Yet another breach in the crypto market that has gotten everyone to sit up and take notice. An alleged “blockchain bandit” has reportedly stolen 45,000 ether (ETH) by correctly figuring out the weak private keys of certain users.
In a report released by Independent Security Evaluators on April 23, it has been reported that this hacker had used a combination of looking for faulty code and faulty random number generators, to generate the weak private keys of users.
The “bandit” was discovered by Adrian Bednarek, a senior security analyst, by accident. What’s shocking about this incident is the fact that discovering a private key arbitrarily is supposedly a statistical improbability. Despite that, this sophisticated hacker managed to correctly guess 732 private keys through his research. He was thus able to exercise full control over those accounts.
“There was a guy who had an address who was going around and siphoning money from some of the keys we had access to. We found 735 private keys, he happened to take money from 12 of those keys we also had access to. It’s statistically improbable he would guess those keys by chance, so he was probably doing the same thing […] he was basically stealing funds as soon as they came into people’s wallets.”
By discovering this unusual flow of money into a single account, Bednarek was able to discover this crime happening. At the time writing, the funds would be valued at approximately $7.8 million, however if the market had witnessed ETH at its peak, then the haul would have been well worth over $50 million.
The identity of the “blockchain bandit” has remained undisclosed as of yet. However, Bednarek has suggested that it could be a North Korean State Actor. This wouldn’t be surprising considering that North Korea Is Behind Most Cryptocurrency Hacks, says Kaspersky Lab.