Amber Group, a digital assets consultancy, stated it was able to replicate the whole attack vector after performing an examination into the recent $160 million Wintermute vulnerability.
Amber Group stated that it recalculated the private key of the address used by market-making business Wintermute. To back up this allegation, it signed a transaction from Wintermute’s hijacked address and posted an on-chain note.
Amber stated in its study of the attack that it took the company only two days to crack the private key using a MacBook M1 laptop. To do this, the business used a brute force assault to obtain the seed phrase (or private key), which was then used to unlock cash kept at Wintermute’s address.
On September 20, the cryptocurrency trading platform Wintermute was hacked for $160 million from its Ethereum vault. The vault relies on an admin address to extract the private key and shift the funds.
Wintermute’s hacked admin account had a “vanity address,” a form of crypto address that contains recognizable names or numbers or has a certain style and may be constructed utilizing certain web tools such as Profanity. 1inch security experts discovered that hostile hackers might compute the private keys of vanity addresses produced using Profanity in order to steal funds.
Amber chose to undertake its own inquiry a few days following Wintermute’s hack. The company then determined that it, too, could recover the private key associated with Wintermute’s vanity address and estimate the hardware and time required to break the address created by Profanity.
“We figured out how Profanity divides the job on GPUs. Based on that, we can efficiently compute the private key of any public key generated by Profanity. We pre-compute a public key table, then do reverse computation until we find the public key in the table,” Amber said.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu