phrases, and other private information such as account passwords. The Redditor wrote:

A hacker got my mnemonic and stole $1,200 in ethereum from my Metamask wallet in under 100 seconds. The hackers were using a bot to scan for the mnemonic phrases across GitHub, and I accidentally left it in my code on a GitHub repo while I was sending to a Hack Money hack-at-hon.

The user added that he still has nearly $700 worth of cryptocurrency on the decentralized finance (DeFi) lending protocol Compound, and that the funds are as good as gone as the bot will siphon the funds out of the wallet as soon as he takes them off of the protocol.

The bots the hacker set up are reportedly automatically submitting transactions to steal the users’ funds whenever they are available, and will even outbid a user-submitted transaction in fees to ensure the malicious transaction is processed by miners first. The user wrote:

Although there are some coins and tokens left, the bot will siphon any ethereum I have to prevent me from moving my coins, and/or outmatch my attempts by supplying more gas.

As CryptoGlobe reported, data from Chainalysis has revealed hackers in the cryptocurrency space have been becoming more active over time, albeit less successful as in 2019 there were eleven major hacks, but none matched the scale of major security breaches that occurred in 2018.

Featured image by Nick Chong on Unsplash.