Aito
Access Control Auditor
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
200 XP
read this aswell after my post
So, me and 2 other Friends lost 27,3 ETH (73k €) in total togheter by using rdp.sh
Well I was quite lucky my part was small I lost only about 1.3 ETH (3,5k €) and my WETH
STORY:
_________________________________
So what happened?
We are using custom made bidding bots for Opensea and we are doing mass offers on Nfts. We are bidding always below the floor price and hoping someone accepts these.
This works and we making quite decent profits from these flips.
So to use the tool we have to insert our ETH private Key into that tool, which will be encrypted after inserting it, that Private Key is stored and encrypted in the tool.
One day Ive noticed that all running tasks and api keys + private key where deleted from the tool, which is quite weird and shouldnt happen.
So I reentered all my details including the private key and started the bot again, evething working fine again. I thought it crashed or whatever happened.
After 2 Days I got a notification that some eth where transfered from a friends wallet (im watching his transactions) and I saw that about 24 WETH where transfered away, I instantly knew what happened but It was to late from this point. After a minute I saw that my ETH on my wallet with 1.3 ETH where transfered away aswell. Shortly after that I saw that another 2 WETH from an other Friend where send away too.
We all used Rdp.Sh to host our Bot, to clarify we didnt got hacked from any other source the Rdp was completly new for all of us. Also we had really strong passwords there was no way to bruteforce them.
Also we made the Bot we have to sourcecode to it. Never ever use their service for anything they installing clipboard hijacker to your server to scam you.
For my part it was a lesson but Im happy that I havent lost more because It could be lot more worse. Im feeling bad for my friends they lost alot.
_________________________________
It must have either been RDP.sh Employees or Attackers which got access to the whole Infrastructure through the RDP.sh Backend.
Also did some Investigation on the VMs to see what has happened:
- Windows Event logs were cleaned up to hide their footsteps
- Virus Scanner found a bunch of infected Files
- VirusTotal knew the files and says there is everything nasty in those files (Keylogger, Trojan, Spyware etc.)
So, me and 2 other Friends lost 27,3 ETH (73k €) in total togheter by using rdp.sh
Well I was quite lucky my part was small I lost only about 1.3 ETH (3,5k €) and my WETH
STORY:
_________________________________
So what happened?
We are using custom made bidding bots for Opensea and we are doing mass offers on Nfts. We are bidding always below the floor price and hoping someone accepts these.
This works and we making quite decent profits from these flips.
So to use the tool we have to insert our ETH private Key into that tool, which will be encrypted after inserting it, that Private Key is stored and encrypted in the tool.
One day Ive noticed that all running tasks and api keys + private key where deleted from the tool, which is quite weird and shouldnt happen.
So I reentered all my details including the private key and started the bot again, evething working fine again. I thought it crashed or whatever happened.
After 2 Days I got a notification that some eth where transfered from a friends wallet (im watching his transactions) and I saw that about 24 WETH where transfered away, I instantly knew what happened but It was to late from this point. After a minute I saw that my ETH on my wallet with 1.3 ETH where transfered away aswell. Shortly after that I saw that another 2 WETH from an other Friend where send away too.
We all used Rdp.Sh to host our Bot, to clarify we didnt got hacked from any other source the Rdp was completly new for all of us. Also we had really strong passwords there was no way to bruteforce them.
Also we made the Bot we have to sourcecode to it. Never ever use their service for anything they installing clipboard hijacker to your server to scam you.
For my part it was a lesson but Im happy that I havent lost more because It could be lot more worse. Im feeling bad for my friends they lost alot.
_________________________________
It must have either been RDP.sh Employees or Attackers which got access to the whole Infrastructure through the RDP.sh Backend.
Also did some Investigation on the VMs to see what has happened:
- Windows Event logs were cleaned up to hide their footsteps
- Virus Scanner found a bunch of infected Files
- VirusTotal knew the files and says there is everything nasty in those files (Keylogger, Trojan, Spyware etc.)