Hackers use GitHub dork to steal $1200 in Ethereum cyrptocurrency


Hackers steal $1200 in Ethereum cryptocurrency from a GitHub user using GitHub dork

We have already written about how GitHub dorks can be used to steal confidential information from GitHub. In fact, Tillson Galloway has written a program to scan the GitHub for such information called GitHound. Somebody just used this idea to scan a Redditor’s Ethereum wallet and steal $1200 from it and that too in just 100 seconds.

This incident happened to Ty Cooper who lost $1200 of Ethereum cryptocurrency in a mere 100 seconds. Ty was in the process of sending money for a Hackathon named Hack Money. Ty left his MetaMask wallet’s mnemonic (12-word wallet recovery phrase) exposed for just over a minute on GitHub when he was doing the transaction.

At that same time, unknown hackers were using a code similar to what Galloway had written to scan GitHub for such confidential information. They apparently found Ty’s exposed mnemonic exposed and used it to transfer Ethereum coins worth $1200 from Ty’s wallet to their own wallet.

Of the $1200, the hackers immediately moved $600 to different wallets owned by their associates. The balance $600 is in the wallet in a “Compound DeFi protocol” but it too has become irretrievable according to Ty. He has asked for help to retrieve at least this $600.

Using GitHub dorks is becoming a very lucrative profession for hackers. Ty says he was foolish and this mistake was costly but he hoped that he could soon make millions. For developers using GitHub, they should use software like Vault which can provide some degree of protection against such incidents.


About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Notify of
Inline Feedbacks
View all comments