Skip to content
Home » Blog » A Guide to Ethereum Sweeper Bots

A Guide to Ethereum Sweeper Bots

Ethereum Sweeper Bots

Private keys are the most valuable tool for anyone holding crypto assets. They are, after all, what gives you full access to your coins and tokens on the blockchain. Knowing this, scammers have devised ways to get their hands on users’ private keys, which has, at times, allowed them to steal millions of dollars.

One of these is the sweeper bot. This tool can do exactly as its name suggests; sweep an Ethereum wallet – or other blockchain wallet, such as bitcoin – clean of its assets.  

What Is a Crypto Sweeper Bot?

A sweeper bot is an automated bit of code, or script, that is assigned to a blockchain address and configured to perform certain actions, like automatically transferring coins and tokens to another address. 

Sweeper bots are not inherently bad as there are traders and investors who leverage them to automate transfers between wallets. 

However, in the hands of the wrong person, this feature can be exploited with malicious intent. In such cases, hackers use sweeper bots to steal coins and tokens as soon as they are transferred to the compromised address.  

How Sweeper Bot Attacks Work

Sweeper bots work in two ways:

  • The bot scans the blockchain for incoming transactions. When it detects one, it quickly creates a new outgoing transaction to the hacker’s wallet. 
  • The bot constantly checks your address balance and once it sees a value, it moves it to a new address. 

Some bots only sweep assets over a specific USD value. This makes it difficult to know if you have a sweeper bot attached to your account. 

Sometimes, there aren’t enough gas fees to pay for the transaction. In this case, some sweeper bots will add ETH to your wallet to pay the gas fees, while other bots will wait for you to deposit ETH before immediately sweeping your address. This is common if you are moving a token, NFT, or unstaking an asset.

How Do They Get You?

Anyone transferring assets from a particular wallet address needs to have its private key. This key acts as proof of ownership of the coins and tokens, and thus, is used to sign transactions. 

So, for you to fall victim to a crypto sweeper bot attack, the hacker must first get their hands on your private key or seed phrase. They then use the key to configure the sweeper bot, which gives it the ability to sign transactions, and thus, automatically transfer assets from your wallet to another address. 

There are a couple of techniques that hackers use to steal private keys. The most common of these is a phishing attack, where the scammer poses as a legitimate platform (like a crypto exchange or wallet provider) to convince the victim to give them their private key.

Hackers also use malware installed on the victim’s computer or mobile device to covertly steal private keys and other sensitive information.     

What to Do When Targeted By a Sweeper Bot

What to do if you are targeted by a sweeper bot

If your wallet has been compromised by a sweeper bot, you should stop using it immediately and switch to a new wallet; one whose private keys are safe. But in some situations, you can’t just ditch the wallet. You have to find a way to defeat the sweeper bot. 

One of these is if you have recurring payments to a compromised address but are not allowed to change it for some reason. In this case, you’ll have to beat the sweeper bot and move the assets to an uncompromised address as soon as they arrive. 

Another scenario is if the compromised address has assets that the bot hasn’t noticed. This is a difficult situation because you can never add ETH to your account without the bot stealing it. So, you can never get enough ETH to pay for gas to move your assets to an uncompromised address. 

Last but not least is if you staked assets and need to unstake them. Note that you can only unstake assets with the blockchain address with which you staked them. If this address has been compromised, it becomes difficult to unstake your assets. 

This is because you can’t add enough ETH to pay the gas fees required to unstake your assets. And even if you manage to do that, the bot will steal your coins/tokens as soon as you unstake them.

So, what do you do to defeat a sweeper bot? 

How to Defeat a Sweeper Bot

You, a human, cannot initiate a transaction faster than a script. Only another script can do that. So, defeating a sweeper bot needs another bot in the fight. 

Configuring such a bot requires a good amount of technical skills. Most people lack this, which is why they have an expert like Professional Crypto Recovery (PCR) do it for them.

The Process

First, you’ll need to make a list of all the assets you want to rescue from your compromised address. It should be ordered from the most valuable to the least valuable. This list gives PCR the order in which to make transactions.

From here, we set up our own sweeper bot that automatically transfers any ETH added to your compromised address to a new uncompromised one.  

After we set up the sweeper bot, there are other techniques that can be used to defeat it. These are:

  • Flashbots/searcher-sponsored bundled transaction: These allow for multiple transactions to get submitted in one bundle while the gas fees are paid from a totally different account. That way, you can unstake and transfer your assets to an uncompromised address in one bundle.    
  • Self-destructing Smart Contract: It is used to sneak ETH into the address without the bot noticing. The new ETH will be used to pay gas fees for an outgoing transaction to an uncompromised address. However, this only works if the bot is monitoring the txpool and ignoring your balance. After this you can broadcast pre-signed transactions from the compromised address using something like TAICHI. 

How to Avoid Sweeper Bot Attacks

The only way to avoid being compromised by a sweeper bot is to safeguard your private key. For one, never share it with anyone, no matter who they claim to be. Keep in mind that no legitimate crypto platform will ever ask for your private keys. So, anyone who does so is likely trying to steal from you. 

Experts also recommend that you use cold wallets. Cold wallets store your private keys offline, which is a more secure place to be as it is safe from hackers.