A report released by Independent Security Evaluators shows that there has been one individual who has been guessing private keys linked to Ethereum – and amassing millions in the process.
The investigation began when Senior Security Analyst and Project Lead Adrian Bednarek started searching for private keys that might have had the value of 1. He discovered that was a wallet with this private key, and proceeded to check if similarly simple and unsecure private keys might exist. They did, and he noticed that the associated funds had been emptied.
That led him and his firm to write a program that checked billions of accounts and discovered that there were a large number of unsecure .
Even more interestingly, Independently Security Evaluators discovered that there was one individual – a “blockchain bandit” – who had stolen 50,000 Ether by using the same technique. Bednarek says,
There was a guy who had an address who was going around and siphoning money from some of the keys we had access to. We found 735 private keys, he happened to take money from 12 of those keys we also had access to. It’s statistically improbable he would guess those keys by chance, so he was probably doing the same thing […] he was basically stealing funds as soon as they came into people’s wallets.
Bednarek also describes that the act was very organized and calculated,
He was doing the same things we were doing, but he went above and beyond. Whoever this guy or these guys are, they’re spending a lot of computing time sniffing for new wallets, watching every transaction, and seeing if they have the key to them.
The team transferred small amounts of Ethereum to these compromised private keys, and discovered that the funds were immediately being transferred to another account.
Don’t you feel bad for him? You have a thief here that amassed this fortune and then lost it all when the market crashed.
The full report can be viewed here.