They save $117,000

Fighting evil with evil (or not) – Attacks by malicious hackers are on the rise. Although Ethereum’s DeFi has been the main target lately, phishingattacks are not to be underestimated either. One user had the unfortunate experience of being rescued by a white hat


A rather banal phishing story

On July 12, Reddit user 007Happyguy shared his misadventure with the community. The user was tricked by a phishing

attack by a hacker posing as a member of the Synthetix (SNX) protocol support on Discord. <img src=”//’%20viewBox=’0%200%20638%20339’%3E%3C/svg%3E” alt=’Account of 007HappyGuy’s misadventure on Reddit, regarding the phishing attack” width=”638″ height=”339″ /><img src=”” alt=’Account of 007HappyGuy’s misadventure on Reddit, regarding phishing attack” width=”638″ height=”339″ />Posted by 007HappyGuy – Source: Reddit

The attacker allegedly tricked 007Happyguy into clicking on a rogue link, which allowed him to take control of his Metamask wallet. In total, our unfortunate guy had over $240,000 in cryptos on his wallet.

In the comments, many Internet users point to the irresponsibility of holding so much money on a Metamask wallet. Others redirected the victim to a white hat

hacker service that could help him. L’attribut alt de cette image est vide, son nom de fichier est CTA-SwissBorg-interets-ETH-Ethereum.png.

A white hat

to the rescue

After filling out a request for help form, 007Happyguy’s story caught the attention of Alex Manuskin, a former blockchain researcher for ZenGo who is now a freelance blockchain developer.

Un white hat vient en aide à 007Happyguy de RedditWhite hat logo

When interviewed by The Block, Manuskin revealed


he had

r immediately realized the importance of the request because of the amount of money involved. Nevertheless, before helping him, he made sure that the Internet user was indeed the owner of the account, by asking him for his private key. This was the only way for him to verify his honesty.

117,000 saved in a few hours

First, Manuskin had to prevent the attacker from withdrawing more funds. Since a transfer from an Ethereum wallet requires ETH to complete the transactions, the white hat hacker therefore developed a script that automatically returned all ETH deposit attempts made by the attacker. The latter was no longer able to pay the transaction fees to drain the remaining amount.

Once the wallet was secured, Manuskin used the Flashbot tool to recover the remaining funds. Without going into detail, Flashbot is a service that opens a direct communication channel between users and miners. As a result, a developer can send transactions directly to the miner, without having to transmit them to the entire network. This method avoids the need for transactions to be front-running.

Moreover, this approach allowed him to perform the transactions, although there are no ETH on the wallet, because the Flashbot service manages the payment of fees to the miner via another transaction, which does not necessarily come from the wallet that issues the transaction.

It took Manuskin about 5-6 hours to write and run the various scripts needed to rescue the funds. In the end, he was able to save $117,000 of the remaining $120,000 by the time he took over the case.

This isn’t the first time benevolent hackers have come to the rescue of users or protocols whose funds are at risk. In fact, in September 2020 a team of white hats managed to save over 25,000 ETH on the Link Finance protocol, before a flaw in it was exploited.

Bitcoin and crypto lover? A limited offer these days allows you to get up to €300 in cryptocurrencies for free (subject to a minimum deposit of €150)! Take advantage of this offer, while supporting the work of Le Journal du Coin by using this affiliate link to sign up on the Swissborg reference platform (see conditions of the offer on the official website).