Someone close to me was recently infected with GlassWorm. Unfortunately, they kept most of their funds in a hot wallet, and the attacker obtained their seed phrase(s).
The good news is that most of their DOT was staked, so it hasn’t been stolen yet. What the attacker has done is:
- Start unbonding the staked funds.
- Drain the account’s free balance immediately, so the rightful owner can’t rebond.
- Run a bot that monitors the compromised account and instantly transfers out any incoming funds (likely hoping the victim won’t be able to act quickly enough).
I’ve found a way to consistently beat the attacker in these “race” situations, and I’m using the following strategy:
- Each era, I rebond everything except a small portion.
- This causes funds to unlock gradually (a bit each era) instead of all at once.
- Whenever a portion unlocks, we race the attacker to move/resecure it first.
Even if it were pure chance, winning ~50% of these races would already recover half of the amount. In practice, I believe the approach I’m using gives better-than-50% odds (I’m intentionally not describing the exact trick publicly so the attacker doesn’t adapt).
Why I’m posting: while working through this, I’ve noticed on-chain activity that suggests others may be in the same situation. If your DOT is compromised but still currently unbonding / unlocking (or unlocking after voting), I’m happy to share guidance and help you attempt recovery.
- I’m not charging anything. I mean, I will ask you to pay for the transaction fees (< 1 DOT).
- If the attacker already completed the theft and the funds are gone, don’t bother reaching out, because I can’t help you.
If this matches your situation, reply DM me on the forum. Also, only reach out if and only if you trust me enough to share the compromised private-keys with me (DO NOT SEND THEM TO ME OVER THE DM MESSAGE OF THE FORUM, OBVIOUSLY) and to act in your best interest. The reason being that I won’t be sharing the code with the “tricks” that I’m using the beat the hackers, for obvious reasons.