How Crypto Investor Stupidity Helped One Hacker Swipe $7 Million

By CCN: Years ago, a thief had a simple idea: figure out a way to guess Ethereum private keys and write software to sweep the crypto funds from the blockchain. Guessing the 72-character private key is no small feat – your odds are about 1 in 115 quattuorvigintillion. No, we didn’t make that number up.

The researchers told Wired that trying to do this without the help of high-powered computers would be like:

“[…] Choosing a grain of sand on a beach, and later asking a friend to find that same grain among a ‘billion gazillion’ beaches.”

The Fatal Flaw of Crypto ‘Brain Wallets’

The idea has blossomed into an incredibly successful business model, which capitalizes on malformed private keys and poor wallet development.

Wired reports on security researchers who uncovered this phenomenon and even proved the concept by sending funds to one of the wallets they suspected had been swept – within minutes the Ether disappeared to the address they believed was home to all the stolen cryptocurrency.

crypto wallet hack meme

Swiper the Sneaky Fox would be so proud. Meme generated by author.

Most standard implementations of Ethereum wallets are immune to this problem. If a private key is generated correctly, it’s far less susceptible to guessing than if it is truncated by a character or two or worse, manually chosen by a person. A private key of all 0s or that sums up as 1 is the type of private keys that this sneaky fox is snatching.

In case our reader is new to blockchain technology, let’s briefly explain the nature of a private key. In private/public key cryptography, which all cryptocurrency is based on, ownership of the private key gives you access to anything associated with the public key – funds received or controlled by a Bitcoin or Ethereum address, for example. Bitcoin wallets are composed of multiple private keys, each corresponding to a public address, while the Ethereum system uses a single “account” architecture. A single private key in Ethereum will control all of that account’s Ether as well as its tokens. If someone compromises the private key, they can import the funds and then sweep them to somewhere else.

Tracking the Stolen Ethereum Funds

Wired doesn’t report which address keeps swiping, but says it has gained 45,000 Ether over the years. At the present time, that puts them in the top 400 Ether holders, which Etherscan tracks. So we had a look, and only a few addresses in the range of 44-46,000 have had a ton of transactions.

We think this one – 0x957cd4ff9b3894fc78b5134a8dc72b032ffbc464 – is the most likely account being referenced. Currently, it contains over $7 million in Ether and over $50,000 in other tokens. It’s had over 5,000 transactions, and a great many of these have been incredibly small. The script is indiscriminate – if any amount of Ether is moved into an address it has compromised, it swipes it immediately. As you can see if you visit Etherscan, it’s received dozens of nearly worthless transactions, the sum of which begins to add up.

As the Wired article points out, it’s no easy task to start guessing the identity of the criminal. However, it’s interesting to note that they seem to be hoarding Ethereum. There are less than 100 outgoing transactions, most of which happened a couple of years ago. It seems when the EOS token left Ethereum and became a reality, they redeemed the EOS the account held. It would be interesting to check the status of this account the next time the Ethereum price pushes toward $1,000.

All of which assumes this is the account that the Wired article speaks of, but it makes for a pretty good candidate. Here are the alternative options:

ethereum crypto wallet

Addresses on the Ethereum blockchain which contain around 45,000 Ether. As you can see, few have “thousands” of transactions.

As you can see, most of the accounts in this range have far fewer transactions. The only other one with “thousands” of transactions belongs to an exchange.

Who did this, and hasn’t cashed anything out in years? Was it a rogue developer who wanted to discourage use of bad private keys, or highlight the insecurity of certain Ethereum wallets? Is it a state actor, as Wired suggests? It’s anyone’s guess at this point.



About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Crypto Scams

Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
April 23, 2022
Prove
Joon Pak Head of Crypto at Prove talks to Us about Crypto Fraud And More
April 11, 2022
Mintable
Mintable CEO Zach Burks Talks to Us about the Opensea Stolen NFTs and Their Recovery
March 21, 2022
Crypto Crime
Crypto Crime Surges To Record Highs As Thieves Follow Market Buzz – Chainalysis 2022 Report
February 24, 2022
Bots Circumvent 2FA Login At Coinbase And Other Crypto Exchanges In 2022
Bots Have Circumvented 2FA Logins At Coinbase And Other Crypto Exchanges In 2022
February 17, 2022

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

Russia
Roundtable Interview-What is the Effect of The Russia-Ukraine War on Cryptocurrency Prices?
March 4, 2022
GamStop
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
Cryptocurrency
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
Ethereum
The Unconventional Guide to Ethereum
October 28, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin28,876 0.17 % 2.29 % 4.96 %
Ethereum1,752.1 0.42 % 4.06 % 13.43 %
Tether1.001 0.05 % 0.00 % 0.02 %
USD Coin0.9989 0.16 % 0.08 % 0.04 %
BNB303.51 0.32 % 2.61 % 1.34 %
XRP0.3869 0.13 % 2.78 % 8.24 %
Binance USD1.002 0.02 % 0.00 % 0.15 %
Cardano0.9566 0.22 % 0.68 % 6.96 %
Solana41.52 0.55 % 5.70 % 20.65 %
Dogecoin0.08223 0.47 % 4.02 % 5.56 %

bitcoin
Bitcoin (BTC) $ 28,832.00
ethereum
Ethereum (ETH) $ 1,744.66
tether
Tether (USDT) $ 1.00
usd-coin
USD Coin (USDC) $ 1.00
bnb
BNB (BNB) $ 302.61
xrp
XRP (XRP) $ 0.387104
binance-usd
Binance USD (BUSD) $ 1.00
cardano
Cardano (ADA) $ 0.460017
solana
Solana (SOL) $ 41.69
dogecoin
Dogecoin (DOGE) $ 0.082101