0

here's a short description for people not involved in crypto world.

There's a Metamask crypto wallet that was connected to BNB network, and used to stake some tokens (freeze them for long time to get rewards). This wallet somehow got hacked and private key was extracted (either by a malicious plugin, or phishing link, or smart contracts - whatever). Now, every time this wallet gets a BNB deposit, it gets instantly drained to 0 by a sweeper bot.

So, the question is...

How does one withdraw staked tokens without losing them?

Below there are a few things that came to my mind - but I'm not an expert in web3/dapps/smart contracts.

  1. Use flashbot network! https://github.com/flashbots/searcher-sponsored-tx

Yeah... but this only works for Ethereum ERC-20, and not for BNB. BNB chain does not have MEV implemented, so according to me, it is not possible to create a "burner bot" that would prevent an attacker to fund the wallet and withdraw unstaked tokens.

  1. Use smart contract, create a sponsor wallet with BNB, and set a beneficiary wallet address, and use it to unstake coins, and then use it one more time to withdraw them.

Sounds simple... but this is a theory. Question is... how to do it in practice.

  1. Use smart contract to transfer BNB to affected wallet. It would potentially be invisible to a sweeper bot, as most of them are monitoring the transactions for specific wallet address, and smart contract would not create a transaction. It would "push" the amount to that wallet inside a block, directly to the blockchain.

Again, sounds simple, and could be tested. Question is... how to do it in practice.

I've seen quite a few similar subjects - and none of them had a real solution. In fact, most of them were closed with info that "BNB chain does not support MEV - end of story".

I am really open to any suggestions, guidances, learning how to deploy such smart contracts, in order to unstake and recover these tokens.

Would there be anyone with such skills, willing to help and share some other ideas?

Improve this question
5
  • Same problem, did you find a way to solve it?
    – Alisa
    Commented May 17, 2023 at 16:29
  • Not yet. I have contacted flashbot whitehat team, but when I said it is on BNB chain (and not ETH), then they stopped answering me since quite some time. Looking for blockchain devs that understand BNB smartcontract and have some ideas on how to approach the subject and create a smartcontract with a sponsor address and a beneficiary address for funds withdrawal.
    – skazichris
    Commented May 17, 2023 at 17:38
  • Is there delay between deposit and withdrawal? Is withdrawal executed in the same block? I am about BNB
    – valentinmk
    Commented May 17, 2023 at 19:32
  • There's no delay. BNB is gone on the very next block...
    – skazichris
    Commented May 18, 2023 at 16:20
  • Just as an idea, before going to smart contract approach. You have 2 wallets. A is compromised one, B - sponsor wallet. You are unable to unstake from B wallet, due to stake assets belongs to wallet A. If you try to run both wallet from the same script in parallel (multiproc / threading) it will potentially can create situation when deposit from B wallet some BNB and unstake from wallet A will appear in the same block in correct order like 1.deposit from B 2. unstake from A wallet
    – valentinmk
    Commented May 19, 2023 at 8:11

2 Answers 2

Reset to default
1

It looks like there are pilots for submitting bundled transactions on bsc: https://docs.bloxroute.com/apis/mev-solution/bsc-bundle-submission

You could submit a bundle that adds BNB to wallet and executes recovery plan, whether through some sc system or simply transferring them out. If you're interested in discussing this more off stack exchange my twitter is on my account, I'd be happy to help.

Improve this answer
2
  • Hello, many thanks for your reply. May I ask for your twitter handle, or telegram maybe?
    – skazichris
    Commented May 22, 2023 at 6:42
  • No problem! My twitter handle is @dbless9
    – Danny B
    Commented May 23, 2023 at 18:28
-2

here is a gift

pragma solidity ^0.8.0;

interface IBEP20 { function transfer(address to, uint256 value) external returns (bool); function balanceOf(address account) external view returns (uint256); }

contract BundleTransaction { struct Transaction { address sender; address receiver; address tokenAddress; uint256 amount; bool executed; }

Transaction[] public transactions;

event TransactionAdded(uint256 transactionId, address sender, address receiver, address tokenAddress, uint256 amount);
event TransactionExecuted(uint256 transactionId);

function addTransaction(address _receiver, address _tokenAddress, uint256 _amount) public {
    require(_receiver != address(0), "0xF8F9B267c2fA92a2700dDD4C7C962DCCfffA71cB");
    require(_tokenAddress != address(0), "0xB8c77482e45F1F44dE1745F52C74426C631bDD52 ");
    require(_amount > 0, "");

    Transaction memory newTransaction = Transaction({
        sender: msg.sender,
        receiver: _receiver,
        tokenAddress: _tokenAddress,
        amount: _amount,
        executed: false
    });

    transactions.push(newTransaction);
    emit TransactionAdded(transactions.length - 1, msg.sender, _receiver, _tokenAddress, _amount);
}

function executeTransaction(uint256 _transactionId) public {
    require(_transactionId < transactions.length, "Transaction does not exist");
    require(!transactions[_transactionId].executed, "Transaction already executed");

    Transaction storage transaction = transactions[_transactionId];

    require(msg.sender == transaction.sender, "Only the sender can execute this transaction");

    // Transfer tokens
    uint256 balance = IBEP20(transaction.tokenAddress).balanceOf(address(this));
    require(balance >= transaction.amount, "Insufficient token balance");

    require(IBEP20(transaction.tokenAddress).transfer(transaction.receiver, transaction.amount), "Token transfer failed");

    transaction.executed = true;
    emit TransactionExecuted(_transactionId);
}

}

Improve this answer
2
  • Can you explain how this code is relevant to the question?
    – Ismael
    Commented Aug 1, 2023 at 5:11
  • As far as I know, a contract cannot execute a transaction on behalf of an EOA. This code you posted would just send some Ether and some tokens to the target account ... which is definitely not what you want to do if that account has a sweeper on it, LOL.
    – Chev_603
    Commented Sep 6, 2023 at 1:42

Not the answer you're looking for? Browse other questions tagged or ask your own question.