https://github.com/cawfree/no-u-honeypot

🍯 Using flashbots to frontrun the "leaked seed phrase" honeypot.
https://github.com/cawfree/no-u-honeypot

attack ethereum ethers flashbots honeypot pbs

Last synced: 11 months ago
JSON representation

🍯 Using flashbots to frontrun the "leaked seed phrase" honeypot.

• Host: GitHub
• URL: https://github.com/cawfree/no-u-honeypot
• Owner: cawfree
• License: cc0-1.0
• Created: 2024-12-02T23:59:55.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-12-03T22:21:16.000Z (over 1 year ago)
• Last Synced: 2025-07-18T21:06:50.782Z (11 months ago)
• Topics: attack, ethereum, ethers, flashbots, honeypot, pbs
• Language: TypeScript
• Homepage: https://twitter.com/cawfree
• Size: 203 KB
• Stars: 7
• Watchers: 1
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# no-u-honeypot

## A little knowledge can be a dangerous thing.

Basically, there's this interesting honeypot where an attacker will masquerade like a victim that has straight up rocks for brains and shares their seed phrase on social media:



  



> [**Origin Story**](https://github.com/cawfree/no-u-honeypot/blob/6f43208305bcef40e4404d739439cfc9d0b31f7c/__tests__/index.test.ts#L16) found on [**Double entry point issues**](https://www.youtube.com/watch?v=aq0n0T0wAeQ) by [**@holajotola**](https://x.com/holajotola).

Once the address is derived, consulting the block explorer will reveal an EOA that has some ERC-20 balance, but no underlying ether to cover the cost of taking the tokens out.

Would-be attackers, now incensed in by the promise of free tokens, will attempt to donate a little ether to cover the cost of exfiltrating the tokens via the public mempool.

However, **the deployer is smarter than they are**.

They're monitoring the mempool for pending donations and will immediately backrun the donation transaction with a transfer to their own address. This allows the attacker to make off with the donation and for the ERC-20s to remain inside the EOA to tempt the next sucka.

## how to exploit the exploiters

This whole attack works because no-one is going to go to the effort of writing a Flashbots transaction bundle to atomically transfer the ether and withdraw the tokens... _right_?

Well, that's where [**no-u-honeypot**](https://github.com/cawfree/no-u-honeypot) comes in.

```shell

git clone git@github.com:cawfree/no-u-honeypot.git

cd no-u-honeypot

cp .env.example .env # add required variables

yarn

yarn eat "alarm fetch churn bridge exercise tape speak race clerk couch crater letter" # take the tokens

```

> btw you might also like [`piggyback`](https://github.com/cawfree/piggyback), a poison erc20 deployer

## license

[**CC0-1.0**](LICENSE)