top of page
Token Recovery with Interceptor and Bouquet

This document will help you walk through an asset recovery of an Ethereum account with a compromised private key. You cannot rescue any crypto asset that has been transferred out of your account (and be extremely skeptical of anyone who claims otherwise), but it is possible to move assets that have been left behind by an attacker, even if your account is actively targeted by a "sweeper bot", that continually moves any incoming ETH before you get a chance to use that incoming ETH for gas.

Your goal should be to move these assets to a new and secure address (and make sure the new address is safe! If you lost your original tokens via a virus/malware, newly created accounts will also be vulnerable.)

Previously, defeating a sweeper bot required significant technical skills to develop a rescue program. Now, Dark Florist has released a product called Bouquet that, when combined with The Interceptor (Dark Florist's browser extension), enables users to use the same strategy, but leverages graphical tools and the dApp itself instead of writing and debugging code.

This process only works for Ethereum and does not currently work on other Ethereum-based chains, such as Binance Smart Chain (BSC), Optimism, Arbitrum, etc. This is due to the need for a special simulating endpoint that is not currently available on those chains, as well a lack of a "Flashbots-like" bundle submission endpoint. In the future, it may be possible to work with other networks as those services become available.

Install The Interceptor

The Interceptor is a browser extension for either Chrome or Firefox that can either work alone or in conjunction with Metamask. Performing a compromised private key asset recovery does not require Metamask installed, but having Metamask installed does not affect the process either. Install The Interceptor in either Firefox or Chrome.

1. Go To
2. Download for your current browser (Firefox and Chrome supported)

Screenshot 2023-05-01 at 21.32.50.png

3. Pin to toolbar if necessary

Screenshot 2023-05-01 at 20.55.51.png

Add your address to The Interceptor

In order to rescue assets from an compromised account, compromised keys, you will need to tell The Interceptor your address (but NOT your private key). The Interceptor allows you to operate on any account, whether you have the private key or not, for read-only operations. We will be providing this private key later, in a different step, but we will not be providing the private key to The Interceptor.

1. Click on Interceptor icon to drop down
2. Click Simulating
3. Click Change to add new address to Interceptor

Screenshot 2023-05-01 at 20.58.03.png

4. Click Add New Address

  • What should we call this address? - Compromised or any label to help you identify this account in UI

  • 0x... - Your compromised Ethereum address (Not private key)

  • Click Create and Switch

Make me rich!

One unique feature offered by The Interceptor is the ability to run on a "fork" of Ethereum with extra transactions being simulated, without actually being run on the "real" Ethereum. One of the most useful simulated transactions is "Make me Rich!", a transaction which picks a random whale address on Ethereum and transfers 200,000 ETH to your account, allowing you to perform any transaction you want with that ETH (in simulation). **Since your account has no ETH in it (due to sweeper bot) and you need ETH to run transactions, you will need to simulate giving yourself ETH.** Simply click the "Make me Rich!" check box to simulate adding 200K ETH to your account. To verify this is working, go to Uniswap to verify that your ETH balance (as seen at top right) now reflects having 200K ETH.

Use Ethereum dApp to transfer your asset to safe account

Now that you are running in simulation mode, with 200K ETH at your disposal, use Ethereum as normal, via your browser, to move your tokens to the new, safe address. For instance, if you have an airdrop to claim, go to the airdrop website and click the `Claim` button. If you have a liquidity position to unwrap, go to the dapp and unwrap it. Each transaction you run will add to your "simulation stack", and you can add more than one.


Note: not all Ethereum websites which claim to be "dApps" are compatible with The Interceptor due to being centralized and not actually using Ethereum properly. If the dapp you are working with does not work right in simulation mode, read more about Ethereum dApp Compatibility in The Interceptor

Convert your simulation stack into a Flashbots bundle with Bouquet

Bouquet is a Dark Florist website that allows you to convert the simulation stack you just created (the transactions you have been accumulating above) into a Flashbots bundle that lands on Ethereum in a single block.

1. Go to and click Import Payload From Interceptor

Screenshot 2023-05-01 at 21.12.28.png

2. Enter Private Keys For Signing Accounts

Screenshot 2023-05-01 at 21.42.35.png

3. Deposit To Funding Account

Screenshot 2023-05-01 at 21.42.42.png

4. Confirm

Screenshot 2023-05-01 at 21.56.39.png

Clicking Submit will start the process of attempting to land this bundle on Ethereum. Unlike standard transactions, this will not show up in Etherscan until the bundle is confirmed. During this time, Bouquet will inform you of the bundle's status and provide confirmation when the bundle lands on-chain.

If you run into any issues while following these instructions, reach out to Dark Florist on discord, we would be interested in your feedback on the product, process, and instructions!

bottom of page