Blockchain Bandit managed to collect almost 45,000 Ethereum (ETH) coins, successfully guessing weak security keys, according to a report published by Independent Security Evaluators on April 23.
Adrian Bednarek, a senior security analyst, said he accidentally discovered a sophisticated hacker. Assuming that the private key should be statistically improbable, he managed to unlock 732 private keys using his research, which enabled him to make transactions as if he were the account holder.
The report notes that instead of using random search for random private keys, he used a combination of finding a faulty code and random number generators.
Then Bednarek noticed that some of the wallets associated with the private keys found using their non-optimal methods had large volumes of transactions sent to the same address without a refund.
“We found 735 private keys, he took money from 12 of those keys, to which we also had access. It is statistically unlikely that he guessed these keys by accident, so he probably stole money as soon as they came into people's wallets. ”
It is believed that at the peak of the value of Ethereum, the catch of the bandit would have cost more than $ 50 million . At the time of this writing, the funds were estimated at about $ 7.8 million. United States .
According to Bednarek, private keys could be vulnerable due to coding errors in the software responsible for generating them. Another theory is that cryptocurrency owners, who obtain private keys through passphrases, generate identical ones using weak entries, such as “abc123”, or even leaving their passwords empty.
Although the identity of the gangster in the blockchain is unknown, Bednarek suggested that a statesman from a country like North Korea might be hiding behind the thefts. In March, a US Security Council report claimed that an isolated state accumulated $ 670 million in fiat and digital currencies using hacker attacks as it tries to circumvent the penalty for economic sanctions.