Mass exploit detected: Inactive Ethereum Wallets drained - roughly 261ETH

[Accardo]

This Incident unfolded today, an attacker who targeted dormant Ethereum wallets drained about 261 eth to a single wallet, he had cracked the private keys of about hundreds of low entropy, inactive eth wallets from 2019 downward, then moved the coins through multiple cross-chain protocols like thorchains, uniswap, and Magpie router, to make the process hard to trace.

The Ethereum network is said to be safe, this attacker happened to own a tool that is stronger or capable of decrypting the randomness of private keys generated through early Ethereum wallet tools like pre-2019 brainwallets, browser-based key creation utilities, vanity address generators etc.

These tools are now obsolete and weak to sophisticated cracking tools currently owned by attackers in recent times, this is the closest reason to why the attacker had the private keys of all the wallets he drained. Users with dormant wallets are advised to move their funds from vulnerable wallets that enabled generating keys from tools with low entropy, to modern wallets like ledger Nano for proper security on the network.


https://startupfortune.com/hundreds-of-dormant-ethereum-wallets-were-drained-and-the-attack-pattern-points-to-something-more-troubling-than-a-typical-exploit/


Image source

[asriloni]

It's hard to predict what the main causes of it. There are so many assumptions, but all of reasons are possible to happen. It makes sense to think the early wallet generators were not random enough. However, who knows the wallet owners used infected tools that leaked his sensitive key.

Other than that i remember during the old days, wallet generators are storing the walet key related data on the server. So it's also possible for the data in the server got leaked, then it's hacked.

Beside that this is a reminder for people to always check their money on their wallet regularly. If they are thinking their money ain't safe enough, they have move it to the safer place.

[Accardo]

Other than that i remember during the old days, wallet generators are storing the walet key related data on the server. So it's also possible for the data in the server got leaked, then it's hacked.

Another angle is the server breach or leak from lasspass, sniping bots, or copytrading bots on telegram or other platforms that ask for private keys to trade for users, the attacker must have attained a certain level of leaked data from these servers and is cracking down on the victim's funds using those keys.

[noorman0]

What makes this suspicion point to exploitation? This tweet was posted just hours ago, and so far, no one has claimed any of the owners of these addresses have lost their assets. If this involves hundreds of addresses, it's unlikely that any of them haven't been monitoring their dormant wallets.

Anyway, let's wait and see.

[JeromeTash]

Probably not an Ethereum network problem but rather something to do with how the owners of the addresses generated their wallets or keep their seed phrases and private keys. I don't think this is random
The hacker is likely to have landed on an old compromised machine that was used to store the seeds or even landed on seed phrases that can unlock multiple addresses that have some ETH in them.

[Accardo]

What makes this suspicion point to exploitation? This tweet was posted just hours ago, and so far, no one has claimed any of the owners of these addresses have lost their assets. If this involves hundreds of addresses, it's unlikely that any of them haven't been monitoring their dormant wallets.

Anyway, let's wait and see.

This user on X confirmed losing his coins to the scammer's address, I predict that most of the dormant exploited addresses have been forgotten by their owners or they hardly check up on the coin, only a handful of wallets were active in the last few months, or years, the rest was dated back to 7+ years of no activity, also the value of eth was quite small during those years, the scammer came in when those coins has gotten to a significant amount of dollars then moved them away, also you don't expect all the victims to be active users on X.

[TastyChillySauce00]

What makes this suspicion point to exploitation? This tweet was posted just hours ago, and so far, no one has claimed any of the owners of these addresses have lost their assets. If this involves hundreds of addresses, it's unlikely that any of them haven't been monitoring their dormant wallets.

Anyway, let's wait and see.

This user on X confirmed losing his coins to the scammer's address, I predict that most of the dormant exploited addresses have been forgotten by their owners or they hardly check up on the coin, only a handful of wallets were active in the last few months, or years, the rest was dated back to 7+ years of no activity, also the value of eth was quite small during those years, the scammer came in when those coins has gotten to a significant amount of dollars then moved them away, also you don't expect all the victims to be active users on X.

It is possible that since the value of eth was quite small during those years and the scammer hardcoded the ETH value not in USD the drainer didn't get triggered and right now the scammer is doing it manually.
I don't really buy the speculation about eth addresses getting cracked, if anything it's privkey leak and it happens a lot when entire infra wasn't as solid as today.

[justdimin]

he had cracked the private keys of about hundreds of low entropy, inactive eth wallets from 2019 downward, then moved the coins through multiple cross-chain protocols

Hacked private keys? Are we sure about this? I am pretty sure that with the protection that we have today, I would be 100% sure that they have not cracked private keys, there has to be something that is helpful for them. Like if you need 12 phrases and have 10 of them ready, then yeah, or if you have all 12 and you need to just order them then yeah, but to just break the entire private key? Absolutely not, that did not happen, and these claims are false. Anyone who knows how these are protected, you can't brute hack into this.

Low entropy and also inactive, right? These are really contradicting or just a coincident. Seems like a usual hacking of a long term holders' wallet. Hacking low entropy keys are possible means, then our bitcoins also in danger. If hacking private keys are possible means, we may see similar hacking in other altcoins as well.

[dansus021]

Hows is that even possible, as far that I know brute force private key need lot amount of power and take times, Brute force specific address also need time and near impossible because lot of possibilty. https://etherscan.io/tx/0xba1b4093b8e0b820a778762cf18caab608e2870cded14b63bdad5454d50d6aac this the last tx he send into Thorchain and steal 324 ETH or the equivalent of 700K usd is not a million but money is money.

and if this real happen because simply old address ethereum foundatin should know about this and tell everyone. Usually address like ETH got hacked because he approved malicious contract and boom the money is gone.

[Conqueror777]

It's hard to predict what the main causes of it. There are so many assumptions, but all of reasons are possible to happen. It makes sense to think the early wallet generators were not random enough. However, who knows the wallet owners used infected tools that leaked his sensitive key.

Other than that i remember during the old days, wallet generators are storing the walet key related data on the server. So it's also possible for the data in the server got leaked, then it's hacked.

Beside that this is a reminder for people to always check their money on their wallet regularly. If they are thinking their money ain't safe enough, they have move it to the safer place.

What is safer than keeping you ETH on your own hardware wallet? Do you mean that older wallets are prone to attacks? I'm confused so sorry if I'm asking stupid questions.

[o48o]

protocols in a pattern suggesting private key compromise rather than a smart contract exploit.

I am pretty sure that it's more of finding system vulnerabilities with a virus, and swiping all existing privatekeys, then "hacking private key".

I have a theory though.

Windows 10 just ended their free updates, and there are probably already unpatched win 10 systems around that still contains privatekey data in some form.

I was waiting that there could be mass hacks, because even though i think that majority of bigger holders are tech-savvy and careful, they tend to get hacked from time to time. And finding new exploits for old windows 10 systems means that they can just mass attack every system that's online, and there are bound to be quite few new victims that will never know what hit them.

[nelson4lov]

These are some of the early indications of what we might see in the near future if most blockchains and the wallets on those chains don't build quantum resistant cryptography. Well, it's one thing for a blockchain to be updated, it's another thing for the users to complete the migration. If those accounts that got drained moved the funds to newer wallets, it wouldn't have been drained. I think it might also be the case that those account owners are no more and the hackers were recovering what was otherwise considered to be lost.

[JeffBrad12]

Hows is that even possible, as far that I know brute force private key need lot amount of power and take times, Brute force specific address also need time and near impossible because lot of possibilty. https://etherscan.io/tx/0xba1b4093b8e0b820a778762cf18caab608e2870cded14b63bdad5454d50d6aac this the last tx he send into Thorchain and steal 324 ETH or the equivalent of 700K usd is not a million but money is money.

and if this real happen because simply old address ethereum foundatin should know about this and tell everyone. Usually address like ETH got hacked because he approved malicious contract and boom the money is gone.

Logically speaking if the wallet key was brute forced, there's no stopping the hacker from bruteforcing addresses that hold higher amount of ETH. But the hacker is only targeting some random addresses with low amount of ETH, speaks a lot about how the attack was done, definitely ain't brute forcing.

[SirLancelot]

This must be done via some sort of key generator type of thing that people used. Let me put it this way, if he was capable of hacking "all" wallets done before a certain time, he would have taken billions of dollars, and I mean billions, not even like a couple billion, I mean he would be one of the richest people in the world, but he did not.

Reason is that the wallets had to be old, and also using certain tool to eb created, and that's how he got them, and those are very limited, that is why he stole just a certain amount. This is still bad of course, but it's not something to worry about, no t in general at least, if you do not have a dormant account that is from all the way back, then you have nothing to worry about.