This article comes fromThe BlockOdaily Translator |

Odaily Translator |

Summary:

• Summary:

• A MetaMask user suffered a phishing attack and inadvertently handed over his private key to scammers.

A white hat hacker managed to salvage half of the user's wallet, which held $240,000 in funds.On July 12, a distraught cryptocurrency holderPosted on Reddit

, deposited a large sum of money (approximately $240,000) in his MetaMask wallet, and was phished to gain access to a crook who was draining his funds. The Reddit user began "self-hacking" by inviting other netizens to watch his account be emptied by scammers.

The thread "received" some legitimate criticism: people thought it was inappropriate to keep so much money in a browser wallet (which is usually riskier than an offline hardware wallet), and "giving access to funds to a so-called so-called very helpful The idea of ​​a tech support assistant” also leaves no room for speech.

It turned out that this method ended up saving about half of the funds (approximately $117,000) and keeping them out of reach of the scammers. Here's how it happens:

secondary title

ask for help

The cryptocurrency holder, who goes by the name "007happyguy" on Reddit, was directed to fill out a Whitehat hotline form and post his details.

At the other end of the spectrum are some white hat hackers who say they are happy to help someone in trouble. This is a temporary service and developers may choose to respond to requests if available.

In this case, Alex Manuskin told The Block that he responded to the request. Alex Manuskin was a blockchain researcher at ZenGo and now works as a freelance blockchain development. When he read the message, it was late at night and he realized that it was urgent because the wallet was still being emptied and the amount was huge.

The first thing Manuskin did was verify that the Reddit user owned the wallet and that it wasn't trying to access other people's funds.

He then makes sure that the crooks can no longer move funds from that wallet. In order to transact on Ethereum, users need some ETH to cover transaction fees. Therefore, (by setting up a destroyer) he ensures that any ETH sent to the wallet is automatically removed (ie destroyed).

secondary title

Save Money With Flashbots

With the threat of more funds being withdrawn lessened, the next goal is to save the remaining funds.

To do this, Manuskin used Flashbots, a service that supports communication between developers and miners. In short, developers can use Flashbots to send a "parcel" of transactions to miners for inclusion in a block directly, rather than broadcasting the transaction to the network and hoping it gets included.

This works for two reasons. The main reason for this is that any transaction with zero transaction fees will not be mined by any miner if there is no ETH in the wallet. In the case of Flashbots, a complex transaction is made that transfers funds to another wallet and pays the miner with other funds in one go.

The second reason is that it is more stealthy. This gives scammers a chance to pre-empt transactions if any transactions are broadcast to the public network. (Although in this case, some ETH is still required to cover transaction fees.)

Manuskin explained that it takes about 5-6 hours to write custom scripts and execute transactions. How long, he said, depends on the complexity of the transactions (such as whether they are locked in complex agreements) and whether he has been in a similar situation before.

According to the Reddit post, Manuskin managed to salvage approximately $117,000 from the remaining $120,000 in tokens in the wallet after the crooks began moving wallet funds.

Typically, white hat hackers are paid around 5% - 10% of recovered funds as compensation for saving funds, depending on the complexity of the work required.

Manuskin said the case was interesting because it was an actual battle between him and the scammers. Usually the funds can only be recovered because they will be unlocked at a future date, but in this case they are still at risk of being withdrawn.