Hello,
This is an automated security alert from a public-data leak monitor.
A potential cryptocurrency private key or wallet seed phrase appears to have
been committed to a public Git repository. If this is your wallet, please:
- Move ANY funds out of this wallet IMMEDIATELY using a key you control.
- Stop using this key — it must be considered fully compromised.
- Rotate any other secrets that may be in the same commit (.env vars, etc).
- Force-push history rewrite or delete the repo — note that anyone who
cloned the repo already has the key.
The leak was found at:
Repository: renproject/multichain
File path: infra/.env
Line: 58
Commit: 03a63a98d76c1d34e004ca4dffdafa2cfd181805
Permalink:
|
export FANTOM_PK=163f5f0f9a621d72fedd85ffca3d08d131ab4e812181e0d30ffd1c885d20aac7 |
For dedup tracking: leak fingerprint 3c4bad9f27a7de83 (session-salted, non-reversible).
The leaked secret matches the masked form: 0x163f5f…REDACTED…aac7
Derived addresses (these are public information, no action required from us):
ethereum: 0x239fA7623354eC26520dE878B52f13Fe84b06971
bitcoin: 1Bs36sEQtYJoyTSk3kDJE3KaSieKBNQgXv
Activity status (yes/no per chain, no balance lookup):
ethereum: active
bitcoin: inactive
This notification was sent BEFORE any balance lookup or any other action on the
wallet. The sender has NOT accessed the wallet and DOES NOT possess the key in
any persistent form.
If you did not create this commit, please forward this to your security team
or to the wallet/exchange whose product is in this repo.
This is a one-shot notification. We will not contact you again about this leak.
Hello,
This is an automated security alert from a public-data leak monitor.
A potential cryptocurrency private key or wallet seed phrase appears to have
been committed to a public Git repository. If this is your wallet, please:
cloned the repo already has the key.
The leak was found at:
Repository: renproject/multichain
File path: infra/.env
Line: 58
Commit: 03a63a98d76c1d34e004ca4dffdafa2cfd181805
Permalink:
multichain/infra/.env
Line 58 in d2e2ed3
For dedup tracking: leak fingerprint 3c4bad9f27a7de83 (session-salted, non-reversible).
The leaked secret matches the masked form: 0x163f5f…REDACTED…aac7
Derived addresses (these are public information, no action required from us):
ethereum: 0x239fA7623354eC26520dE878B52f13Fe84b06971
bitcoin: 1Bs36sEQtYJoyTSk3kDJE3KaSieKBNQgXv
Activity status (yes/no per chain, no balance lookup):
ethereum: active
bitcoin: inactive
This notification was sent BEFORE any balance lookup or any other action on the
wallet. The sender has NOT accessed the wallet and DOES NOT possess the key in
any persistent form.
If you did not create this commit, please forward this to your security team
or to the wallet/exchange whose product is in this repo.
This is a one-shot notification. We will not contact you again about this leak.