On April 23, a report issued by analyst firm Independent Security Evaluators stated that a “blockchain robber” successfully stole nearly 45,000 ETHs by successfully guessing a weaker private key.
Image source: unsplash
- Explore: How DeFi Improves the Traditional Financial System
- The bitcoin demand curve has been “significantly rising”: 2.2 times a year
- Pushing the IEO platform and expanding the scale of the currency, why is the conservative Coinbase “flying itself”?
- Blockchain games out of bugs, hard forks to protect user rights?
- Wuzhen·OKEx Xu Kun: System performance, security, asset quality and risk control are the four core competitiveness of the exchange
- Research report | Breaking the charity problem, blockchain is a good tool for good governance
Senior security analyst Adrian Bednarek said he had accidentally discovered the sophisticated hacker. While guessing that the private key is statistically impossible, the hacker discovered 732 private keys through research that allowed him to use the private keys to complete transactions just like the account holder.
The report pointed out that the hacker did not use brute force search for random private keys, but instead used a combination of lookup error codes and error random number generators.
Bednarek then noticed that some wallets were associated with the private keys found by their sub-optimal methods, and that they had a large number of transactions flowing to an address, but no funds came back. Bednarek said:
"There is a guy who has an address and steals money from some of the private keys we can access. We found 735 private keys, and he happened to take the money out of the 12 private keys we could get. From statistics On the upside, he is unlikely to happen to guess the private keys, so he is likely to do the same thing… basically, as soon as the money enters the people's wallet, he starts stealing money."
At the Ethereum's new high, the robber's spoils are estimated to be worth more than $50 million. At the time of writing this report, the value of these funds was approximately $7.8 million.
According to Bednarek, the private key may be vulnerable to attacks due to coding errors in the software responsible for generating the private key. Another theory is that a password owner who obtains a private key through a passphrase uses a fragile entry such as "abc123" and even leaves the passphrase blank, thereby generating the same key.
Although the identity of the blockchain robber is unclear, Bednarek said that countries such as North Korea may be behind the theft. In March of this year, a report by the UN Security Council said that North Korea accumulated 670 million US dollars of legal and cryptocurrencies through hacking to avoid punitive economic sanctions.