Hacker Publishes Private Key, But No One Can Steal His ETH

[Chlotide]

Seems a guy, Robert Forster, a some kind of hacker published his private key for a wallet of his with 1ETH balance.  Someone else tried to withdraw but still was not able to ...

Forster used something called RBF ( Replace by Fee).
He signed a transaction but keep it offline, not informing the network about that. Then with the use of a listening node "watched" his wallet for any activity and when someone would try to move the funds he would sent the previous signed transaction to the network and since it would have higher fees it would replace the initial one and get propagated faster within the network.

Source link: https://www.trustnodes.com/2020/01/04/hacker-publishes-private-key-but-no-one-can-steal-his-eth

The process sounds pretty simple and straightforward and definitely used as proof of concept.
The thing that grinds my gears is that for the signed transaction he seems to have added a fee equal to the wallet balance (at least from what I understood, to make it not profitable at all for any thief). And for any attempt to withdraw his funds he would "lose" the amount as fees for miners.
 

   

[1715209697]

1715209697

[1715209697]

1715209697

[1715209697]

1715209697

[1715209697]

1715209697

[asriloni]

Seems a guy, Robert Forster, a some kind of hacker published his private key for a wallet of his with 1ETH balance.  Someone else tried to withdraw but still was not able to ...

Forster used something called RBF ( Replace by Fee).
He signed a transaction but keep it offline, not informing the network about that. Then with the use of a listening node "watched" his wallet for any activity and when someone would try to move the funds he would sent the previous signed transaction to the network and since it would have higher fees it would replace the initial one and get propagated faster within the network.

Source link: https://www.trustnodes.com/2020/01/04/hacker-publishes-private-key-but-no-one-can-steal-his-eth

The process sounds pretty simple and straightforward and definitely used as proof of concept.
The thing that grinds my gears is that for the signed transaction he seems to have added a fee equal to the wallet balance (at least from what I understood, to make it not profitable at all for any thief). And for any attempt to withdraw his funds he would "lose" the amount as fees for miners.
 

  

Based on what method that already used by such hacker and that sounds very interesting to hear that. But as far as I know to replace the first tx with the second tx with a higher fees and that needs the time. That can't happen instantly. I have tried this to replace the first transaction that got stuck in the network caused by the network bloating.
I think that looks like a simple process. But so many people are getting trapped in this case.

[Chlotide]

Since ETH blocks are at 12 seconds intervals I assume that's why it works on Ethereum network. Maybe you tried with another coin. Just guessing ...

[istiak2277]

is it possible to use this method with other blockchains? what about other fast blockchains out there.may be This kind of method can be used for security purpose if possiable.

[zulfi125]

We should educate and spread this kind of knowledge because most of the people were receiving spam emails, which included private keys and wallet addresses that are showing various tokens so everyone should know about this technique and also should share with others crypto community.

[3la9l_kolbaCa]

We should educate and spread this kind of knowledge because most of the people were receiving spam emails, which included private keys and wallet addresses that are showing various tokens so everyone should know about this technique and also should share with others crypto community.

This wasn't a new cases of scam tactics of hackers, although this certain scenario of exposing private keys was barely published towards many people that doesn't mean you can get those funds. Main reason to that was due to bot program which steals your eth gas after sending the wallet address. I myself was already a victim on this trap, gladly I only send 0.01 eth which isn't a big deal on that time. Spreading this information can help everyone be very careful when certain situations tried to catch their attention.

[CryptoVzla]

not only him who do it , there is much more people on crypto group who sending their ethereum private key that contain big amount of dollar token on the wallet , but when people try to withdrawls and send some eth on that wallet, the eth is automaticly sending to other address with set up fee, but this thing is really shit :/

[Chlotide]

Initially I assumed it was a proof of concept, ingenious and also fairly expensive way to secure funds. Did not see any evil side. Can you please explain how this would be used to trick someone? besides a thief that tries to empty the wallet...

[Yudhisthir]

This illustrates two things. One is the versatility of the Ethereum code and blockchain as a whole. The multiple ways in which blockchain can be used. And it also exposes the bugs we don't know and risk we are taking while using and specially when migrating to limited confirmation network with shrading.

[Chlotide]

This wasn't a new cases of scam tactics of hackers, although this certain scenario of exposing private keys was barely published towards many people that doesn't mean you can get those funds. Main reason to that was due to bot program which steals your eth gas after sending the wallet address. I myself was already a victim on this trap, gladly I only send 0.01 eth which isn't a big deal on that time. Spreading this information can help everyone be very careful when certain situations tried to catch their attention.

Did not realise the full extent of this "trick" initially
Got reading a bit more and found this: https://medium.com/@yenthanh/token-honey-pot-scam-on-ethereum-network-when-hacker-scam-hacker-1b3118a46495
Goes to show that anything can be used for the wrong purpose...

[Mianae]

What happens when this is reversed or when someone with a higher fee completes the transaction before the wallet owner. There must be a way to reverse this.