Weak private keys make hacker 40,000 ETH wealthier, ISE report

Posted 25 April, 2019

The Independent Security Evaluators has released the analysis covering the recent heist of about 45,000 ETH. A hacker managed to steal the funds making use of weak protection of private keys in Ethereum blockchain.

According to the report, the company experts applied the mix of wrong code detection and random data generator rather than a random symbol generation. As commented the senior security analyst at ISE Adrian Bednarek, it was assumed that the combination of private key symbols should be statistically improbable and Bednarek managed to disclose 732 private keys using the above-mentioned method. As a result, he got access to wallets and could make transactions.

At the same time, the hacker called Blockchain Bandit was actually detected accidentally. During the research, the analyst discovered that some wallets connected with disclosed keys recorded huge transactions that were destined to one and the same address. Adrian Bernard supposed that a hacker could use the same mixed method as they did.

Moreover, the ISE team decided to check their concept and send $1 in ETH to one of these wallets. It should be mentioned that the address was active last July, though the coins were transferred to hacker's address immediately.

According to the company's assessment, the Blockchain Bandit probably received about 45,000 ETH ($7.8 million at the current exchange rate).

There are opinions that the vulnerability of the private keys can be connected with coding errors in the software that generates keys. At the same time, another theory covers that crypto holders that receive keys via seed-phrase generate similar or too weak passwords or even refuse to make them at all.

Previous story

25 April, 2019 14:24

← Craig Wright does not plan to leave

On April 23, Craig S. Wright made some bold statements on his blog platform. Among several topics that were covered in the post, Wright begins with offensive statements regarding the delisting of Bitcoin SV at Binance, Kraken and Shapeshift.

 Craig Wright does not plan to leave

Next story

25 April, 2019 11:51

Justin Sun reports about partnership invitation from Liverpool FC →

On Wednesday, Justin Sun, general manager and founder of the Tron cryptocurrency project announced that his company will start cooperation with the famous Liverpool Football Club. However, the Liverpool FС has not confirmed any cooperation.

Justin Sun reports about partnership invitation from Liverpool FC
Write a comment
 
Prove you’re not a bot + 16 = 21