Hackers managed to steal $ 1,200 in Ethereum (ETH) from a Reddit user after he accidentally left his wallet's recovery phrase in a GitHub repository for less than two minutes.
According to the Reddit user's post, hackers created automatic bots to steal GitHub - a popular website for publishing code and working on projects - looking for private keys from cryptocurrency wallets, security phrases and other private information, such as passwords for accounts. The Redditor wrote:
A hacker took my passphrase and stole $ 1,200 in Ethereum from my Metamask wallet in less than 100 seconds. The hackers were using a bot to search for security phrases on GitHub, and I accidentally left it in my code in a GitHub repository while I was uploading it to a Hack Money hack-at-hon.
The user added that he still has almost $ 700 in cryptocurrencies in the decentralized finance loan protocol (DeFi.
Bots set up by the hacker are automatically sending transactions to steal users' funds whenever available, and even outperform transactions sent by users in fees to ensure that the malicious transaction is processed by the miners first. The user wrote:
Although some coins and tokens remain, the bot will suck up any Ethereum I have to stop me from moving my coins and / or overcoming my attempts by supplying more gas.
As CryptoGlobe reported, Chainalysis data revealed that hackers in the cryptocurrency space are becoming more active over time, although less successful, since in 2019 there were eleven major hacks, but none corresponded to the scale of the main breaches of security occurred in 2018.