How my Bitcoin was stolen - how to prevent it

in bitcoin •  7 years ago  (edited)

hacker-btc

Yep. It happened to me.

I didn't realize how difficult it is to track who has stolen bitcoin until it happened to me. We all know to be careful with API keys. I already knew this, and thought I had taken precautions to make sure this wouldn't happen. But, for convenience (not so convenient now), in programming a tool for managing crypto portfolios, I stored my API keys in a file in the project folder. I made sure it would be ignored when I posted my code, but when I created the repository to host the code, it provided it's own .gitignore, overwriting the one I made. Then it happened.

I posted the code at 10pm and by 2am a BTC withdrawal was made on my account and by 6am all the ETH was gone too. Github helps make it easier for thieves with their Search API. Luckily they left me with $3.70 USD left :(. I have my portfolio on my pebble watch so I knew something was wrong when I woke up. However, it wasn't until manually scraping through all the transaction history that I thought to check my repo, and to my horror, the file with my keys was up. They were scooped up and exploited and within 8 hours they cleaned me out. A new bitcoin wallet was created to transfer the funds and a $200 expedite fee was paid to get the transaction in the block as fast as possible.

I'm posting the stolen transactions (since blockchain makes everything public) for posterity.

Here is a list of the transactions:

Ideas for prevention

Besides the obvious "don't post your api keys"

  • Exchanges could scan for public keys and disable them
  • Use this git hook I wrote: Git Hook API Key
  • Lower permissions on api keys (don't allow withdrawal permissions)
bitcoin coding ethereum life
7 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    1 vote
    2
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!
    Sort Order:  
  • Trending
    • [-]
      ·  6 years ago 

    Congratulations @jbaczuk! You have received a personal award!

    1 Year on Steemit
    Click on the badge to view your Board of Honor.

    Do not miss the last post from @steemitboard:

    SteemitBoard Ranking update - Resteem and Resteemed added

    Support SteemitBoard's project! Vote for its witness and get one more award!

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.00
      [-]
        ·  5 years ago 

      Congratulations @jbaczuk! You received a personal award!

      Happy Birthday! - You are on the Steem blockchain for 2 years!

      You can view your badges on your Steem Board and compare to others on the Steem Ranking

      Do not miss the last post from @steemitboard:

      SteemFest⁴ commemorative badge refactored
      Vote for @Steemitboard as a witness to get one more award and increased upvotes!

      Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

      • Disagreement on rewards
      • Fraud or plagiarism
      • Hate speech or trolling
      • Miscategorized content or spam

      Submit
      $0.00