How Not to Get Hacked Programming Blockchains

Sm00g15 — Sat, 13 Oct 2018 02:22:56 +0000

I'm Sean and I've been a developer for a little over a year. I'm a blockchain/crypto enthusiast and started programming in/around crypto in the strangest of ways....I GOT HACKED!

Well, not exactly, more like I made a major not so smart mistake. I'll share my experience here so that you won't have to make the same mistake!

It all started when I took this course by Stephen Grider on Udemy: https://www.udemy.com/ethereum-and-solidity-the-complete-developers-guide/

I highly recommend it if you're interested in learning how to program smart contracts in Ethereum...it's a super fun course!

Shortly thereafter, I went to start sandboxing some new apps I wanted to play around with. Well, if you know anything about about programming Ethereum applications that interact with the blockchain, you'll know that you have to provide a 12-word MNEMONIC which serves as your private key (basically your password to your Ethereum address that shows that you own the address).

Little did I know that since I wasn't using any environment variables and my repo was public, my private key to my account would be open to all of GitHub! After doing a quick search on GitHub, an exposed user looks like this:

In short, somebody found my keys on GitHub, broke into my account, and stole my money!!!! Bad day for the wallet, Excellent day for learning!

TAKEAWAY LESSON:
1) Use environment variables when posting your private key data on GitHub
2) Use private repos when possible for additional safety
3) Use a command-line interface (like readline-sync: https://www.npmjs.com/package/readline-sync) to enter your private key data at runtime for ultimate safety

Happy Programming!

Forem: Sm00g15

How Not to Get Hacked Programming Blockchains