On April 23, a report issued by analyst firm Independent Security Evaluators stated that a “blockchain robber” successfully stole nearly 45,000 ETHs by successfully guessing a weaker private key.
Image source: unsplash
- Babbitt weekly election 丨 Beijing takes the lead in piloting the "fintech supervision sandbox"; Europe and the United States appear to have divergent views on central bank digital currencies
- Suspected fraud or trading volume is zero? Inventory the reasons why the year's encryption project disappeared
- Cheung Kong Graduate School of Business Industry Observations Digital Currency: Where do you come from and where do you go?
- Ruibo completed strategic investment in the new smart contract platform, and the XRP ecosystem became more perfect.
- Featured | Read the Ethereum community new favorite MarketingDAO
- Lawyer's point of view | Analysis of the regulatory environment behind the investigation of the currency exchange
Senior security analyst Adrian Bednarek said he had accidentally discovered the sophisticated hacker. While guessing that the private key is statistically impossible, the hacker discovered 732 private keys through research that allowed him to use the private keys to complete transactions just like the account holder.
The report pointed out that the hacker did not use brute force search for random private keys, but instead used a combination of lookup error codes and error random number generators.
Bednarek then noticed that some wallets were associated with the private keys found by their sub-optimal methods, and that they had a large number of transactions flowing to an address, but no funds came back. Bednarek said:
"There is a guy who has an address and steals money from some of the private keys we can access. We found 735 private keys, and he happened to take the money out of the 12 private keys we could get. From statistics On the upside, he is unlikely to happen to guess the private keys, so he is likely to do the same thing… basically, as soon as the money enters the people's wallet, he starts stealing money."
At the Ethereum's new high, the robber's spoils are estimated to be worth more than $50 million. At the time of writing this report, the value of these funds was approximately $7.8 million.
According to Bednarek, the private key may be vulnerable to attacks due to coding errors in the software responsible for generating the private key. Another theory is that a password owner who obtains a private key through a passphrase uses a fragile entry such as "abc123" and even leaves the passphrase blank, thereby generating the same key.
Although the identity of the blockchain robber is unclear, Bednarek said that countries such as North Korea may be behind the theft. In March of this year, a report by the UN Security Council said that North Korea accumulated 670 million US dollars of legal and cryptocurrencies through hacking to avoid punitive economic sanctions.