Hackless
Published in

Hackless

🔥 Case study: Hackless migrates $4,000 in crypto from a hacked user wallet

The IDO date has not even been set, and we’ve already got two real-life case studies in the pipeline. We recently posted an overview of how a Hackless MEV-powered solution helped to save funds from VAIOT’s hacked protocol.

Now, we’re excited to share a case about how Hackless saved assets of an individual user, whose digital wallet was compromised.

Even if it’s 1 wei — Hackless can save it!

Hack overview

Often, stories appear on hackers stealing crypto by gaining access to the wallets of users. And this occurs because of private key theft. When a bad actor takes ownership of private keys of wallets, they can easily move funds to their own address.

The crypto industry is growing so fast that such types of hacks are now carried out by simple bots draining thousands of dollars in crypto from a huge number of people who fall victim to phishing attacks, as seen during the recent Badger DAO hack that we covered.

That’s exactly what happened to our client — a bot managed to steal his wallet’s private key and gained access to stored assets which included game tokens and NFTs.

To withdraw assets, the user first needed to top up ETH for transaction gas. Our client did it several times, however the bot drained the entire wallet in a matter of seconds.

That’s quite a situation — the wallet is compromised and being watched by the malicious bot with all the tokens of the user and NFTs stuck on the balance. The more the user waits, the riskier it becomes, since the hacker can find a way round.

So we needed to find a solution that would transfer funds from the hacked wallet without the hacker noticing it. Fortunately, we found such a solution!

Conductor + SafeMigrate = saved assets

The Hackless Conductor service was created for such specific cases, described above. We developed it as a service which pushes several transactions through private mining (or as it is often called MEV-powered provider) for undetectable hack countermeasures. It means that Conductor makes it possible to interact with the hacked protocol — or in our case, a wallet address — in a manner which is not visible to the hacker.

The Hackless team devised a solution combined with a Conductor provider and a customised SafeMigrate version. This means we needed to create a bundle of transactions:

  1. Send ETH for transaction gas.
  2. Claim $SAND from Sandbox game.
  3. Send tokens to the user wallet.
  4. Claim NFT form Sandbox.
  5. Transfer to the user.

Once we created the bundle, we passed it over for private mining — added it to the Ethereum block and mined it via MEV. It is all about the private mining capability and the skill to create correct transaction bundle that let us migrate the funds of users without the bot noticing it. This approach saved a total of $4,000 in different crypto assets.

And that’s the NFT that we helped to rescue. It’s safe and sound now! 😇

Future of an individual Conductor subscription

As you can see, the Hackless services can come in handy not only for DeFi projects, but for every single person owning crypto. Nobody is fully protected from hacks with bad actors coming up with more sophisticated attacks every day.

Our team believes that every user should think of a solution that can protect their own stakes across the limitless DeFi universe. After this case, we see it even more clearly — individual user solutions are the need of the hour so we will work harder on expanding our individual subscription offerings. That’s how we can ensure the safety of assets for each and every DeFi user. Stay tuned for more updates!

Hackless loves Ukraine

As you might already know, the Hackless team is Ukraine-based and despite our relocation, we’re extremely concerned about everything that is taking place in our country at present.

With this in mind, we donated the commission gained from this case to the needs of the Ukrainian Armed Forces 💙💛

Closing thoughts

At Hackless, we continue to work on enhancing security and taking it to a new level in DeFi and the blockchain industry as a whole. So much work to do but, we’re truly excited by the opportunities and possibilities that are waiting to be unlocked!

Stay safe, stay Hackless!

Follow us on social media to receive timely news and stay tuned:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hackless Team

Hackless Team

1.6K Followers

Security services and analytics platform for your DeFi protocol. 1st out-of-the-box MEV solution that helps to protect smart contracts from the hack attacks.