Many may consider hackers to be geniuses, however, their talent can always be reciprocated and Amber Group has just proven that.
The crypto firm announced on Twitter that it was able to replicate the $160 million hack of Wintermute by reproducing the private key that was used to carry out the attack.
“We have reproduced the recent Wintermute hack. Figured out the algorithm to build the exploit. We were able to reproduce the private key on a MacBook M1 with 16G memory in <48h,” the firm tweeted following its self-initiated investigation into the exploit event.
Amber Group confirmed its claims by leaving an on-chain message to prove its claims. When the Wintermute protocol was hacked on September 20, Chief Executive Officer, Evgeny Gaevoy noted that despite the exploit, the protocol is still very solvent and can fulfill all of its obligations to its creditors and users.
Per the insight that the Amber Group investigation proffered, the digital currency platform said that it too “could extract the private key belonging to Wintermute’s vanity address and estimate the hardware and time requirements to crack the address generated by Profanity.”
The attempt proved successful and Amber said “Profanity relied on a particular elliptic curve algorithm to generate large sets of public and private addresses that had certain desirable characters.” As part of Amber Group’s conclusion, the firm said the process that was used to generate the addresses that were used to exploit Wintermute is not random and could easily be regenerated.
“We figured out how Profanity divides the job on GPUs. Based on that, we can efficiently compute the private key of any public key generated by Profanity. We pre-compute a public key table, then do reverse computation until we find the public key in the table,” Amber said.
The replication exercise showcased that hacks can be successfully investigated, and proactive solutions designed to help forestall negative events like those of Wintermute’s.
According to PeckShield, a blockchain security firm, a hacker has stolen $950,000 in Ether (ETH) from an Ethereum “vanity address” generated with a tool known as Profanity. The matter was reported on Monday.
The hacker stole 732 Ethereum on September 25 and sent it to the authorized digital currency blending administration Cyclone Money, as indicated by on-chain data from PeckShield. Here the funds were blended in with other cryptocurrencies and removed to the programmer’s own wallet.
The hack was done through weaknesses associated with the popular Profanity vanity address generator. While vanity addresses are made through an instrument called Obscenity, this strategy for generating such addresses makes them simpler to penetrate through a beast force assault. The penetration requires a ton of processing power and may be counterbalanced by how much cryptographic money is in the wallet.
In the aftermath of the attacks, the developers’ team behind Profanity took steps to ensure that no one continued using the tool.
The exploit was done in a similar way Wintermute was exploited last week. On Tuesday, September 20, the U.K.-based algorithmic crypto market maker Wintermute was hacked and lost $162.2 million in DeFi operations. A vulnerable private key generated by the Profanity app was attacked in the Wintermute hack.
The Profanity vulnerability has been known since January. Still, the decentralized exchange 1inch Network disclosed the apparent risk on September 13 and warned Twitter crypto community members about the risks facing the Profanity wallets.
Last week on September 18, attackers executed a similar hack that saw $3.3 million worth of cryptocurrencies stolen from users of a vanity Ethereum wallet. The hacker managed to steal the tokens from a number of Ethereum addresses that were generated with the Profanity tool.
According to Certik blockchain cybersecurity company, about $273.9 million has been lost this year because of compromised private keys, making the method one of the largest attack vectors.