MGC wallet stolen revelation

On June 12th, the digital wallet MGC Token was stolen, and a large number of users reported that their Ethereum, which was stored in the wallet, was missing. According to statistics, these coins were transferred in batches to an address beginning with 0x2B290, with total assets of nearly 3 million yuan.

Since then, the outside world has rumored that the MGC team is running the money. In this regard, the MGC official rumors for the first time, and promised to pay the user's losses in full.

The Honeycomb Financial Survey found that the lost coins of MGC users are only small miners' fees stored in the wallet, and the loss of individual users ranges from ten yuan to several tens of yuan.

• 14 banks, 5 kinds of certificates: Fnality creates a missing link in the inter-bank blockchain system
• Attached "National App", Facebook and Kakao Blockchain Chess
• Science | Xiaobai can understand – Ethereum 2.0 test network

Although the loss of a single user is not much, the incident also reveals a real problem, and the assets that investors store in the MGC wallet are not safe. In the past week, the authorities have never made a convincing answer to the cause of the incident.

“Official staff began to say that the user was bound to a third-party wallet, which led to the theft of assets, but the fact is that I did not bind third-party software such as imToken, fire coin wallet, and Ethereum was also transferred away.” Zhang Hong believes that "the asset was stolen because the official stored the user's private key, and these private keys were stolen by hackers."

Honeycomb Finance and MGC have contacted each other. The other party said that they do not want to be interviewed. They hope to solve the problem and use the facts. "The loopholes have been fixed and the assets will be replenished to users."

However, an unresolved question is why the self-proclaimed "decentralized" MGC wallet will result in the loss of a large number of user private keys and mnemonics? Does it privately store the user's private key? After the wallet is updated, how can we ensure that such incidents no longer occur?

"In fact, to thoroughly discern whether a wallet is decentralized, the best way to save the user's private key is to open source check." Wen Hao, the founder of Bittwall, suggested that users should use cold if they want to store large amounts of digital assets. Stored open source wallet.

Assets stolen, the community is catching up

On June 16th, the MGC official showed the latest compensation progress in the past 4 days from the MGC wallet collective money-losing event. "We will retrieve your assets and synchronize to the new wallet address within 48 hours."

Today, in multiple MGC communities, community administrators are counting money-losing users, including registering phone numbers, lost Ethereum and MGC Tokens, and transfer records.

With the latest news of the official announcement, the rumors surrounding the MGC team have come to an end. However, the user's questioning of the cause of the "6.12" security incident was not suspended due to official compensation.

On June 12th, a message about the theft of the MGC wallet swept a number of speculative coins. A large number of users found that their Ethereum, which was stored in the MGC wallet, was privately transferred. "The stolen Ethereum was originally intended to be used for Token transfers." An MGC wallet user told Honeycomb Finance.

According to feedback from many MGC investors and community users, the lost currency is only a small amount of miners in the MGC wallet, and the loss for a single user ranges from 10 yuan to tens of yuan.

Stolen screenshots provided by MGC investors

Some people in the industry analyzed the Ethereum address that was transferred out and found that the user's assets were being transferred in batches to an ETH address beginning with 0x2B290, and a total of over 40,000 small transfers were completed, with total assets of nearly 3 million yuan.

In the afternoon, many currency media reported that “the MGC team suspected that the money was running.” As soon as the news came out, the price of the token MGC issued by the wallet fell by 70%. According to the Biki exchange data, the opening price of MGC coins was 0.731 US dollars on the day, and the lowest price fell to 0.2 US dollars.

After the incident, the MGC official website responded that the user feedback had a problem of losing money, and they would compensate the loss as soon as possible.

Although the loss of a single user is not large, the official promised to compensate users for losses within 48 hours, but a real problem exposed by this matter is that the assets deposited by investors in the MGC wallet are not safe.

"For me, compensation is not important. Just a dozen dollars. I just want to know where the problem is?" The user named "skin" said, "The official is not running money. The problem is that it can Is it easy to transfer user assets?"

Wallet dealer refused to talk about the reason for losing money

After the security incident of the MGC Token wallet, the official blamed the third-party wallet supplier for the problem of losing money, and asked the user to unbind the third-party wallet. In its announcement, the third-party wallet imToken was named "unfortunately" and considered the application to be vulnerable.

The above statement was quickly countered, and im Token announced that all stolen addresses were Ethereum addresses created using MGC wallets. It advises the user to immediately stop using the generated wallet address in the MGC and remind the user to generate a new wallet address to transfer the assets.

“MGC is a centralized wallet that stores the user's private key. It is not like a decentralized wallet. It is found that the transfer record of the Ethereum address can be inferred that the thief has mastered tens of thousands of beings. The private key of the stolen wallet was illegally stolen by the program, "imToken said.

The announcement of the third-party wallet caused discussion in the MGC community. Investor Zhang Hong believes that the asset is stolen because the MGC stores the user's private key, and these private keys have been stolen by hackers.

He said, "Official staff began to say that the user was bound to a third-party wallet, resulting in theft of assets, but the fact is that I did not bind third-party software such as imToken, fire coin wallet, Ethereum was also transferred away. ""

As for the user's query, as of press time, the MGC official did not respond. In this regard, Honeycomb Finance has contacted MGC through various channels. The other party said that it does not want to be interviewed. It is hoped that after the resolution is resolved, the current loopholes have been fixed.

As of now, MGC has offered $0.72 and has risen by up to 260% in the past five days.

MGC's currency price has been restored to the opening price on June 12, but as a wallet that stores user assets, how does the self-proclaimed "decentralized" MGC cause a large number of user private keys and mnemonics to be lost? Does it privately store the user's private key? After the wallet is updated, how can we ensure that such incidents do not happen again?

MGC currency price experienced a sharp rise in 5 days

The MGC official avoided talking about the core reasons for losing money, and the user's doubts did not stop there.

Some people think that the core code of both the imToken and the MGC wallet is not open source. The two sides say that they are decentralized wallets, and they are not convincing.

"The platform that masters the user's private key is not a wallet."

In the past week, the MGC official has never made a convincing answer to the cause of the incident. The general concern of users is: Even if a hacker attacks a wallet server, how can an attacker transfer user assets if the official does not save the user's private key and mnemonic?

Different from the centralized deposit platform, the decentralized wallet generates the private key and the mnemonic, and provides the mnemonic or private key to the user. Li Chengcai, the head of the market for the operation of the coin wallet, told Honeycomb Finance that these private keys or mnemonics can be directly imported into other decentralized wallets, which is one of the characteristics of the decentralized wallet.

Li Chengcai explained that if such a wallet is not completely decentralized or unprofessional, and the user's private key or mnemonic plaintext is placed in its own server, once the server is hacked, the asset is stolen. The hacker also has a private key or a mnemonic, and has the power to transfer money. "This is similar to a lock. There are two keys. The user holds one and the other is stored on the wallet server. ”

Wen Hao, the founder of Bitwell Wallet, said that if the wallet service provider has mastered the user's private key or puts the private key on the server, it can't be called a wallet. It can only be called a centralized deposit platform. "It is similar to an exchange. ”

For how to identify whether a wallet is decentralized, Wen Hao said that it is necessary to completely discern whether a wallet is decentralized or not. The best way is to open the user's private key. The best way is to open source check. "Because only open source can prove that the private key is 100% user. I have mastered it."

He stressed that if users want to store large amounts of digital assets, his advice is "the best use of cold storage open source wallets."

For the reason that the wallet business is not completely open source, Wen Hao said that it mainly depends on the wallet's own considerations, and the open source closed source is the merchant's own choice.

With the development of the blockchain industry, digital assets are diversified. It is predictable that investors' demand for digital currency wallet applications will exist for a long time. The fact that the wallet merchant has gained user trust does not mean that the risk does not exist. The safety incident of the MGC undoubtedly sounds the alarm for the users of the currency circle.

Interaction time

Do you prefer to put coins in the wallet application or in the exchange?

Text|嚯嚯

Edit |

Source: Public Number: Honeycomb Finance News

We will continue to update Blocking; if you have any questions or suggestions, please contact us!