An interesting and certainly education Reddit thread surfaced today, showing the importance of being extra careful when it comes to dealing with sensitive cryptocurrency information online. A user lost $1,200 worth of ETH in a matter of seconds after accidentally leaving his mnemonic phrases on GitHub.
For clarity, a mnemonic phrase or backup seed, as it is sometimes called, is a readable 12-word phrase that is used to represent the private keys of a crypto wallet.
$1,200 Stolen In 100 Seconds
A Reddit user took it to the social platform to narrate how he lost his ETH funds after he “accidentally” forgot his phrase in a code on a GitHub repo.
According to him, the hackers who stole the funds were using a bot to scan for recovery phrases across GitHub, and he became a victim while sending to HackMoney, a virtual DeFi hackathon.
The bot was able to steal his mnemonic phrase, and the hacker(s) used it to siphon $1,200 in ETH from his Metamask wallet in less than 100 seconds.
He noted that he still had some crypto left in the wallet, but also said that the bot would move any ETH he has to prevent him from transferring his coins or outmatch his attempts by supplying more gas.
However, the burning question is, why would anyone have their mnemonic publicly accessible? The user admitted that he made a “foolish and costly” mistake by leaving his recovery phrase on Github. He believes that he is not a stranger when it comes to securing his crypto assets.
A Lesson To All
He then doled out some advice, urging crypto users to store their private keys and backup seeds properly.
“I just want you all to be aware to NEVER have a digital copy of your mnemonic or private key. Especially not online. If you are using Metamask, randomly generate private keys for new accounts not associated with any mnemonics, and imported onto Metamask,” he said.
He noted he still has about $600 in his wallet locked in Compound DeFi Protocol and is seeking for ways he can resolve the issue.