0xDeadList0xDeadList: Why we should collect a list of addresses with leaked private keys
When we say that an Ethereum account has been lost, it refers to two cases: the owner forgets the private key, or the owner leaks the private key. The latter case is very dangerous as anyone with the private key can act the same as the account owner. The account owner loses the exclusive right to use the account, and the account and its address are not secure anymore. DApps should be aware of leaked or disclosed accounts in a timely manner, and provide protection to the owners of these accoun...
0xDeadList0xDeadList:我们为什么应该收集一个私钥泄露的地址名单
当我们讨论起某个以太坊账号丢失的时候,指的是两种情况:所有者忘记了私钥,或者所有者泄露了私钥。 后一种情况是非常危险的,因为任何拥有私钥的人都可以像账户所有者一样行事。账户所有者失去了使用该账户的专有权,该帐户及其地址不再安全。 DApps应该及时知道私钥被泄露或者公开的账户,并对这些账户的拥有者提供保护,例如:web3邮件需要暂停用户对这些账户邮件的访问;地址在私钥泄露后签署的协议将不能视为该地址真实拥有者授权的。 为了解决上述问题,我们提出了0xDeadList项目用于维护一份私钥已经泄露的地址名单。0xDeadList通过奖励NFT,激励用户和黑客报告私钥丢失的账户,并将这些泄露账户的信息存储在链上,方便DApps查询这些不安全的账户:用户主动挂失的账户和私钥泄露的账户。0xDeadList 项目简介0xDeadList鼓励用户收集已经泄露了私钥的地址,用户可以直接登陆 0xdeadlist.io 上报泄露的账号。为了防止front-running攻击,并让所有者在泄露的私钥完全公开之前有一些处理时间,0xDeadList合约提供了简单的两个步骤:锁定地址和埋葬地址。在第一...
0xDeadList0xDeadList: Why we should collect a list of addresses with leaked private keys
When we say that an Ethereum account has been lost, it refers to two cases: the owner forgets the private key, or the owner leaks the private key. The latter case is very dangerous as anyone with the private key can act the same as the account owner. The account owner loses the exclusive right to use the account, and the account and its address are not secure anymore. DApps should be aware of leaked or disclosed accounts in a timely manner, and provide protection to the owners of these accoun...
0xDeadList0xDeadList:我们为什么应该收集一个私钥泄露的地址名单
当我们讨论起某个以太坊账号丢失的时候,指的是两种情况:所有者忘记了私钥,或者所有者泄露了私钥。 后一种情况是非常危险的,因为任何拥有私钥的人都可以像账户所有者一样行事。账户所有者失去了使用该账户的专有权,该帐户及其地址不再安全。 DApps应该及时知道私钥被泄露或者公开的账户,并对这些账户的拥有者提供保护,例如:web3邮件需要暂停用户对这些账户邮件的访问;地址在私钥泄露后签署的协议将不能视为该地址真实拥有者授权的。 为了解决上述问题,我们提出了0xDeadList项目用于维护一份私钥已经泄露的地址名单。0xDeadList通过奖励NFT,激励用户和黑客报告私钥丢失的账户,并将这些泄露账户的信息存储在链上,方便DApps查询这些不安全的账户:用户主动挂失的账户和私钥泄露的账户。0xDeadList 项目简介0xDeadList鼓励用户收集已经泄露了私钥的地址,用户可以直接登陆 0xdeadlist.io 上报泄露的账号。为了防止front-running攻击,并让所有者在泄露的私钥完全公开之前有一些处理时间,0xDeadList合约提供了简单的两个步骤:锁定地址和埋葬地址。在第一...
TLDR: When 0xDeadList Dev team transfers some Matic to a leaked address. A hack happened after a while.
The hack:
https://polygonscan.com/tx/0x8539ba8f0d5a55273108432578f77b92a66a22dbeb80032940d33c08926e86bd
To test the dark forest of Ethereum, and also to encourage hackers to report their hacked addresses. We airdrop one of the 0xDeadList addresses in Polygon:
https://polygonscan.com/address/0x40d0308215956928dc67cfaa76202d0f9694e003
We choose this address for the following reasons:
It has not been buried in the Polygon mainnet before the hack happened.
The 0xDeadList Dev team used this account to test the 0xDeadList contract, and the account has been buried during the test. For example, the account has been sent a tombstone SBT (with its private key in the ERC-721 Token ID), see this transaction for more details:
https://rinkeby.etherscan.io/tx/0x6473db20f9b341745becde9811c331befff1a95bae7427f66929b815b209128e
We think that it’s harder for hackers to find this leaked address, but let’s see what happened before the hack:
The address has been leaked 100 days ago (buried in Rinkeby), and first has a balance in Polygon 90 days ago (5 Matic). Although we have no idea when hackers found this leaked address, the hack never happened until yesterday.
We transfer 0.616 ETH to this address (transaction 1) and nothing happened.
We swap the 0.616 ETH into 966.905 Matic (transaction 2) in block height 34675224, and after 3 blocks (block height 34675227), a hacker has stolen all 970 Matic (transaction 3).
Is it interesting? Welcome to find more details about this hack and discuss it with us in our Discord.
TLDR: When 0xDeadList Dev team transfers some Matic to a leaked address. A hack happened after a while.
The hack:
https://polygonscan.com/tx/0x8539ba8f0d5a55273108432578f77b92a66a22dbeb80032940d33c08926e86bd
To test the dark forest of Ethereum, and also to encourage hackers to report their hacked addresses. We airdrop one of the 0xDeadList addresses in Polygon:
https://polygonscan.com/address/0x40d0308215956928dc67cfaa76202d0f9694e003
We choose this address for the following reasons:
It has not been buried in the Polygon mainnet before the hack happened.
The 0xDeadList Dev team used this account to test the 0xDeadList contract, and the account has been buried during the test. For example, the account has been sent a tombstone SBT (with its private key in the ERC-721 Token ID), see this transaction for more details:
https://rinkeby.etherscan.io/tx/0x6473db20f9b341745becde9811c331befff1a95bae7427f66929b815b209128e
We think that it’s harder for hackers to find this leaked address, but let’s see what happened before the hack:
The address has been leaked 100 days ago (buried in Rinkeby), and first has a balance in Polygon 90 days ago (5 Matic). Although we have no idea when hackers found this leaked address, the hack never happened until yesterday.
We transfer 0.616 ETH to this address (transaction 1) and nothing happened.
We swap the 0.616 ETH into 966.905 Matic (transaction 2) in block height 34675224, and after 3 blocks (block height 34675227), a hacker has stolen all 970 Matic (transaction 3).
Is it interesting? Welcome to find more details about this hack and discuss it with us in our Discord.
Share Dialog
Share Dialog
Subscribe to 0xDeadList
Subscribe to 0xDeadList
<100 subscribers
<100 subscribers
No activity yet