just had my first wallet drained, lost 20k after making old github code public.

made some mistakes:
- the project had an old commit w/ a private key for a wallet i was using on rinkeby
- I unknowingly reused this account in @metamask 1mo ago to trade clankers on base

funds were drained within 10m of making it public

building • prev manifold.xyz, twilio.com

couple things of note:
- i checked the repo before making it public, the private key was in an old commit.
- that commit was from 3y ago (on rinkeby no less), when i created a new account in @metamask, it looked brand new because a) i switched computers and metamask doesn't preserve accounts, b) it had no activity on base/mainnet just deprecated rinkeby.

something to be careful of for devs, please reshare!

impressive speed – transfers started as quick as 10m after making the repository public.

that means they're ingesting public repositories from github, scanning all old commits for keys then testing balances across all networks.