Single Ethereum Account Stole $50 Mln Worth of ETH by Correctly Guessing Private Keys

  • Alex Morris
    📰 News

    Are you sure that your private key is secure enough? The latest study shows that it could be easily guessed by ‘Blockchain bandits’


Single Ethereum Account Stole $50 Mln Worth of ETH by Correctly Guessing Private Keys
Contents

A single Ethereum account, dubbed ‘Blockchain bandit’, managed to steal 45,000 ETH (around $50 mln at the time of writing) by guessing the private keys of his victims, Wired reports. In certain cases, it is not that hard to get around a long string of digits.    

👉MUST READ It Would Take Several Seconds to Hack Every Cryptocurrency in the Nearest Future
It Would Take Several Seconds to Hack Every Cryptocurrency in the Nearest Future

The guessing game

The study entitled Ethercombing: Finding Secrets in Popular Places, conducted by security consulting company Independent Security Evaluators (ISE), sheds light on the modus operandi of the above-mentioned Blockchain bandit, who made a fortune because of weak private keys. Normally, one has a snowball's chance in hell of correctly guessing the 78-digit code (1 in 115 quattuorvigintillion), but there are numerous workarounds for bad actors.

In particular, some private keys were cut off due to coding errors or being compromised by malicious software. Some users were also gullible enough to come up with their own keys that were easy to guess. After analyzing 34 billion Ethereum addresses, ISE found 732 private keys, and (you guessed it) all ETH holdings have already been pilfered.

👉MUST READ Hacked Zaif Exchange Is Back, Fully Operational with New Management Team
Hacked Zaif Exchange Is Back, Fully Operational with New Management Team

Is North Korea behind it?

The researchers would methodically send a dollar worth of ETH to ‘weak’ addresses to check how fast they would be stolen. ISE points out that there are multiple competing ‘Blockchain bandits’ who strive to snatch new deposits first. However, the fact that these transactions are conducted ‘within milliseconds’ proves that it could be automated bots who are operated by a single actor.

They do not rule out that it could be North Korea since the country relies on crypto to maintain its authoritarian regime.

<>

Cover image via u.today
Join our Telegram channel to get news even faster!
👓 Recommended articles