It started with Claude generating a private Ethereum key
·
Jan 4
Setting Up the Environment
While working on a Foundry deployment script, I stumbled upon an unexpected suggestion from Claude 3.5: a private key. I loaded the key into my wallet, only to uncover a rabbit hole of blockchain mysteries. This is the story of how I discovered a clever scam involving dust ether, blacklisted tokens, and unsuspecting victims and the lessons I learned along the way.
The Curious Suggestion by Claude
It starts like this: I am in my IDE, setting up a local environment file holding secret information. One of the things I have to do, is define a private key.
And Claude makes this suggestion
Claude suggests a private key
Curious about the suggestion, I checked the account generated by this private key. At first, I was excited, perhaps I’d stumbled upon a hidden treasure in the blockchain. But as I dug deeper, the story took a dark turn.
I loaded the private key in my wallet and it generated this address: 0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266.
It holds 19 wei and 38 worthless tokens. Total value less than 10 cents. Unimpressive, but still curious.
Uncovering the Dust Ether Scam
Checking the transaction list for this address, I see that most of the ether is collected by ethkeydotnet.eth. The interesting thing is the same collector receives dust from multiple accounts. But a lot more often from another account 0x4DE23f3f0Fb3318287378AdbdE030cf61714b2f3.
Why is this account a lot more active then the one I just unlocked?
Well, this account has 2,363 USDT. The thing is, they’re stuck. USDT can blacklist accounts, and this one is; they can’t transfer USDT anymore.
If you don’t check, you might feel tempted to send ether to it in order to extract the stuck 2,363 USDT.
But what happens if you actually try to fund the account and don’t realize the tokens are stuck?
Well, ethkeydotnet.eth sees the transaction and creates a new one that runs immediately after yours.
You can also find the private key for this account online. This means, not only ethkeydotnet.eth has access to it, but practically anyone.
The fun thing is that it has lots of recent activity. People sending ETH in to try to collect the 2.363 USDT which seemingly just sits there.
I almost did it myself. But I got enough experience to investigate at least a little bit before doing anything stupid.
This keeps happening every few hours.
This situation is not unique; there are multiple addresses with hundreds of thousands of blacklisted USDT. It tickles some people in just the right way, prompting them to try to extract the money without any investigation. Some accounts used to hold hundreds of thousands of dollars.
I found a few bitcointalk threads about this from the year 2020. I guess people were at home and playing with different types of onchain games.
How the Scam Works
1. A wallet is preloaded with blacklisted tokens that cannot be moved.
2. Victims notice the balance and assume they can extract value.
3. To access the tokens, victims send ether to cover gas fees.
4. Scammers monitor the blockchain and immediately intercept the funds.
Please don’t try to extract the tokens yourself. Don’t fall for this scam.
gof.art.blog 