Mass exploit detected: Inactive Ethereum Wallets drained - roughly 261ETH

[Accardo]

This Incident unfolded today, an attacker who targeted dormant Ethereum wallets drained about 261 eth to a single wallet, he had cracked the private keys of about hundreds of low entropy, inactive eth wallets from 2019 downward, then moved the coins through multiple cross-chain protocols like thorchains, uniswap, and Magpie router, to make the process hard to trace.

The Ethereum network is said to be safe, this attacker happened to own a tool that is stronger or capable of decrypting the randomness of private keys generated through early Ethereum wallet tools like pre-2019 brainwallets, browser-based key creation utilities, vanity address generators etc.

These tools are now obsolete and weak to sophisticated cracking tools currently owned by attackers in recent times, this is the closest reason to why the attacker had the private keys of all the wallets he drained. Users with dormant wallets are advised to move their funds from vulnerable wallets that enabled generating keys from tools with low entropy, to modern wallets like ledger Nano for proper security on the network.


https://startupfortune.com/hundreds-of-dormant-ethereum-wallets-were-drained-and-the-attack-pattern-points-to-something-more-troubling-than-a-typical-exploit/


Image source

[asriloni]

It's hard to predict what the main causes of it. There are so many assumptions, but all of reasons are possible to happen. It makes sense to think the early wallet generators were not random enough. However, who knows the wallet owners used infected tools that leaked his sensitive key.

Other than that i remember during the old days, wallet generators are storing the walet key related data on the server. So it's also possible for the data in the server got leaked, then it's hacked.

Beside that this is a reminder for people to always check their money on their wallet regularly. If they are thinking their money ain't safe enough, they have move it to the safer place.

[Accardo]

Other than that i remember during the old days, wallet generators are storing the walet key related data on the server. So it's also possible for the data in the server got leaked, then it's hacked.

Another angle is the server breach or leak from lasspass, sniping bots, or copytrading bots on telegram or other platforms that ask for private keys to trade for users, the attacker must have attained a certain level of leaked data from these servers and is cracking down on the victim's funds using those keys.

[noorman0]

What makes this suspicion point to exploitation? This tweet was posted just hours ago, and so far, no one has claimed any of the owners of these addresses have lost their assets. If this involves hundreds of addresses, it's unlikely that any of them haven't been monitoring their dormant wallets.

Anyway, let's wait and see.

[JeromeTash]

Probably not an Ethereum network problem but rather something to do with how the owners of the addresses generated their wallets or keep their seed phrases and private keys. I don't think this is random
The hacker is likely to have landed on an old compromised machine that was used to store the seeds or even landed on seed phrases that can unlock multiple addresses that have some ETH in them.

[Accardo]

What makes this suspicion point to exploitation? This tweet was posted just hours ago, and so far, no one has claimed any of the owners of these addresses have lost their assets. If this involves hundreds of addresses, it's unlikely that any of them haven't been monitoring their dormant wallets.

Anyway, let's wait and see.

This user on X confirmed losing his coins to the scammer's address, I predict that most of the dormant exploited addresses have been forgotten by their owners or they hardly check up on the coin, only a handful of wallets were active in the last few months, or years, the rest was dated back to 7+ years of no activity, also the value of eth was quite small during those years, the scammer came in when those coins has gotten to a significant amount of dollars then moved them away, also you don't expect all the victims to be active users on X.

[TastyChillySauce00]

What makes this suspicion point to exploitation? This tweet was posted just hours ago, and so far, no one has claimed any of the owners of these addresses have lost their assets. If this involves hundreds of addresses, it's unlikely that any of them haven't been monitoring their dormant wallets.

Anyway, let's wait and see.

This user on X confirmed losing his coins to the scammer's address, I predict that most of the dormant exploited addresses have been forgotten by their owners or they hardly check up on the coin, only a handful of wallets were active in the last few months, or years, the rest was dated back to 7+ years of no activity, also the value of eth was quite small during those years, the scammer came in when those coins has gotten to a significant amount of dollars then moved them away, also you don't expect all the victims to be active users on X.

It is possible that since the value of eth was quite small during those years and the scammer hardcoded the ETH value not in USD the drainer didn't get triggered and right now the scammer is doing it manually.
I don't really buy the speculation about eth addresses getting cracked, if anything it's privkey leak and it happens a lot when entire infra wasn't as solid as today.

[justdimin]

he had cracked the private keys of about hundreds of low entropy, inactive eth wallets from 2019 downward, then moved the coins through multiple cross-chain protocols

Hacked private keys? Are we sure about this? I am pretty sure that with the protection that we have today, I would be 100% sure that they have not cracked private keys, there has to be something that is helpful for them. Like if you need 12 phrases and have 10 of them ready, then yeah, or if you have all 12 and you need to just order them then yeah, but to just break the entire private key? Absolutely not, that did not happen, and these claims are false. Anyone who knows how these are protected, you can't brute hack into this.

Low entropy and also inactive, right? These are really contradicting or just a coincident. Seems like a usual hacking of a long term holders' wallet. Hacking low entropy keys are possible means, then our bitcoins also in danger. If hacking private keys are possible means, we may see similar hacking in other altcoins as well.

[dansus021]

Hows is that even possible, as far that I know brute force private key need lot amount of power and take times, Brute force specific address also need time and near impossible because lot of possibilty. https://etherscan.io/tx/0xba1b4093b8e0b820a778762cf18caab608e2870cded14b63bdad5454d50d6aac this the last tx he send into Thorchain and steal 324 ETH or the equivalent of 700K usd is not a million but money is money.

and if this real happen because simply old address ethereum foundatin should know about this and tell everyone. Usually address like ETH got hacked because he approved malicious contract and boom the money is gone.

[Conqueror777]

It's hard to predict what the main causes of it. There are so many assumptions, but all of reasons are possible to happen. It makes sense to think the early wallet generators were not random enough. However, who knows the wallet owners used infected tools that leaked his sensitive key.

Other than that i remember during the old days, wallet generators are storing the walet key related data on the server. So it's also possible for the data in the server got leaked, then it's hacked.

Beside that this is a reminder for people to always check their money on their wallet regularly. If they are thinking their money ain't safe enough, they have move it to the safer place.

What is safer than keeping you ETH on your own hardware wallet? Do you mean that older wallets are prone to attacks? I'm confused so sorry if I'm asking stupid questions.

[o48o]

protocols in a pattern suggesting private key compromise rather than a smart contract exploit.

I am pretty sure that it's more of finding system vulnerabilities with a virus, and swiping all existing privatekeys, then "hacking private key".

I have a theory though.

Windows 10 just ended their free updates, and there are probably already unpatched win 10 systems around that still contains privatekey data in some form.

I was waiting that there could be mass hacks, because even though i think that majority of bigger holders are tech-savvy and careful, they tend to get hacked from time to time. And finding new exploits for old windows 10 systems means that they can just mass attack every system that's online, and there are bound to be quite few new victims that will never know what hit them.

[nelson4lov]

These are some of the early indications of what we might see in the near future if most blockchains and the wallets on those chains don't build quantum resistant cryptography. Well, it's one thing for a blockchain to be updated, it's another thing for the users to complete the migration. If those accounts that got drained moved the funds to newer wallets, it wouldn't have been drained. I think it might also be the case that those account owners are no more and the hackers were recovering what was otherwise considered to be lost.

[JeffBrad12]

Hows is that even possible, as far that I know brute force private key need lot amount of power and take times, Brute force specific address also need time and near impossible because lot of possibilty. https://etherscan.io/tx/0xba1b4093b8e0b820a778762cf18caab608e2870cded14b63bdad5454d50d6aac this the last tx he send into Thorchain and steal 324 ETH or the equivalent of 700K usd is not a million but money is money.

and if this real happen because simply old address ethereum foundatin should know about this and tell everyone. Usually address like ETH got hacked because he approved malicious contract and boom the money is gone.

Logically speaking if the wallet key was brute forced, there's no stopping the hacker from bruteforcing addresses that hold higher amount of ETH. But the hacker is only targeting some random addresses with low amount of ETH, speaks a lot about how the attack was done, definitely ain't brute forcing.

[SirLancelot]

This must be done via some sort of key generator type of thing that people used. Let me put it this way, if he was capable of hacking "all" wallets done before a certain time, he would have taken billions of dollars, and I mean billions, not even like a couple billion, I mean he would be one of the richest people in the world, but he did not.

Reason is that the wallets had to be old, and also using certain tool to eb created, and that's how he got them, and those are very limited, that is why he stole just a certain amount. This is still bad of course, but it's not something to worry about, no t in general at least, if you do not have a dormant account that is from all the way back, then you have nothing to worry about.

[Webetcoins]

Hows is that even possible, as far that I know brute force private key need lot amount of power and take times, Brute force specific address also need time and near impossible because lot of possibilty. https://etherscan.io/tx/0xba1b4093b8e0b820a778762cf18caab608e2870cded14b63bdad5454d50d6aac this the last tx he send into Thorchain and steal 324 ETH or the equivalent of 700K usd is not a million but money is money.

and if this real happen because simply old address ethereum foundatin should know about this and tell everyone. Usually address like ETH got hacked because he approved malicious contract and boom the money is gone.

It is. Brute force into cracking into these is not possible and they did not use that. I can tell you that they did not use brute force and regular cracking because if that was possibility then they could have cracked into some hot wallet of a big exchange and get a billion dollars out, and they did not.

So it is clear that they cracked into something specific, and I agree that whatever they cracked into, was something that was basically just a simple coding mistake that they exploited.

[Odohu]

So someone who invested in ETH and held them since 2018 in a wallet will wake up one day and realize that all his money is gone even when he still hold his private keys? This is a major problem in cryptocurrency in general and it makes me apprehensive because if they can exploit those wallets, it is a matter of time before new wallets are exploited using newer tools. What could be the solution of this type of things?

[bitgolden]

Nothing to worry about, these type of exploits and hacks and whatever always are on the news and happens often, at least once a month we see a news like this and it's never a big number, it's always small.

Sure, it's sad for those who this happened to, but in general the market is not really caring about such a small number. This is literally not even half a million dollars, we had situations where 40 million was stolen from hot wallets of binance once, so compared to that, this is basically nothing.

[passwordnow]

It's likely those tools that we've used where people kept to saved records of their private keys are being exploited by whoever that guy is. It's best to never keep records of these important details of us online and to any of the tools that could be compromised and able to get the backdoor of its database.

So someone who invested in ETH and held them since 2018 in a wallet will wake up one day and realize that all his money is gone even when he still hold his private keys? This is a major problem in cryptocurrency in general and it makes me apprehensive because if they can exploit those wallets, it is a matter of time before new wallets are exploited using newer tools. What could be the solution of this type of things?

There's a probable cause in it and if it happened with so many wallets, the culprit was able to access that through a huge database where the users have entrusted long time before.

[fullfitlarry]

Nothing to worry about, these type of exploits and hacks and whatever always are on the news and happens often, at least once a month we see a news like this and it's never a big number, it's always small.

Sure, it's sad for those who this happened to, but in general the market is not really caring about such a small number. This is literally not even half a million dollars, we had situations where 40 million was stolen from hot wallets of binance once, so compared to that, this is basically nothing.

The point is that the market is vulnerable to this kind of attacks. And I don't understand why you said that we shouldn't worry about when we know that there are victims here. What if you are one of the victims? Will you say to yourself that this is not something new and that it is ok for someone to take my money?

Yes, it's not comparable to huge amount of hacks or draining techniques.

But still if we have been in the market for so long, we can say that we should really be very careful of our crypto so that we won't just be another statistics from this cyber actors.

[TastyChillySauce00]

So someone who invested in ETH and held them since 2018 in a wallet will wake up one day and realize that all his money is gone even when he still hold his private keys? This is a major problem in cryptocurrency in general and it makes me apprehensive because if they can exploit those wallets, it is a matter of time before new wallets are exploited using newer tools. What could be the solution of this type of things?

This could be result of social engineering or private key leak due to lack of security in storing their seed phrase, it doesn't really indicate private key breaches.
New wallets are usually created using the best security practice for randomness, etc. Not really a concern if you generated a new wallet. The solution would be as always encrypt your private key if you are storing it digitally or simply write it down in a paper and seal it.

Also, don't interact with smart contract recklessly and don't connect your wallet to random websites. Hacker can drain your wallet of your money by simply telling you to sign ERC-2612 permit without even telling you to make transactions.