Hacker Managed to Steal Almost 45,000 ETH through Private Key Generation Errors
ISE specialists discovered an unknown hacker who managed to steal almost 45,000 ETH through private key vulnerabilities in the Ethereum blockchain.
Independent Security Evaluators (ISE) senior analyst Adrian Bednarekreported that the hacker was discovered by chance during the research. The company analyzed the possibility of selecting private keys to Ethereum addresses. Obviously, it is not possible to do this in a random way, so the researchers focused on incorrectly generated keys, for example, if there are errors in the software code or random number generator.
Using these methods, analysts were able to pick up 735 private keys. It was subsequently discovered that from some addresses large volumes of transactions were made to one and the same address.
“There was a guy who had an address who was going around and siphoning money from some of the keys we had access to. We found 735 private keys, he happened to take money from 12 of those keys we also had access to. It’s statistically improbable he would guess those keys by chance, so he was probably doing the same thing […] he was basically stealing funds as soon as they came into people’s wallets,” Bednarek said.
To confirm their theory, ISE specialists sent an amount of $1 in ETH for one of these 12 wallets. Despite the fact that the address activity was last observed in July last year, the amount sent was immediately transferred to the intruder’s wallet.
According to rough estimates, the hacker’s catch is about 45,000 ETH, that is, $7.8 million at the current rate.