Crypto market maker Wintermute lost 160 million US dollars in a hack on September 20th, 2022. Reportedly, the hacked address was a vanity address generated by the Profanity tool.
Security researchers found a vulnerability in the randomness of private keys generated by that tool back in January 2022. According to a third-party security company, hackers took advantage of the vulnerability which they were able to utilize to crack down Wintermute’s private key and drain the wallet.
Please note that you should transfer your assets to a secure wallet as soon as possible if they are stored in an address generated by the Profanity tool.
Why does randomness matter?
To be exact, a private key is a set of 256 random numbers of 0 and 1. If you flip a coin with the front side marked as 1 and the back side as 0, you can get a private key after flipping the coin 256 times. There are 2^1 possible outcomes (0 or 1) if you flip it once. That number will change to 2^2 (00, 01, 10 or 11) if you flip it twice. It will become 2^256 if the coin is flipped 256 times.
2^256 is a nearly infinite number. Therefore, it is almost impossible to find a private key through a brutal-force attack even with hundreds of powerful computers. However, a private key may not be random enough if there is a flaw in the tool, like Profanity mentioned above. In this case, through brutal-force attack, hackers can have a higher chance to crack a private key with its randomness being greatly reduced. That poses a serious threat to asset security.
Whether a private key is random enough is very important when you manage your digital assets.
How does imToken ensure high-quality randomness?
To ensure high-quality randomness, the random number generator of the Android and the iOS system is applied in imToken. For example, entropy sources of the iOS system are based on event statistics during a period in the system. Since the kernel state of the system is constantly changing, the randomness of the private key is fully guaranteed.
Asset guard
Blocking scam domain tokens
It was reported by some users that they received domain tokens such as 365haxi.com in their TRX wallet in early September. Scammers airdropped these domain tokens to users to lure them to visit phishing websites and gained access to the user's token allowance through malicious authorization, thus stealing the user's assets.
imToken has teamed with the risk control department of Tronscan to block these scam tokens and 370 tokens have been blocked. On the one hand, it cleans the TRX wallet page, and on the other hand, it prevents users from visiting the phishing websites.
Scam Alert | Addresses with the same last characters
Some users have a habit of copying the recipient address in their transaction history when transferring funds.
Scammers take advantage of this and generate fraud addresses with the same last characters. For example, in the picture below: the address that the user often transfer money to is "TWKWPn...krvgWS", and the fraud address is "TANWTY...grvgWS". They have the same last characters "rvgWS".
By transferring a small amount of money to the user, the fraud address will appear in his transaction history. When the user wants to start a transaction and copies the address from the history, he can easily make a mistake and transfer money to the fraud address if he only checks the last characters, resulting in loss of assets.
PSA: Information stored on blockchain is non-temperable. So once your transfer is successful, it cannot be canceled or changed. Please be sure to check the address carefully before transferring!
Risk Control
In September, imToken marked 25 tokens and 600 addresses as risky and banned 445 DApp websites.
End
If you recognize any risky DApps or tokens, please report to us via support@token.im to help more users avoid being deceived.