The extent of my thinking was more or less the first bullet point of this consensys article. gitignore file would be sufficient to protect my secrets. If you're active in the NFT of DeFi space, it's probably good practice to rebalance your wallets on some regular cadence. I'll at least pat myself on the back for keeping big ticket NFTs and the majority of my funds in my hardware wallet. Storing tens of thousands of dollars in your web browser is not a good idea. But you really shouldn't store anything in them that you wouldn't mind losing. Hot wallets are convenient, and I fully support keeping a bit of ETH and some of your NFTs in them for easy access. I let the assets of my hot wallet get a little out of control. There's really no reason to ever use the private key for a wallet you care about. You can always transfer contract ownership to a different wallet. ALWAYS USE A DEVELOPMENT WALLET FOR ANYTHING AUTOMATED. Mistakes happen all the time, and it's completely reasonable for any of the other stupid things on this list to happen. I used a wallet containing anything of any value for development. But otherwise, here is a list of stupid things I did in descending order from most stupid to least stupid:
#LOST SAGA XYZ FREE#
Feel free to skip this section and take my word for it that I'm very stupid.
So for the benefit of others, let's briefly analyze my stupidity. In fact, I did know better, and I proceeded to make multiple stupid decisions out of laziness.
#LOST SAGA XYZ SOFTWARE#
As a (formerly) professional software engineer I really should have known better. Aside from the sinking feeling in my gut I felt incredibly stupid. It was pretty surreal to experience what I'm sure everyone in the crypto space fears. I normally think putting memes in blog posts is tacky. All the ETH and USDC in that wallet was gone. But when I opened metamask to check my balance I saw it quickly shift to 0. It had only been up for five minutes, so maybe transfering all my assets to another wallet would be an overreaction. I immediately deleted the repo and thought maybe it wouldn't be that bad. I'd just willingly committed my private key and exposed it to the internet ?♂️. I took another look at my code, which unfortunately confirmed my paranoia. Some healthy paranoia got the better of me as I thought through the logistics of my test deployment to rinkby.
#LOST SAGA XYZ CODE#
As with a previous project I planned to host the assets on gh-pages, so I pushed my code to a public github repo.
On Thursday night I was preparing to deploy a new contract. What follows is a story of intrigue, peril, and crypto espionage. It was only a matter of time before the blockchain vultures knew what they had. Making matters worse, ownership over the contract, the IOU contract, the CryptoGodKing art blocks project, and the Subway Jesus Pamphlets OpenSea project were all tied to that wallet. In addition, several irreplaceable NFTs (like the steviep.eth ENS entry and my avatar NFT) became locked on that wallet. This led to an immediate loss of thousands of dollars in liquid assets and the eventual loss of some awesome NFTs. I did something incredibly fucking stupid last Thursday: I accidentally compromised my hot wallet.