This story is about how a large company Fintech company has been hacked. We will call her TwinPeaks to preserve anonymity or TP for short.
It was a cold winter Friday night. Suddenly the silence was broken a phone call from the States:
Hello, Daniel! Please go online, we were hacked…
It was a technical Director TR. It seems that that day they were not lucky — they got hacked. In short, their hot bitcoin wallet was devastated by hackers.
What to do? A quick look at the transaction made me gasp with horror — the amount of the transaction amounted to a little less than 1 000 000 US dollars. My first thought was that the only thing I can do is Express condolences.
However, my attention was drawn to one important point — the transaction had zero confirmation. Why? At that moment, the Bitcoin network was overloaded. And this situation gave me the opportunity to take immediate action.
The fact is that until the transaction has confirmed in the blockchain, it is isolated in the so-called Manole — temporary storage. While the transaction is in Manole have a chance to influence its fate: to raise fees, for example, or even change the recipient address.
So, I managed to snatch one million dollars from the clutches of a swindler in the night?
The answer is very simple: I had to send another transaction that would have been discovered before the original miners.
The task of the miner — confirmation of the transaction online. When they confirm the transaction, they receive a reward. How big is the reward? Depends on the cost of a fee per transaction. The more the amount of remuneration assigned by the user, the more you get miner. That is why the miner is more profitable to work with transactions that offer the greatest rewards. Of course, that such transaction will be his priority. The more charge, the faster will be processed transaction.
Thus, the task narrowed to a transaction in mempool, identical in size to the one that was sent earlier, but with the address of the other recipient, and with higher pay.
Trying to save the stolen money, I created a transaction with a huge fee (more than $ 100 instead of the original $ 7) and changed the address of the recipient, specifying address, owned by TwinPeaks.
And I began to wait. It seemed that I waited forever. I nervously walked through the kitchen, Smoking and staring at the monitor. .
30 minutes went by and I saw the first confirmation of my transaction. After a while I had all six confirmations of my transaction, and the transaction of the attacker was soon canceled because the money has already been spent.
I think no need to describe how I felt at that moment! Victory is the best reward, the pride which overshadows it.
It’s time to go to bed, but I decided to describe the entire algorithm in a simple python script, so anyone could use it if, God forbid, is faced with a similar problem. Or, what happens more often, someone just tired to wait for confirmation of a transaction and decides to pay for her treatment a little more. That’s why I called the scenario upmyfee and uploaded it to Github:
Only making the final push, I fell asleep thinking that with the development of cryptocurrency market and promote scriptaction the price of safety is growing exponentially.
Material written by Daniel Yavorovich, founder and technical Director Arilot.