Dapp under attack
Hello everyone, I urgently require your assistance. We've been developing a web3 application and have been utilizing a Railway server to store our private keys within the environment variables. We now need to investigate if our server has been compromised, as it's the sole location where we've stored our private key.
Solution:Jump to solution
I will say, the likeihood that someone got into your Railway account is incredibly low. It is much more likely that you leaked the creds some other way
10 Replies
Project ID:
N/AN/A
If you've just used your private keys in environment variables through Railway's UI, they cannot have been leaked
can we investigate did anyone logged in on our railway?
You should have two factor authentication on your Railway account
Railway cannot provide logs for account logins
the only information about logins would be here https://railway.app/account/security
thanks
but this information are only for my personal access
is there any way I can check is there any other account that has the access?
the page shows you every device that's logged into your account
Solution
I will say, the likeihood that someone got into your Railway account is incredibly low. It is much more likely that you leaked the creds some other way
Uploading creds to a public Github repo is the most common mistake people make