Skip to main content

Amber Group uses simple hardware to show just how fast, easy the Wintermute hack was

The Hong Kong-based group documented its reproduction of the hack on its tech and security oriented blog, seeking insights into Web3’s attack surface spectrum.

Amber Group has reproduced the recent Wintermute hack, the Hong Kong-based crypto finance service provider announced on its blog. The process was fast and simple, and used hardware easily accessible to consumers. Wintermute lost over $160 million in a private key hack on Sept. 20.

Reproducing the hack can help “build a better understanding of the attack surface spectrum across Web3,” Amber Group said. It was only hours after the hack of UK-based crypto market maker Wintermute was revealed that researchers were able to pin the blame for it on the Profanity vanity address generator.

One analyst suggested that the hack had been an inside job, but that conclusion was rejected by Wintermuteand others. The Profanity vulnerability was already known before the Wintermute hack.

Amber Group was able to reproduce the hack in less than 48 hours after preliminary setup that took less than 11 hours. Amber Group used a Macbook M1 with 16GB RAM in its research. That was far speedier, and used more modest equipment, than how a previous analyst had estimated the hack would play out, Amber Group noted.

Related: The impact of the Wintermute hack could have been worse than 3AC, Voyager and Celsius — Here is why

Amber Group detailed the process it used in the re-hack, from obtaining the public key to reconstructing the private one, and it described the vulnerability in the way Profanity generates random numbers for the keys it produces. The group notes that its description “does not purport to be complete.” It added, repeating a message that has often been spread before:

“As well documented by this point — your funds are not safe if your address was generated by Profanity […] Always manage your private keys with caution. Don’t trust, verify.”

The Amber Group blog has been technically oriented from its inception, and has addressed security issues before. The group achieved a $3-billion valuation in February after a Series B+ funding round.



from https://ift.tt/RsUENrX
https://ift.tt/vGo6Xin
Labels:

Comments

Post a Comment

Any questions, Please.

Popular posts from this blog

DeFi isn’t dead, it just needs to fix these 3 critical problems

It’s been a rough year for DeFi, and it may not get any better until projects focus more on security, regulation and usability. The persistent challenges  decentralized finance  face have been well documented by a handful of analysts and the recent collapse of the Terra ecosystem re-enforced the fact that something is critically wrong with DeFi. I think DeFi today is completely broken for 99% of the population. The promise of a more transparent financial system has been overtaken by greed. UST/LUNA is just the latest in a string of bad developments: — Peter Yang (@petergyang) May 11, 2022 Let's take a look at what experts say DeFi needs to do in order to have another revival.  Improved usability To date, the promise of open and uncensored access to a global decentralized financial system has been largely hampered by the complicated interface, confusing multi-step staking processes and lack of clarity surrounding the yields on various tokens. What do you thi...
Post a Comment
Read more

ENS DAO delegates offer perspective on DAO governance and decentralized identity

AlphaWallet CEO and Spruce co-founder talk about their roles as contributors to the Ethereum Name Service following the project's recent airdrop. Earlier this month, the Ethereum Name Service, or ENS, formed a decentralized autonomous organization, or DAO, for the ENS community.  Cointelegraph spoke to two ENS DAO delegates who applied for the opportunity to represent the community and stay involved in the decision making process: Victor Zhang, CEO of AlphaWallet, an open source Ethereum wallet, and Gregory Rocco, co-founder of Spruce, a decentralized ID and data toolkit for developers. Zhang spoke about his experience as an external contributor to ENS and an early supporter since 2018. Zhang initially sought to help ENS by offering Alpha Wallet as a user-friendly tool for  resolving .eth names and cryptocurrency wallet addresses. Essentially, if a user inputs an .eth name in the AlphaWallet, it will show the wallet address, and vice versa using reverse resolution. Alpha...
Post a Comment
Read more

Institutional demand for crypto isn’t subsiding, but impact will be gradual

As another $2-trillion stimulus package looms in the U.S., institutions will continue to look at BTC as a hedge against inflation. For example, just last week, when the currency was hovering around the $30,000 threshold, a whole host of pundits was warning investors to brace for impact, suggesting that the premier crypto asset was on the verge of a correction and could once again dip to around the $20,000 region. However, in just one day, Bitcoin was once again playing with the bulls, retesting the $38,500 limit, only to witness a selloff and eventually settle around the $33,500 region. While for most crypto veterans that might have been another day at the office, others branded the upsurge as “Elon’s Candle,” which relates to Elon Musk, the CEO of Tesla, who included “Bitcoin” in his Twitter bio as well as sent out the following cryptic message “in retrospect, it was inevitable” to his 40 million-odd followers online. Regardless of the cause, has the recent price volatility sca...
Post a Comment
Read more