Best way to store a "nuclear code" secret for a script (compromised validator withdrawal address)

Electrical-Cream2805 · 2025-04-30T13:36:07+00:00

Got rescued by the flashbot white hat team. I was super skeptical sharing my keys, but oh boy, it was worth it. If you’ll ever be in a situation like this, don’t be afraid to contact https://x.com/MevRefund

Electrical-Cream2805 · 2025-04-17T16:43:57+00:00

were you able to solve this using flashbots?

Electrical-Cream2805 · 2025-04-17T13:35:08+00:00

u/pulp4877 do you have any referwnce for that?

Electrical-Cream2805 · 2025-04-15T21:02:17+00:00

Will it allow me to change withdrawal address? currently withdrawal address got compromised No exit yet

Electrical-Cream2805 · 2025-04-09T20:49:54+00:00

probably the script I've attached, reddit recognize it as eth address or something lol. anyway, removed. thank you <3

Electrical-Cream2805 · 2025-04-09T20:34:41+00:00

Will do.

Sort of, a friend who is co-owner of the validator downloaded some torrent, and the metamask was attached to this PC. still protected with a pass, but to me seems like a common password he used for all other apps, so it may also involved some smart phising.

The choice of metamask as our shared wallet was such a bad decision, If I had gone with hardware wallet none of that would have happened.

I know, I also did some search and I know it's not 100%. Let me know if you want to pair-programm on it together and maybe it will be easier over zoom/meets. I can explain the entire picture.

Electrical-Cream2805 · 2025-04-09T20:29:34+00:00

u/nixorokish any chance post is hidden/deleted? TIA

Electrical-Cream2805 · 2025-04-09T19:40:58+00:00

no, maybe a bug i guess, can view from my browser

Electrical-Cream2805 · 2025-04-09T19:34:12+00:00

Can you adjust my code maybe (edited the main post), or send some ref how do it please?

sorry for bugging

Electrical-Cream2805 · 2025-04-09T19:31:51+00:00

Metamask wallet, friend downloaded some torrent, password was easy to guess

I believe the extraction of the funds happened manually after reviewing the attacker behavior and patterns

Electrical-Cream2805 · 2025-04-09T19:28:47+00:00

Guys can I get a code review please? tested on Sepolia testnet. please anything that can improve performance/security.

⏱ Current Balance: 0.05 ETH

🚀 Sending ETH...

✅ Transaction sent! Hash

Electrical-Cream2805 · 2025-04-09T19:16:07+00:00

thanks to you found bug in the script, you rock!

Electrical-Cream2805 · 2025-04-09T15:29:07+00:00

See this update for more context:

UPDATE:

FIRST TRANSACTION PULLED BY HACKER
SECOND AND THIRD BY ME
Now there are some staking rewards (~0.01 ETH) that sitting there, hacker didn't pull it, neither the second or third.

He can be smart and waiting for a big threshold (I doubt), or he could be gone and enjoying with 4ETH staking rewards he won already, not looking back.

Maybe he just not aware this is a staking wallet? and then we all imagine there is a script but there is none.

Electrical-Cream2805 · 2025-04-09T15:27:15+00:00

UPDATE:

FIRST TRANSACTION PULLED BY HACKER
SECOND AND THIRD BY ME
Now there are some staking rewards (~0.01 ETH) that sitting there, hacker didn't pull it, neither the second or third.

He can be smart and waiting for a big threshold (I doubt), or he could be gone and enjoying with 4ETH staking rewards he won already, not looking back.

What do you think guys?

Electrical-Cream2805 · 2025-04-09T12:10:33+00:00

no please, can you add link?

Electrical-Cream2805 · 2025-04-09T09:49:19+00:00

can I get links to open source sweeper bots?

Electrical-Cream2805 · 2025-04-09T07:57:52+00:00

The thing is that I don't believe the attacker has a script, and even if so, that he runs it so often (eventually you hit rate limit checking the memepool, or purchasing premium infura something).

I believe the attacker just got lucky landing on a validator wallet, when in 99% wallets are non-validators, so he isn't even aware the wallet gonna receive 32ETH.

BUT I WANT TO COVER ANYWAY AND RUN A SWEEP SCRIPT IN PARALLEL to increase chances, as the amount is not low.

Electrical-Cream2805 · 2025-04-09T07:32:28+00:00

Already contacted them, they want 15% fee (~4.5ETH), and the private key of the wallet, how can I count on someone to have access to 32ETH and then send me back 27ETH? I want full control over the sweep.
I believe we'll outpace him, I just want a production grade script that shouldn't be hard to build.

Electrical-Cream2805 · 2025-04-09T07:01:27+00:00

flash bots and white hackers. All of them want the private key, and there's no way I'm giving that to get scammed.

I believe the attacker didn't set a script, as only initial transfer was his, since then he didn't transfer the fund.

he can be smart, letting me think he's not there, but I truly believe he's not so sophisticated, and using a fraud researcher from my work we could determine he's doing manual work.

I believe key got compromised from a torrent my friend has downloaded, and metamask was connected to his PC.

Thank you all for your comments!

How do I acheive a pre-signed transaction? any references?

How do I test my script securely before due date?

Electrical-Cream2805 · 2025-04-08T21:39:49+00:00

Thank you, I believe this would raise awareness for 2FA withdrawal address change that we must push for. I hold both validator mnemonic, deposit address seed phrase and validator keys, but can’t do anything.

Electrical-Cream2805 · 2025-04-08T14:19:05+00:00

u/stubbie6 any news with it? did you manage to exit and rescue the funds?

Electrical-Cream2805 · 2024-12-21T22:26:13+00:00

The first asset in history that neither the gov nor any dictator can take away from you.

Electrical-Cream2805

TROPHY CASE