Amber Group, a blockchain technology provider, replicated the Wintermute hack in less than 48 hours using a basic laptop. A report by the Amber Group stated,
“We used a Macbook M1 with 16GB RAM to precompute a dataset in less than 10 hours… We finished the implementation and were able to crack the private key of 0x0000000fe6a514a32abdcdfcc076c85243de899b in less than 48 hours.”
The hack was attributed to vanity addresses created with the Profanity tool, allowing users to generate specific ethereum addresses with particular characters. In the case of Wintermute, the address contained seven leading zeros. Vanity addresses allow accounts to have similar characters making it easier to identify the public addresses on the blockchain.
Another impact of an Ethereum address with several leading zeros is a reduction in gas fees due to the reduced space needed to store the information on the blockchain. However, removing an element of randomness from the cryptographic process used in generating the address comes at the cost of reduced security.
Initial analysis suggested that it would take 1,000 GPUs just 50 days to generate every possible private key for addresses that start with seven leading zeros. However, Amber Group now claims it can be achieved using just a single laptop in under 48 hours.
The cryptography explained
Profanity is an address generation tool for the Ethereum ecosystem. The codebase can be easily downloaded from GitHub and has been available since 2017. However, the current codebase version includes a warning advising against the use of the tool. The tool’s creator, Johguse, added the following message to the readme.md file on Sept. 15, 2022.
“I strongly advice against using this tool in its current state. This repository will soon be further updated with additional information regarding this critical issue.”
Further, core binaries were removed to stop users from being able to compile the codebase “to prevent further unsafe use of this…
Click Here to Read the Full Original Article at Ethereum (ETH) News | CryptoSlate…
