Protect Your Project Today
Strengthen your project with the largest web3 security provider.
A CertiK security expert will review your request and follow up shortly.

unshETH Private Key Slip: $375,000 Loss from a Github Post

Reports ·Incident Analysis ·
unshETH Private Key Slip: $375,000 Loss from a Github Post

Project name: unshETH

Project type: Staking

Date of exploit: June 1, 2023

Asset loss: $375,000

Vulnerability: Private key leak

Date of audit report publishing: 03/23/2023

Conclusion: Out of audit scope

Details of the Exploit

Background

unshiETH is a staking platform that allows users to stake ETH and earn yield and swap fees. The exploited contract unshiETH Farm contains users’ unshiETH for farming.

Nature of the Vulnerability

The attacker compromised the private key of the unshiETH, which allows the attacker to withdraw the asset from the protocol.

CertiK Audit Overview

Screenshot 2024-01-08 at 5.10.33 AM

Screenshot 2024-01-08 at 5.11.16 AM

Conclusion

On Jun 01, 2023, the staking platform unshETH was attacked, leading to a loss of around $375,000. According to the unshETH team, they mistakenly leaked their private key to Github, which allows users to withdraw unshETH from the contract. It was due to a human error of the private key management, which should be out of the audit scope.

Reference

Other Resources:

Related Blogs

Skynet Wrench Attacks Report
Reports ·Security Reports

Skynet Wrench Attacks Report

In 2025, wrench attacks unfortunately crossed a critical threshold. What was once treated as an edge-case risk has become a structural threat to digital asset ownership. Attackers are no longer acting opportunistically; they are operating as organized, transnational groups that combine OSINT-driven targeting, social engineering, and extreme physical violence to extract private keys.

Hack3d: The Web3 Security Report 2025
Reports ·Security Reports

Hack3d: The Web3 Security Report 2025

Welcome to the 2025 Skynet Hack3D Report! This report offers deep dives into the exploits, vulnerabilities, and trends that define blockchain and smart contract security. They’re an invaluable resource for anyone seeking to understand the current landscape of Web3 security. Each report contains detailed incident analyses, technical insights, and the most comprehensive statistics on hacks, scams, and exploits in the entire Web3 industry.

Introducing Aleo: A Premier Platform for Private Blockchain Applications
Technical Blogs ·Educational

Introducing Aleo: A Premier Platform for Private Blockchain Applications

Aleo Systems has created a Layer 1 blockchain named Aleo with a focus on privacy achieved through the use of zero-knowledge proofs (ZKPs) and other cryptographic methods. Unlike most popular blockchains where data used and created by transactions can be viewed by an external observer, Aleo provides the ability to hide such information.