A "Blockchain bandit" has managed to amass almost 45,000 ether by successfully guessing weak private keys, according to a report released by Independent Security Evaluators on April 23.Adrian Bednarek, a senior security analyst, said he discovered the sophisticated hacker by accident.
While guessing a private key is meant to be a statistical improbability, he managed to uncover 732 private keys through his research - giving him the ability to complete transactions as if he was the account holder.
The report notes that rather than using a brute force search for random private keys, it used a combination of looking for faulty code and faulty random number generators.
Bednarek then noticed how some of the wallets associated with the private keys found with their suboptimal methods had high volumes of transactions going to a single address, with no money coming back out.
"There was a guy who had an address who was going around and siphoning money from some of the keys we had access to. We found 735 private keys, he happened to take money from 12 of those keys we also had access to. It's statistically improbable he would guess those keys by chance, so he was probably doing the same thing [] he was basically stealing funds as soon as they came into people's wallets."
At the time of writing, the funds would be valued at approximately $7.8 million.
According to Bednarek, the private keys may have been vulnerable because of coding errors in the software responsible for generating them.
Another theory is that crypto owners who obtain private keys through passphrases are generating identical ones by using weak entries such as "Abc123," or even leaving their passphrases blank.
Although the identity of the blockchain bandit is unknown, Bednarek has suggested that a state actor such as North Korea could be behind the thefts.
In March, a U.N. Security Council report claimed that the isolated state had amassed $670 million in fiat and cryptocurrencies through hacking attacks as it tries to circumvent punishing economic sanctions.
'Blockchain Bandit' Has Stolen 45,000 ETH by Guessing Weak Private Keys, Report Claims
gepubliceerd op Apr 23, 2019
by Cointele | gepubliceerd op Coinage
Coinage
Vermeld in dit artikel
Recent nieuws
Alles zien
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.