1

So I was coding like normal and accidentally pushed the .env file which contains my wallet private key onto a public GitHub repo. It looks like there are bots watching the commits and someone operated my account immediately. By the way nice work, hacker!

This is my account btw, you can see there's a long-pending transaction due to low gas price. The last two transactions aren't performed by me.

https://etherscan.io/address/0x5520adf9bb6179fd1065d57ea3b0d286bd9f3858

After I've done a bit of research I found this question, but I don't understand why the hacker want to burn all of my ETHs using a self transaction, doesn't he need money to live?

weird transaction sending to self

Could someone explained what is the intention of the hacker using these two transactions? Did he somehow obtain the ETH that has been spent in my account?

Would it be a hack performed by a validator? But can a validator guarantee he will be chosen to mine a certain block?

Hopefully this question will be helpful to the community, I myself for sure did learn quit a bit from this hacking as a victim :p

Stephen Fong
  • 265
  • 2
  • 8
  • I'd guess that it is a bug in the bot, or there are more than one bot and they are competing between them. – Ismael Oct 09 '22 at 21:17

1 Answers1

0

You can take a look at this resource to see possibly why the hacker is sending a transaction to self:

Explain self transactions and fees

I don't think this is a hack performed by a validator. Validators chosen to propose the new block are assigned completely randomly and the cohort of other validators agree that block is the correct one.

Yongjian P.
  • 4,170
  • 1
  • 3
  • 10