This script was used to rescue funds waiting to be withdrawn on the Kiln Onchain V2 Exit Queue to recover $7K worth of ETH from a compromised wallet.
- The compromised wallet has had it's private key leaked, a malicoius individual set up a bot to monitor for incoming transactions and to steal tokens as soon as they are deposited to the compromised address.
- To claim the ETH from the exit queue the compromised wallet needs to be seeded with enough ETH to pay for the gas fees (without the bots stealing the ETH as soon as it is deposited).
The solution is to send transactions to seed + claim + withdraw all in the same block. We can do this by sending these transactions as a bundled to the flashbot network using the ethers-provider-flashbots-bundle package.
- Send funds from
funding_wallettocompromised_walletto cover gas for claiming + transfering - Claim the exit queue ticket from
compromised_wallet - Transfer claimed ETH tokens from
compromised_wallettoledger_wallet
The transactions can be seen bundled together in block 19663505
| Transaction | Hash |
|---|---|
Funding compomised_wallet using funding_wallet |
0xba0c37...1da10e |
Claiming the exit ticket to compromised_wallet |
0x4e6945...013470 |
Withdrawing ETH from compromised_wallet to ledger_wallet |
0x172b1a...5bf065 |
| Contract/Account Name | Address |
|---|---|
| Exit queue contract | 0x8d6Fd650500f82c7D978a440348e5a9b886943bF |
| Compromised Wallet | 0xffCB8D87dAcc4BDE40Dda52b5a81eB25d094091e |
| Funding Wallet | 0x7E72F7856465f64908C9a9c000E133ACb128F979 |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent