The Hackers Who Tracked My Sleep Cycle

Summary

For a few nights in a row, I woke up to alerts about a huge spike in sign-ups. By the time I started troubleshooting, the activity had stopped. I activated CAPTCHA and moved on.When the pattern repeated yet again, I decided to do a deep dive into the data.The schemeWhat I found was that the hackers were...creating thousands of accountsadding a valid payment method to each accountrunning a single very expensive LLM call (2-3 USD)This would let the first request go through, then trigger a charge to their payment method. The payment method gets rejected, but the request has already been processed. Using this method, they would get away with about a thousand dollars' worth of credits every night, which kept them interested in the service.The timingBut what caught my attention wasn't the money – it was the timing. The attacks coincided with my sleep cycle.Coincidentally, that day I decided to take a break and disconnect from my computer early. Just 30 minutes after I shut down my computer, I got the first notification.I logged in to check, and it stopped.Went to play some games and ... 30 minutes later, I got the second notification.They were checking my Discord status to see if I was online.Sure enough, I confirmed this by setting myself as offline on Discord, and the attacks popped right back up.The gameI didn't want to remove free credits for everyone, so I decided to mess with the hackers and use them as my personal pen testers.The first thing I tried was requiring proof-of-work on sign-up. I shipped the change, went "offline," and watched the logs. Within an hour, the sign-up attempts resumed – they'd already integrated a solver. So I went back "online," and the attacks paused while I added JA4 fingerprinting. Back "offline." This time it took them most of the night to find a workaround. I'd watch them troubleshoot their automations until they figured out a way around it, then go back "online" and layer on the next thing.I mostly forgot about the entire incident unt...