An unknown thief, dubbed as the “Blockchain Bandit’’, has managed to guess his way through weak private keys, walking away with close to 45,000 Ethereum (ETH) coins. According to a news site the hacker was accidentally discovered by Adrian Bednarek, a senior security analyst working with Independent Security Evaluators.
It was during a research that Adrian found out that some wallets linked with the private keys were experiencing high volumes to one address and no funds were coming out at all. Adrian believes that the hacker was siphoning the crypto coins as soon as they got into the hacked wallets.
In as much as it is very unlikely for one to successfully guess a private key, the Blockchain Bandit managed to unlock 732 private keys which allowed him to make transactions as though he was the real account holder. Out of the 732 private keys, 12 keys were associated with accounts that the Independent Security Evaluators had access to. According to Adrian’s statement;
“There was a guy who had an address who was going around and siphoning money from some of the keys we had access to. We found 735 private keys, he happened to take money from 12 of those keys we also had access to. It’s statistically improbable he would guess those keys by chance, so he was probably doing the same thing […] he was basically stealing funds as soon as they came into people’s wallets.”
Weak Private Keys?
According to Adrian, one of the reasons that could make a private key vulnerable is the presence of coding errors used to them. Apparently, crypto investors who obtain private keys through passphrases, generate similar keys leaving their passwords empty or even using weak entities like ‘abc123’.
Common Crypto Scams
Usually scammers use brute force or phishing schemes to gain private keys but there are other common crypto scams users need to be aware of. They include;
- Fraudulent/fake Initial Coin Offerings (ICOs)
- Fake android wallets
- Social media scams
- Impersonating a crypto exchange website
- Phone porting to obtain information from crypto owners
Sending fake emails to obtain information from investors