Hacker Uses GitHub Bots to Steal $1,200 in ETH

Hackers have managed to steal approximately $1,200 worth of Ether (ETH) from a Reddit user. This happened after he left the recovery phrase for his wallet in a GitHub repository by accident, keeping it there for under two minutes.

A Regrettable Theft

According to the post from the Reddit user, going by the moniker “tycooperaow,” the hackers had leveraged an automated bot network to scrape Github for specific data. Github, being the popular website to publish code and work on projects, allows the hacker a broad base for hunting mnemonic phrases, private keys, as well as other information like passwords.

The Redditor explained that a hacker had managed to maliciously acquire his mnemonic and stole approximately $1,200 in Ethereum from his Metamask wallet. The statement made it clear the hacker managed to do so within 100 seconds, as well. He explained that he had accidentally left his mnemonic within his code on a GitHub repo, doing so when he sent a Hack Money hack-at-hon.

Malicious Systems In Place

The user explained that he still had a holding of $700 in various cryptocurrencies within a decentralized finance lending protocol, Compound in this case. However, he stated that this money was as good as gone, as well. This is due to the bot simply siphoning the funds out of the wallet as soon as he removes them from the protocol.

The bots this hacker had set up are reportedly submitting its various transactions automatically, stealing the funds of any users whenever they become available. Furthermore, these transactions even manage to outbid user-submitted transaction fees, promising that the malevolent transactions process themselves by a miner first.

The Growing Crypto Crime Industry

The hackers within the crypto space have been slowly increasing as of late. According to Chainalysis, the hacker activity is less successful than the eleven significant hacks that occurred in the year 2019. Even 2019, however, doesn’t stand to the sheer scope and threat that it opposed during the chaos of data breaches that was 2018.

While hacking has been less-active, the rampant chaos sowed by the COVID-19 pandemic has caused scams to rise dramatically. One of the more creative of these scams occurred in Japan. Within this scam, it stated that the people of Japan are asked to help pay to maintain and support Japanese organizers of the Olympics in this time of crisis, lest Japan itself lose Face among the world’s countries.

One of the less creative ones, however, threatened to infect individuals with the COVID-19 virus through their computer systems. While some may have fallen for the threat, hopefully, more people found amusement at the lack of thought of the threat than anything else.