A Reddit user said on Tuesday, May 26, that he lost $ 1,200 in Ethereum (more than $ 6,300) after he accidentally left his wallet recovery phrase in a GitHub repository. It is an online file storage area.
On the social network, he shared that a hacker accessed his mnemonic and stole ETH from his Metamask wallet in less than two minutes. According to him, the hackers were using a bot to search for mnemonic phrases on GitHub.
These phrases are combinations of 12 words defined in a specific order. They allow you to restore access to a cryptocurrency wallet. Thus, if someone takes possession of it, they can access the wallet and the funds held.
“I accidentally left it in my code in a GitHub repository while I was uploading it for a Hack Money hackathon. Although there are still some coins and tokens left, the bot will suck up any Ethereum I have to keep me from moving my coins ”, he lamented.
Do not keep digital copies of keys
The victim also warned that no one has a digital copy of his mnemonic or private key. Especially online in public open source repositories, such as GitHub.
"If you're using the metamask, randomly generate private keys for new accounts not associated with any mnemonics and import them into the metamask," he recommended.
The user also commented that he allegedly still has $ 600 (about R $ 3,175) blocked in the Compound DeFi protocol, which is used for cryptocurrency lending. However, if he makes a withdrawal, the amount will go to the wallet where the bot is clearing the ETH.
“I was a fool and that mistake was expensive, but I know how to be more secure when dealing with cryptocurrencies. I was really upset and scared at first, but I can't concentrate on that and I'm going to move on. There is no need to stress thousands, when I can focus on making millions, ”he concluded.
Also read: Ethereum analysis; Ether may keep up with Bitcoin
Read also: Number of Ethereum active portfolios has grown 350% in the last two years
Read also: Ethereum appreciated more than 50% in one month