-
Notifications
You must be signed in to change notification settings - Fork 19.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Threat : Devnet Node all Amount goes to miscellaneous address #0x071aAd74A52f76aeC4a4b4fecfc910dbC8fe03F4 #24018
Comments
Please provide exact details on what parameters you are using to run the node. As you haven't, I'll make a guess:
Thus, someone (most likely a bot) found your open node, and (regardless of it being a private chain), the bot then proceeded to make transactions to steal the funds. |
Has this issue been resolved yet |
Hi @holiman Yes, your guess is correct and we have below command and flags for running the same. geth --datadir /gethDataDir/bootstax --networkid 20211 --port 30303 --maxpeers=3 --http.addr 0.0.0.0 --ws --ws.addr 0.0.0.0 --ws.port 8546 --ws.origins '' --http --http.port 8545 --http.corsdomain '' --nat any --http.api eth,net,web3,admin,debug,personal,net,txpool,shh --ws.api eth,net,web3,network,debug,txpool --ipcpath gethDataDir/geth.ipc --allow-insecure-unlock --mine --miner.threads=1 --http.vhosts=*" As this is Devnet node so we were testing multiple things at the same time, could you please help us to share for the testnet and mainet process to follow for different nodes and flags? Many thanks in advance. |
Well, if you set the node up so that it's exposed to the internet, and anyone who happens to find it can send transactions from it without any form of authentication, it's hardly surprising that someone found it and is sending transactions from it. |
0x071aAd74A52f76aeC4a4b4fecfc910dbC8fe03F4 please see blow details |
How long have you been having this issue and have you submitted a ticket?
…On Sat, Oct 8, 2022 at 2:04 PM Sourabhshail ***@***.***> wrote:
0x071aAd74A52f76aeC4a4b4fecfc910dbC8fe03F4
this address stealing my validator amount . please help me how i can stop
this.
please see blow details
https://fufiscan.com/address/0x071aad74a52f76aec4a4b4fecfc910dbc8fe03f4/transactions?block_number=2004664&index=0&items_count=50
—
Reply to this email directly, view it on GitHub
<#24018 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWWRUXPGQVZ6UAYCTIDERW3WCFWOZANCNFSM5I7GCV4Q>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Hi Brymex |
You’ll need to access your dapp live dashboard to manually validate your
wallet mate
…On Tue, Oct 18, 2022 at 1:12 PM Sourabhshail ***@***.***> wrote:
Hi Brymex
i am facing this issue from last 6 months.
i still didn't submit ticket please help me how i can resolve this problem?
—
Reply to this email directly, view it on GitHub
<#24018 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWWRUXIZJFBDPOH377QZQ7LWD2H4TANCNFSM5I7GCV4Q>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Don't use --allow-insecure-unlock! |
geth --datadir /gethDataDir/bootstax --networkid 20211 --port 30303 --maxpeers=3 --http.addr 0.0.0.0 --ws --ws.addr 0.0.0.0 --ws.port 8546 --ws.origins '' --http --http.port 8545 --http.corsdomain '' --nat any --http.api eth,net,web3,admin,debug,personal,net,txpool,shh --ws.api eth,net,web3,network,debug,txpool --ipcpath gethDataDir/geth.ipc --allow-insecure-unlock --mine --miner.threads=1 --http.vhosts=*" I am using above command can you please correct this. |
You can send transactions by using signing them with your wallet and sending them via |
I ran into the same problem. What I don't understand is how the bot knows the private key of the wallet. |
System information
Geth version: 1.10.8-stable
OS & Version: Ubuntu 20.04.3 LTS
Expected behaviour
We have run a private blockchain node on our Ubuntu server with a single node, all details running on a single node only such as rpc, mining, signer, boot node etc. Should be working as a normal node but we found a very high-risk factor there and all amount goes to an unknown address.
Actual behaviour
Node is running fine and mining also happening properly, all other operations are normal but all amount has been disappeared after some weeks. we found that address is not belong to anywhere in our apps, Keystore, and other platforms
Steps to reproduce the behavior
We have attached all transaction screenshots and other information for the same address.
Transaction Details:
Transaction Details 1:
Transaction Hash
0x55c17e5d54362ab13fc4566bf99fbdd65f2401303d464a232d7c84df8afc7ae7
Result
Success
Status
Confirmed Confirmed by 129,911
Block
25073
Timestamp
a month ago | October-21-2021 03:20:42 PM +5.5 UTC | Confirmed within 2.0 seconds
From
0x30de4e6222d647a22b9543e2e959ef0889e521f5
To
0x071aad74a52f76aec4a4b4fecfc910dbc8fe03f4
Value
1E+14 STAX
Transaction Fee
0.00042 STAX
Gas Price
20 Gwei
Gas Limit
21,000
Gas Used by Transaction
21,000 | 100%
NoncePosition
80
Transaction Details 2:
Transaction Details
Transaction Hash
0xca6c9e9b6370bc2e0c89cddcf3cbaa91cd4f1fecb6c6d86898399f9afe06a7bc
Result
Success
Status
Confirmed Confirmed by 124,784
Block
30200
Timestamp
a month ago | October-30-2021 03:50:19 PM +5.5 UTC | Confirmed within 6 milliseconds
From
0x30de4e6222d647a22b9543e2e959ef0889e521f5
To
0x071aad74a52f76aec4a4b4fecfc910dbc8fe03f4
Value
1E+14 STAX
Transaction Fee
0.00042 STAX
Gas Price
20 Gwei
Gas Limit
21,000
Gas Used by Transaction
21,000 | 100%
NoncePosition
80
Transaction Details 3:
Transaction Details
Transaction Hash
0xf3768c21a4ae2d18a339b239a33b88779e4989a8717f3921e920451f21e98281
Result
Success
Status
Confirmed Confirmed by 9,018
Block
145966
Timestamp
3 days ago | November-26-2021 07:09:14 PM +5.5 UTC | Confirmed within 21.8 seconds
From
0x30de4e6222d647a22b9543e2e959ef0889e521f5
To
0x071aad74a52f76aec4a4b4fecfc910dbc8fe03f4
Value
231,516.000083999998345216 STAX
Transaction Fee
0.00042 STAX
Gas Price
20 Gwei
Gas Limit
21,000
Gas Used by Transaction
21,000 | 100%
NoncePosition
130
When submitting logs: please submit them as text and not screenshots.
The text was updated successfully, but these errors were encountered: