前几天我曾经一边转账,一边写过一篇文章怎么把steem变成以太坊的,当时以太坊在我的metamask账号上昙花一现就没了。
我曾愤恨不已,不是因为那16美元,而是因为这动摇了我对去中心化系统的信心,怎么可以说没就没了。 我决定要把原因弄明白。
因为这个资金流向是这样的,我把steem转移给blocktrades,它把以太坊转移到我指定的钱包的账号上去,同时收取一定费用。 我钱包用的是metamask chrome plug in。 其实这个钱包我平时几乎不用,就是在做智能合约的时候用过,但那也是测试网啊,但是我主网跟测试网用的是同一套seed甚至private key。
我第一个怀疑对象是blocktrades,我怀疑它们为了达成交易,把给矿工的费用人为提高了,于是我写信问他们。得到的答案是:
Hello,
Here is output hash:
https://etherscan.io/tx/0x1e3365201ccc5d257a5c75923780d77d93d4640a348b377fd47c5a23e9565a90
Best Regards,
Julija
根据那条hash,他们那里交易是没有问题的,其中交易费是0.01美元。
那么接下来我的怀疑对象就转移到了Metamask钱包身上,但是这仅仅是一个钱包啊,放我的私钥,不过我还是发信去问了,他们先让我从MetaMask的setting那里弄下载一份log给他们分析,得到的答案是:
这说明我的Metamask账号是被人黑了呀,看起来是有人黑了我的账号,然后设置了一个定时自动转账,难怪我从etherscan上看,总不停地有交易从我这个账号output呢, 而且是从很久以前开始了。
https://etherscan.io/txs?a=0x627306090abab3a6e1400e9345bc60c78a8bef57
这个‘0x627306090abab3a6e1400e9345bc60c78a8bef57’就是我的以太坊公钥地址,反正我以后也不会用这个地址了。
这个事情的教训是,如果想用钱包的地址来收款,先上链上看看,有没有像我这样不断有输出的,如果有,说明有,说明你被黑了,你的私钥已经暴露,这个账号再也不能用了。
真可怕呀。。。
Days ago I wrote an article How to convert steem to eth,I saw the eth flashed in my wallet then disappeared.
I was so discontented not because of the 16 usd worth of eth, but my confidence in decentralized system was shaken. I decided to make things clear.
The asset flow was like this: I transferred steem to 'blocktrades', in return, it transferred specified eth to my wallet and charged me some comission. I was using metamask chrome plug in for my eth wallet. Actually I didn't use that wallet at all, except I used it once for smart contract development, but that's telnet, not in the main net. But they share the same seed and private key.
In the first place, I suspect 'blocktrades' might overpay eth miner in order to make the deal, so I sent email asking them, they answered:
Hello,
Here is output hash:
https://etherscan.io/tx/0x1e3365201ccc5d257a5c75923780d77d93d4640a348b377fd47c5a23e9565a90
Best Regards,
Julija
According to that reply, they have no problem in the transaction, they gas fee was 0.01 usd.
Next step is the clarify Metamask wallet, but that's just a wallet to hold my private key. But I still sent email to ask, their response was quite promp, they asked me to download a log from metamask setting, then I got the answer:
This clearly shows that my account was hacked. Somebody compromised my eth account then set up a regular transfer system. No wonders there are always output transactions in my account in etherscan!!! It looks this account was hacked long time ago!!
https://etherscan.io/txs?a=0x627306090abab3a6e1400e9345bc60c78a8bef57
This ‘0x627306090abab3a6e1400e9345bc60c78a8bef57’ is my ethereum address and I won't use it anymore.
The lesson here is to check your wallet address in etherscan before you receive payments. If it looks like many output payments which were not your action, your account is most likely compromised and you shouldn't use that account any more.
更多区块链文章: