On 13 September, a Twitter user shared the distressing news of their account being hacked due to a compromised seed phrase.
https://twitter.com/samuraizann/status/1701875884217749515
While the damage was done, there were still valuable NFTs trapped in the compromised address. The challenge? Transferring these assets would require gas, which would be instantly deducted by a notorious "Sweeper Bot" as soon as it's sent to the compromised address.
🌊 Dive deeper into the world of Sweeper Bots: What are Sweeper Bots?
To outsmart the Sweeper Bot, we turned to flashbots private transactions. These transactions are bundled and hidden from the public mempool. In layman's terms, we sign multiple transactions and execute them all at once in a single block. The first transaction in this bundle sends ether to the compromised address.
Using the aradhwin.eth address as a case study (though the steps are universal):
Compromised Address: 0xE7a98f3AeAf30Ff2A1a40839115067D1Fb2174ff
Attacker Address: 0x875C02095ABB53428aa56A59FE6C8E712F48C762
Ethereum Transaction Hash (Txhash) Details | Etherscan