Skip to content

[SECURITY] Possible leaked wallet credential — please rotate immediately #1

Description

Hello,

This is an automated security alert from a public-data leak monitor.

A potential cryptocurrency private key or wallet seed phrase appears to have
been committed to a public Git repository. If this is your wallet, please:

  1. Move ANY funds out of this wallet IMMEDIATELY using a key you control.
  2. Stop using this key — it must be considered fully compromised.
  3. Rotate any other secrets that may be in the same commit (.env vars, etc).
  4. Force-push history rewrite or delete the repo — note that anyone who
    cloned the repo already has the key.

The leak was found at:

Repository: bubble501/tutorialToken
File path: .env
Line: 1
Commit: 11bac0e7b9a830a9e33348637513055eec5e88a1
Permalink:

MAINNET_PRIVATE_KEY="ae6ae8e5ccbfb04590405997ee2d52d2b330726137b875053c36d94e974d162f"

For dedup tracking: leak fingerprint 94cd15c4292586cd (session-salted, non-reversible).
The leaked secret matches the masked form: 0xae6ae8…REDACTED…162f

Derived addresses (these are public information, no action required from us):
ethereum: 0xf17f52151EbEF6C7334FAD080c5704D77216b732
bitcoin: 19u4bQ45jRNMmULu2Hco3mvxMmQRc6aqxP

Activity status (yes/no per chain, no balance lookup):
ethereum: active
bitcoin: inactive

This notification was sent BEFORE any balance lookup or any other action on the
wallet. The sender has NOT accessed the wallet and DOES NOT possess the key in
any persistent form.

If you did not create this commit, please forward this to your security team
or to the wallet/exchange whose product is in this repo.

This is a one-shot notification. We will not contact you again about this leak.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions