David Veksler

How I Recover Stolen NFTs from Crypto Scammers 🥷🏼

Since I started helping people recover their crypto wallets in 2017, my most common reply has been “if your crypto is stolen, there is nothing I can do.”

Well, not anymore. I can now help theft victims who have assets “stuck” in compromised Ethereum wallets. But how can your crypto get stuck in a wallet? 

When Your Crypto Wallet Is Held Hostage

 When crypto thieves get a hold of your wallet, they typically do two things: first, they drain all your funds from the wallet. Second, they install a sweeper bot that checks the balance every few seconds and drains it as soon as you send anything to that wallet. But sometimes, they are not able to drain everything, either because they don’t see it, or because the asset is locked up. For example, you may have assets staked in a liquidity pool or an income-generating node such as StrongBlock. In this case, they need to wait until the funds become unlocked. In the meantime, they keep denying access to the victims.

Bypassing Crypto Criminals

This is where I come in. To sweep funds from a compromised wallet, the scammers have to see the funding Ethereum transaction that pays for the withdrawal. But what if I send my transaction directly to the Ethereum miners as a bundle, including the funding transaction and the recovery operation I want to perform? The scammers never have a chance to steal the Ethereum that pays for the gas. Furthermore, I run my own sweeper bot to deny the scammers access to the compromised wallet.

How Does It Work?

To pay for Ethereum transactions from a third-party address, I use sponsored transactions. Basically, I bribe an Ethereum miner to accept a transaction bundle, which includes a funding transaction, the transactions collecting tokens from a compromised wallet, and then a final transaction that verifies that the earlier transactions were executed before paying the miner.  My bundle doesn’t hit the public blockchain until it’s all over and there’s nothing the scammer can do to stop me.

How do I create the transaction bundle? Basically, I look up the source code of each smart contract that I want to include in the bundle, reverse engineer it to find out the relevant methods, and write code that executes it. I run a simulation of the entire process to estimate how much gas (transaction fees) I need to pay for my transactions, then add a bribe to the miners to process it directly.

The other part of this project is my own burn bot, which denies scammers access to compromised wallets. The burn bot reads from a database of compromised keys and checks the blockchain every 100 milliseconds for a transaction. If the balance exceeds a threshold, it will either spend it all in a send to itself or sends the remainder to me. The bot connects to a full Ethereum node on a powerful workstation with fast Internet to ensure that it can run faster than the scammer’s bots.

Supported Assets and Projects

For each supported token and project, I have to reverse-engineer the smart contract to find out how to recover the customer’s assets. All ERC-20 tokens follow the ERC-20 standard, so I only have to do that once. Likewise for NFTs with ERC-721. I can bulk transfer hundreds of NFT’s in a single transaction by directly calling an NFT’s smart contract. Other projects require more work. Currently, I can support StrongBlocks, all stablecoins, and LP and staking tokens from selected protocols. Supported ecosystems include Ethereum and Polygon, though I can use a different process for any EVM-compatible chain like Avalanche and Binance Smart Chain.

Wait, Does This Really Work? 😁


Leave a Reply