Sweeper bot on Metamask, Coinbase, Trust wallet and others (solved)
It all started when I was working on a smart contract for a new product. I didn’t realize it at the time, but my personal wallet keys were being leaked on GitHub. A hacker found my wallet address and immediately emptied it of its contents. Thankfully, I had staked some ETH into pools, so there was still money left in those accounts. But it wasn’t enough to cover my rent or bills.
So what is a sweeper bot, anyway?
Also known as a sweeper bot, a sweeper is an automated bit of code (also called a script) that can be assigned to a blockchain address, to perform actions relating to that account automatically, such as automatically sweeping assets deposited into the account to another address.
Sweeper bots are usually designed in such a way that they monitor the hacked wallet address incoming transactions in the mem pool before they get published on the mainnet. Therefore, making withdraws to the attacker’s wallet faster than you can even notice what happened.
It monitors your hacked account and withdraws your funds before you can make them available to spend again. It’s basically an ATM for thieves. All they have to do is sit back and wait for their money to come in.
I got an idea: what if we could bundle transactions together? If we could do this quickly enough, we could beat a sweeper bot at its own game!
Sweeper bots are a common occurrence in the blockchain space. As soon as you have a wallet, it’s only a matter of time before someone tries to hack it. So I was not surprised when my wallet was hacked and sweeper bots attached themselves to my account.
What can be done about this? How do we stop hackers from taking our crypto?
The best way to avoid being hacked is not to click on links in emails or social media. If you receive a message from someone claiming to be a big cryptocurrency exchange, do not go to the link and don’t download any apps for example MetaMask.
The safest way of holding your private key is by using hardware wallets such as Ledger Nano S and Trezor.
Hardware wallets are like USB drives that contain your private keys and they need to be physically connected to your computer when sending transactions or storing funds offline (cold storage).
Hardware wallets are expensive but well worth the investment if you don’t want the headache of losing all your coins due to a hack or phishing scam like this one.
Other precautionary measures include but are not limited to:
- Never manually enter key phrase on a website or app
- Use official apps and websites
- install antivirus
The pop-up is quite realistic, it actually looks like an official warning to get you to click. Note that the correct address for the site starts with https://www.myetherwallet.com/ but with this sweeper bot you connect to an insecure HTTP address.
If you look at the green address bar at the top right of your browser window in Metamask or Trust wallet (or any other web3 enabled browser) you will see that when visiting a secure website it starts with HTTPS:// When visiting a non-secure website it starts with HTTP://
After clicking “Sign In” you are redirected to this page where you are asked for your private key or JSON file. This is how you get your wallet hacked by the sweeper bot, by sending your details directly to the hacker or hacker group
When you click on the link, you will be asked to sign in with your private key. If you do that, the hacker can access your wallet and steal all of your cryptocurrency.
It is a scam! Do not trust them! Just because they promise to return your funds doesn’t mean they really will; they may just take them for themselves once they have access to them.
So here’s my question to you MetaMask Team and others using similar Wallets.
Is it possible to remove a sweeper bot in my Ethereum address?
No, it is not possible to remove a bot attached to the wallet because they already have your private keys, and with that, they can reattach the bot even if you manage to revoke their initial access.
What we do is to rescue all the funds in the wallet before it gets withdrawn.
I knew that the best way to beat this sweeper bot would be to make sure that my transaction was included in the next block before theirs did.
So I started looking for ways to speed up the process.
That’s where front running comes in handy, a way to use your own money as collateral in order to guarantee inclusion in blocks as they’re mined.
FlashBots are contracts that allow you to bundle multiple transactions into one single transaction which has higher gas prices and therefore gets confirmed on the mem pool faster than the sweeper bot.
What do you mean by bundled transactions?
It’s basically a transaction that is created by combining multiple transactions together. This can be done by manually calculating and creating multiple transactions, but there are also tools available like Flashbot which can automatically create these bundles for you.
The idea behind using Flashbot is that it will allow you to create your bundle of transactions and then send them off to be mined by miners who are willing to accept those bundles at a higher gas price than normal.
This means that since these miners are willing to pay more for their fees, they’ll get priority over other transactions when it comes time for their blocks to be mined.
Hopefully, reading this made you more aware of the threat of sweeper bots. And if you’re an Ethereum developer, hopefully, this gave you a better idea of how to work around these types of bots!