Having successfully guessed weakly protected private keys in the Ethereum blockchain, an unknown attacker kidnapped about 45,000 ETH. Wired wrote about this citing a study conducted by the cybersecurity company Independent Security Evaluators (ISE).

Adrian Bednarek, senior security analyst at ISE, a hacker who was nicknamed Blockchain Bendit, was discovered by accident. Assuming that the combination of private key symbols should be statistically improbable, Bednarek, using his own method, was able to unlock 732 keys. Having access to the wallets, he also had the opportunity to make transactions without hindrance.

The ISE report notes that instead of the method of random selection of characters, analysts used a combination of finding a faulty code and random number generators.

In the process, it was noticed that large amounts of money were made from some of the wallets associated with the disclosed private keys. All of them went to the same address, and as Bernadek concluded, a certain hacker used the same combined methods.

“A guy was found who also had these addresses. He was pumping out money from those wallets to which he also had access. We found 735 private keys, he brought out money from 12 of the wallets. It is statistically unlikely that he guessed these keys by accident, so most likely he did the same thing as we did. He stole funds as soon as they entered the victims' wallets, ”said the researcher.

To confirm their theory, ISE specialists sent an amount of $ 1 to ETH for one of these 12 wallets. Despite the fact that the address's activity was last observed in July last year, the sent coins were instantly transferred to the hacker's wallet.

According to rough estimates, the hacker's catch is about 45,000 ETH, or about $ 7.8 million at the current rate.

According to Bednarek, private keys could be vulnerable due to coding errors in the software responsible for generating them. Another theory is that cryptocurrency owners, who receive private keys through seed phrases, generate identical or too weak passwords, and sometimes they simply neglect their creation.

Despite the fact that the identity of the attacker has not yet been established, Bednarek suggests that state-sponsored figures from North Korea may be hiding behind the thefts.

According to the latest report of the US Security Council, North Korea, which is under tough international sanctions, has already accumulated about $ 670 million in cryptocurrencies and fiat due to hacker attacks alone.

Recall that in April, the Center for International Security and Defense Policy of the American Corporation RAND published a report , according to which terrorists increasingly refuse to cryptocurrency, fearing hacker hacking and de-anonymization.

Subscribe to the BlockchainJournal news in Telegram: BlockchainJournal Live – the entire news feed, BlockchainJournal – the most important news and polls.