Hackless
Published in

Hackless

👏 Case study #3: Hackless saves $87,000 from a compromised user wallet

We’ve helped yet another individual, DeFi investor, with migrating funds from his hacked wallet. The first case occurred a couple of weeks ago when we helped save $4,000 from a compromised digital wallet. This time it’s $87,000! Dive deeper for the details.

Context

The client’s wallet private key was compromised, which resulted in the drain of all high-liquidity assets that were on the balance. Those tokens were lost for good with no hope of recovery. But what required help was the previously staked liquidity of the client and rewards from LP tokens.

From the wallet address in question, our client previously staked approximately $400,000 in crypto, on Uniswap and locked his LP tokens for Frax Share yield farming for 3 years as well as for Public Mint farming and AMPnet. Daily, he received his reward, which in total was approximately $87,000 in different tokens.

The hacker’s bot kept monitoring our client’s wallet. This means that when our client tried to deposit ETH needed for the gas to claim tokens, the bot immediately drained it. But here is a good thing — the hacker’s bot did not see the staked liquidity and could not claim rewards. The time was against the client though, because the hacker could figure it out at any moment.

So the issue was that there was no way to claim his reward to the wallet and the tokens were simply stuck on the protocol.

Clash of bots

Our client figures out that the bot spots larger ETH deposits. The client then creates a bot that is able to deposit smaller amounts of ETH, sufficient for claiming and withdrawing reward tokens in extremely small amounts and in multiple transactions.

The hacker’s bot was blind to transactions involving small amounts and so it allowed the client’s bot to gradually withdraw liquidity. It worked for some time but at some point the hacker spotted this and probably became annoyed by losing his trophy. So he created one more bot — smarter and more evil — which automatically burned any amount of ETH that appeared on the balance to zero.

Hackless comes into play

Just as in the previous case study, we designed a solution combined with a Conductor provider and a customised SafeMigrate version to push several transactions through private mining (or MEV-powered provider) for undetectable hack countermeasures. Conductor makes it possible to interact with the hacked wallet address in a manner which is not visible to the hacker and its bots.

Here is what we did next:

  1. Created a bundle of transactions (send ETH for transaction gas, claim FXS tokens, send tokens to the new user’s wallet address).
  2. Double-checked the bundle via simulator.
  3. Sent the bundle for private mining.

That’s it. The hacker’s bot managed to burn the remaining petty ETH but not more. All claimed FXS tokens were successfully transferred to a new client’s wallet.

Taking into account the regularity of the staking rewards and 3-year locked assets, our client will use the Hackless service every now and then, including for the final withdrawal of $400,000 from Uniswap. And even more — this case creates the first fully working B2C subscription for the Hackless service!

Future of individual Conductor subscriptions

This is the second time in the past month that the Hackless services came in handy for individual DeFi users helping them fight sophisticated attacks. We continue working on our B2C solution to devise a user-friendly interface for everyone in the DeFi industry. Stay tuned for more updates!

Stay safe, stay Hackless!

Follow us on social media to receive timely news and stay tuned:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hackless Team

Hackless Team

Security services and analytics platform for your DeFi protocol. 1st out-of-the-box MEV solution that helps to protect smart contracts from the hack attacks.