Hello,
This is an automated security alert from a public-data leak monitor.
A potential cryptocurrency private key or wallet seed phrase appears to have
been committed to a public Git repository. If this is your wallet, please:
- Move ANY funds out of this wallet IMMEDIATELY using a key you control.
- Stop using this key — it must be considered fully compromised.
- Rotate any other secrets that may be in the same commit (.env vars, etc).
- Force-push history rewrite or delete the repo — note that anyone who
cloned the repo already has the key.
The leak was found at:
Repository: HydroProtocol/hydro-scaffold-dex
File path: docker-compose.yaml
Line: 203
Commit: 4b8516436f715cd2109b4222f163ed35b5883e11
Permalink:
|
- BOT_PRIVATE_KEY=0xa6553a3cbade744d6c6f63e557345402abd93e25cd1f1dba8bb0d374de2fcf4f |
For dedup tracking: leak fingerprint 7dd584c06d4d43b3 (session-salted, non-reversible).
The leaked secret matches the masked form: 0xa6553a…REDACTED…cf4f
Derived addresses (these are public information, no action required from us):
ethereum: 0x126aa4Ef50A6e546Aa5ecD1EB83C060fB780891a
bitcoin: 12NW3jca7G53KBEwhMZtRxd2GBoFKVNrMM
Activity status (yes/no per chain, no balance lookup):
ethereum: active
bitcoin: inactive
This notification was sent BEFORE any balance lookup or any other action on the
wallet. The sender has NOT accessed the wallet and DOES NOT possess the key in
any persistent form.
If you did not create this commit, please forward this to your security team
or to the wallet/exchange whose product is in this repo.
This is a one-shot notification. We will not contact you again about this leak.
Hello,
This is an automated security alert from a public-data leak monitor.
A potential cryptocurrency private key or wallet seed phrase appears to have
been committed to a public Git repository. If this is your wallet, please:
cloned the repo already has the key.
The leak was found at:
Repository: HydroProtocol/hydro-scaffold-dex
File path: docker-compose.yaml
Line: 203
Commit: 4b8516436f715cd2109b4222f163ed35b5883e11
Permalink:
hydro-scaffold-dex/docker-compose.yaml
Line 203 in 4c1ea0a
For dedup tracking: leak fingerprint 7dd584c06d4d43b3 (session-salted, non-reversible).
The leaked secret matches the masked form: 0xa6553a…REDACTED…cf4f
Derived addresses (these are public information, no action required from us):
ethereum: 0x126aa4Ef50A6e546Aa5ecD1EB83C060fB780891a
bitcoin: 12NW3jca7G53KBEwhMZtRxd2GBoFKVNrMM
Activity status (yes/no per chain, no balance lookup):
ethereum: active
bitcoin: inactive
This notification was sent BEFORE any balance lookup or any other action on the
wallet. The sender has NOT accessed the wallet and DOES NOT possess the key in
any persistent form.
If you did not create this commit, please forward this to your security team
or to the wallet/exchange whose product is in this repo.
This is a one-shot notification. We will not contact you again about this leak.