Earlier this year in May, I had stated that I lost « 1,200 in 100 seconds » the full post can be read here:[https://www.reddit.com/r/CryptoCurrency/comments/gr73wu/i_lost_1200_in_100_seconds/](https://www.reddit.com/r/CryptoCurrency/comments/gr73wu/i_lost_1200_in_100_seconds/)
# The TL;DR from the post:
I had forgotten to gitignore a file that had my mnemonic phrase in it. I was submitting a project to the [Eth Global Hackathon](https://ethglobal.co/) and one of the required fields was to add the public git repository along with the submission. I was a little iffy about it, but I sent it anyway. Which only a minute later funds were being depleted from my account due to a bot draining the funds from it and I couldn’t do much as my email was being bombarded with notifications from ether scan alerts.
Hacked Address: [https://etherscan.io/address/0x1b3e1786c3f8524ca0f3175b0b37bcc1bee5a6d5](https://etherscan.io/address/0x1b3e1786c3f8524ca0f3175b0b37bcc1bee5a6d5)
​[Nearly 90 transactions happening fast af](https://preview.redd.it/yq8npefox4m51.png?width=2051&format=png&auto=webp&s=8f86a9462b840ac4623616aa8c83d68f00fd3910)
# Results from the post:
After I made that post and let all of the crypto world know about my mishaps, my story was featured on popular sources like [Decrypt](https://decrypt.co/30222/hacker-steals-1200-worth-of-ethereum-in-under-100-seconds) and [many others](https://www.google.com/search?sxsrf=ALeKk03wVOCd5Xm2EXNQ07Si9UDZncWKkw%3A1599665142092&source=hp&ei=9fNYX9yuONCf_QavpLX4Dg&q=Hacker+steals+%241%2C200+worth+of+Ethereum+in+under+100+second&oq=Hacker+steals+%241%2C200+worth+of+Ethereum+in+under+100+second&gs_lcp=CgZwc3ktYWIQA1DfAljfAmCDB2gAcAB4AIAB-QGIAfkBkgEDMi0xmAEAoAECoAEBqgEHZ3dzLXdpeg&sclient=psy-ab&ved=0ahUKEwic_ayEsdzrAhXQT98KHS9SDe8Q4dUDCAk&uact=5). I was interviewed by people in both DM’s and on the video to ask for more information about the story. I was invited on by [Dapp University to make a video about it on youtube](https://www.youtube.com/watch?v=_Qed2hMOS7g). One of the things that I like the most was all of the people who gave solutions on how to recover my locked funds. « Locked » meaning if ever I tried to send Eth to that address to pay for the gas fee, the bot(s) would instantly withdraw the eth and hijack the transaction. The hacker(s) took around $500 in actual assets, but there were about $600-$700 of eth remaining that was essentially locked in the DeFi [compound.finance](https://Compound.finance) that had a chance to be recovered. Of all the solutions I was suggested to me, only a few that stood out:
> » What we need to do is write a script that broadcasts a transaction sending eth to that wallet and a transaction from that wallet to a wrapper contract which atomically rescues the compound funds and sends them to your safe wallet. And if we do so at a time where the ethereum blocks are relatively empty. It should work »
Another way was to follow [Operation Crypto kitties Rescue](https://medium.com/mycrypto/operation-cryptokitty-rescue-93fd8e00e4f8)
And many other instances that involve writing a smart contract to beat the bot with gas fees.
# How I Actually Recovered the Funds:
With all the wild solutions that were presented to me, I decided to try my luck at just rescuing them by simply trying to catch them at a time where the server the bot was on had some downtime. Near the end of July, I saw the funds in DeFi remain untouched appreciating in value. The $700 that was locked ultimately grew to $1,200. There was only one issue, I lost the private and mnemonic key to that address. Ironically, what got me into this mess, also got me out. With all the people reaching out to me, I sent my private key to different people in DMs who wanted to run tests and offer a solution however with no avail, they gave up hope. So I sorted through hundreds of messages until I found the private key I sent to someone on discord and reclaimed access.
Around this time, the ethereum gas fees were high like the weather, and all these DeFi coins were pumping hard so ultimately I spent around $100 in gas fees alone trying to recover these coins. I sent the coins to the wallet, praying to hope the bot was not activated, and swiftly sending those tokens to a safe wallet. I couldn’t send all the tokens since some of them had debt tied to them so I only withdrew 99% of the available amount before the collateralized coins were liquidated. All in all, the process in which I recovered the coins was very simple and very lucky.
The transaction in which I recovered my locked funds. [https://etherscan.io/tx/0x7c68cda494540eabff9fdf8e1bd6cd180cd4a8014921e8c3fe94fdf22bf8e236](https://etherscan.io/tx/0x7c68cda494540eabff9fdf8e1bd6cd180cd4a8014921e8c3fe94fdf22bf8e236)
# In Conclusion
– DO NOT SEND YOUR PRIVATE KEYS NOR MNEMONIC PASS PHRASES TO ANYONE. THIS CASE WAS A SPECIAL INCIDENT lol
– News spread fast, and essentially live forever
– Triple check your code before you deploy sensitive information in a public git repository
– Thank Goodness for Decentralized Finance
– EthGlobal will have an important PSA about it for every future Hackathon they host about private key security
– I hope this happy ending enlightens your day.
Source : https://reddit.com/r/CryptoCurrency/comments/ipi4g2/how_i_lost_1200_in_100_seconds_and_recovered_some/