Original source: Buidler DAO
As the Federal Reserve continues to raise interest rates and shrink its balance sheet, the liquidity of the encryption market continues to decrease, and market activity continues to slump and enter a bear market.As the only "liquidity" left in the market, the wallets of our leeks have also become the targets of scammers.The encryption world is a dark forest. While Crypto brings property ownership, it also means that once the property is lost or the private key is leaked, there is almost no legal way or method to recover it.
Why write this article?
Because Spinach's wallet was stolen, the assets were almost looted,Ironically, as an old leek who has written popular science articles related to wallet security, he has also overturned.
Although he lost the wallet and internal assets that accompanied him for a long time, after this incident, Pincai really felt the warmth of the community, and received the care and help of many "family members", even with the help of a small partner in the community Nearly 30 survived NFTs (not NFTs that had been stolen) were rescued by hackers.Although the lost assets cannot be retrieved, there are many experiences in this "Spinach Wallet Theft Incident" that can be popularized. I hope this article can provide a case of victimization for the industry and sound the alarm for other small partners , to prevent the "tragedy" from happening again.
Article Quick Facts:
01/ How was my wallet stolen?
02/ How did the hacker get my private key?
03/ How do I rescue NFT from hackers?
04/ How to realize the same block to complete all operations?
05/ What is MEV? How does MEV affect Ethereum?
first level title
How was my wallet stolen?
One day, a guy on Twitter private messaged me. At first I didn't raise my alarm because the scammer's Twitter account looked like a normal user. It was just a small chat at the beginning, and then he asked me if I would like to output content for the cheelee project and pay me, and asked for some of my works to verify, so I gave him my telegram, and then on telegram Sent me some details on how to output the content and two files. After downloading and clicking the file, nothing happened and realized something was wrong, so I opened the little fox to check, as expected,The wallet was stolen, all assets were stolen, and NFT was also sold directly to the offer for ETH transfer.(It can only be said that Spinach is careless in order to earn some extra money. In fact, strangers should be vigilant when they post files on tg).
first level title
How did the hacker get my private key?
My private key is encrypted and saved in Chrome's little fox, how did the hacker get my private key? This has to start with the Chrome browser:Can you imagine? This Chrome browser, which occupies 66% of the global market share, actually has a huge security hole!What is this loophole? If you open the Default folder of your Chrome browser in the path below, you will find a file called Login Data, which stores every password you have saved on Chrome, but if you want to open it directly to read it You will find that it is unreadable, it shows a bunch of gibberish,Because this file is encrypted by the AES algorithm, brute force cracking needs to be broken forever,So in fact, your passwords saved on Chrome are very safe, but what is the problem?
If you go to another directory in User Data, you will find such a file called Local State. If you open it and search for "encrypted" in it, you will find a string of keys behind it. What is this key?It is the key string decrypted by the Login Data AES algorithm that needs to be cracked hundreds of years by brute force!This is really fucking open the door to the fucking, the fucking is home! What is this equivalent to?
It is equivalent to making an unbreakable safe with the strongest material in the world to store the password, but you put the key of the safe next to the safe, and the thief will directly open the safe with the key when he comes in! And this string of key strings is still generated by the password generation tool of the Windows system itself, and is uniquely bound to the generated computer ID, which means that encryption and decryption can only be performed on this computer.Chrome saves the decrypted key string locally in plain text, so that hackers only need to decrypt it with the key string to get all my passwords.
The MetaMask password is not saved in Chrome's password file, why is my private key leaked?Because the password used by my MetaMask is the same password as my customary password,first level title
How did I salvage an NFT from a hacker?
Hackers on OpenSea after wallet stolensold all NFTs with offers and transferred all funds,Fortunately, some NFTs have survived. Except for ENS and some NFTs without offers, there is a DeBox snake that has just been mint that has not been sold. It may be because of some bugs on Opensea. This NFT is my other white It was transferred after the mint of the single address was completed. I don’t know why it was not displayed, which made it escape. So when I tried to transfer gas to the wallet, I found that my wallet encountered a "scavenger attack" ", also known as a gas grabbing robot, the gas fees I transferred in were instantly transferred away!
What is a Gas Grabbing Robot? That is, once you transfer the gas fee to the wallet, the robot will detect it immediately and transfer the gas away immediately. This type of robot is usually active in the wallet whose private key has been leaked. This robot is also active in a scam of intentionally leaking the private key, that is, the scammer will deliberately leak the private key of a wallet containing U in a wallet, but this U is blocked by the contract and cannot be transferred away. The scammer is targeting you. The Gas that turns away and turns inside, the picture below is a case (on the Tron chain), interested friends can go in and have a look, but don’t put Gas inside.
After my wallet was targeted by the gas-robbing robot, it meant that I could not transfer the NFTs I survived, because I could not transfer gas in the wallet to pay for the operation of transferring NFTs. Does it mean that my NFTs will last forever? Stuck in your wallet? At this time of helplessness, the power of the community is manifested,A buddy in the Buidler DAO community stepped forward to help me snatch the surviving NFT back from the gas grabbing robot!
There is true love in the world, there is true love in the world!
So how did this little guy do it?
First, let's see how quickly it takes to transfer my NFT in front of the gas grabbing robot manually. In the blockchain browser, I can see that when I transfer in the gas fee (block height 16387987), the gas grabbing robot After three blocks (block height 16387990), all the gas was transferred away. After the merger of Ethereum, the block generation time of a block in the POS equity proof mechanism is fixed at 12 seconds. Does this mean that I just need to operate in the first two blocks (within 24 seconds) to be faster than the robot? ? It is naive to think this way, if it is such a slow speed, I would be embarrassed to call it a robot.
In Ethereum,The processing speed of a transaction depends on how much Gas fee you pay,If you want transactions to be processed faster, you need to pay more Gas fees. The average price of Gas fees will change with the transaction demand of Ethereum. If calculated according to the normal Gas fees,It takes about 30 seconds to process a transaction, which means that if I want to rescue the NFT before the Gas grabbing robot snatches the Gas, I need to complete my operation within 36-30 = 6 seconds, which is almost is an impossible thing,Because even if I transferred the NFT as soon as I saw the Gas arrived, it took almost 6 seconds for Metamask to pop up the interface, so how can I transfer the NFT before the Gas robot transfers the Gas? ?
first level title
How to achieve the same block to complete all operations?
This requires the use ofThe searcher-sponsored-tx function of Flashbots is mostly used in wallets whose private keys are leaked and monitored by robots.
Friends who understand technology can view it directly on Github:https://github.com/flashbots/searcher-sponsored-tx
This function of Flashbots supports the transfer of Gas from one wallet to another wallet with transaction transactions at the same time, that is, all operations are completed in the same block. In the block chain browser, you can see that both the transfer of Gas and the calling contract are in the block 16388251 completed.
first level title
What are MEVs? What influence does MEV bring to Ethereum?
Maximum Extractable Value (MEV) is the maximum value that can be extracted from a block production beyond standard block rewards and gas fees by adding and excluding transactions from a block and changing the order of transactions in a block.How do you understand it? For example, first of all, we need to know that after a transaction is initiated in Ethereum, the transaction will be placed in the mempool (a pool for storing transactions to be executed) and wait to be packaged by miners.Then the miners can see all transactions in the mempool, and the rights of the miners are great, and the miners have mastered the inclusion, exclusion and order of transactions.If someone makes a profit by paying more gas fees to bribe the miners to adjust the order of transactions in the transaction pool, this is a kind of maximum extractable value MEV.
You may be thinking how miners can make a profit by changing the order of transactions?
There is a MEV method called "sandwich attack" or "clip attack". This method of extracting MEV is by monitoring large DEX transactions on the chain. For example, someone wants to buy $1 million worth of altcoins on Uniswap.And this transaction will increase the price of this altcoin a lot. When this transaction is put into the mempool, the monitoring robot can detect this transaction. At this time, the robot will bribe the miners who packaged this block. An operation of buying this altcoin jumps in front of this person, and then performs a sell operation after this person's purchase operation, which is like a sandwich sandwiching this large DEX transaction in the middle,In this way, the person who launched the "sandwich attack" obtained altcoins from it, because the person's large-scale transaction pulled the profit, while the large-value transaction caused the loss.
image description
Data source: https://explore.flashbots.net/
The emergence of Flashbots has illuminated the dark forest of MEV. Flashbots has done a lot of research on MEV and developed some products to reduce the negative impact of MEV on Ethereum to a certain extent, although Flashbots cannot solve the problems brought by MEV , but in Ethereum’s new sharding scheme Danksharding, Ethereum proposes a new mechanism to solve the MEV problem (foretell this is what I will write in the next article), if you are interested in Flashbots and MEV Partners can view the link below.
Ethereum's official introduction to MEV
Do you have any last words?
After the wallet was stolen, I was very sad to see that all the encrypted assets and favorite NFT were gone. My favorite DeBox family was gone. Thanks to the friends in the community who have been with me to help me make suggestions after I found out. Even after saving the NFT, the DeBox project team airdropped an NFT to Spinach as a comfort. DeBox is really a warm team, calling crazily.
Regarding the issue of wallet security, I really can't be careless. Before that, I never thought that I would be one of the stolen ones.When the article was close to the deadline, I saw that a KOL NFT GOD wallet was also hacked and lost all assets, and all social accounts were leaked and used to send fraudulent information, because the fake software in the Google advertising link was downloaded, similar to Because of the fake TP wallet scam ever, so,Never download any files from strangers, and when downloading all software, be sure to check whether it is the official website.
Original link
