A wallet was compromised and was automatically transferring tokens as soon as we try to fund the wallet for transfer.
We tried to fight it by making a web3 py script that also automatically transfers the token to another wallet as soon as it has enough BNB for the transaction's gas. We used gas price 412 Gwei and 100,000 gas limit. The script runs in a loop until it successfully sends the txn.
transfer_txn = contract.functions.transfer(receiver, total_amount).buildTransaction({
'from': wallet_address,
'gas': int(gas_limit),
'gasPrice': web3.toWei(gas_price, 'gwei'),
'nonce': web3.eth.get_transaction_count(wallet_address),
})
I was using the token's "transfer" function to do this – however, this hacker was using a different method to outdo our transaction.
It was using gas limit 21,000 and gas price of 1,667 gwei.
Here is the txn: https://bscscan.com/tx/0x6b1a48b80e6bf7962d63d0eda7cd0e281918ca486b2a71cf89924c26adb57ffb
I have also noticed that it never interacted with any smart contract, nor it even had any input data except 0x. It didn't use transfer function at all
How does it succeed using only 21,000 Gas limit? Is there anyone here who is familiar with his method of transferring tokens? How can I replicate or outdo his method?
Best Answer
You are attempting to transfer an ERC20 (aka BEP20) token, such as BUSD. To do this, you must call the ERC20 token contract with the
transferfunction. Depending on the contract, this call costs around 60000 gas.The hacker is not transferring an ERC20 token, but is transferring BNB out of the wallet. Since BNB is the native token of BSC (such as ETH for Ethereum), such transfer does not use any contract. It is a native blockchain transfer which only costs 21000 gas.
If the value is worth it, I suggest that you join the Flashbots discord and fill the form in the #whitehat-token-rescue-service channel. These people can help you save your tokens (for a fee). Watch out for scammers and do not tell anyone anything unless it went through that channel.