This article is part of our complete guide to Bitcoin and altcoin hacks. Here we cover Bitcoin and altcoin security incidents from the year 2020.
2020 has been an unusual year from multiple angles. The COVID-19 pandemic took investors on a wild ride, with Bitcoin ranging from U$ 4,100 to U$ 12,200 in the first 6 months of the year.
In June 2020, Lightning Network developer John Cantrell was able to brute force a Bitcoin wallet to recover its keys in under 30 hours.
This is a grassroots Bitcoin hack, in the sense that Cantrell actually did beat the cryptographic system at what it was supposed to do best - avoid brute force.
What he did was try permutations of 12 word mnemonics used to recover a wallet. The process involved :
To achieve this, Cantrell implemented his own brute force software in OpenCL - an open standard for GPU processing. Find technical details here.
Calling the Twitter hack a "Bitcoin scam" is like calling every bank robbery a "dollar scam".
However, there are some aspects about this hack we could discuss in the context of cryptocurrencies. Especially how amateurish it all seems to be.
As Larry Cernak of The Block pointed out, the subsequent Bitcoin mixing job was absolutely sloppy.
The Twitter hacker continues to split up their payout in smaller addresses. There are now 17.2 (~$156,000) split across 59 wallets. The largest single wallet is of 1 BTC https://t.co/UoeKw8gLSY pic.twitter.com/efeYr0sayw— Larry Cermak (@lawmaster) July 20, 2020
It's trivial for law enforcement to track down whoever is behind this Bitcoin activity.
As we've pointed out in previous articles, Bitcoin is a permanent and immutable record of financial transactions. Doing anything illegal on the blockchain generates a trace that lasts forever. Contrary to the mostly negative image of cryptocurrencies propagated by mainstream media, blockchain makes transactions much more transparent than other financial instruments used by criminals.
While not directly related to cryptocurrencies, the SS7 hack targetted Israelis somehow linked to cryptocurrency work. Hackers exploited Signaling System 7 (SS7) in order to gain access to users' Telegram accounts.
Slovenian exchange Eterbase was hacked on September 10, causing an estimated U$ 5 million losses.
Dear users, the exchange is currently in maintenance mode because our hot wallets were compromised last night:https://t.co/XWZZoWxLd0— ETERBASE (@ETERBASE) September 8, 2020
Sorry for the inconvenience and please have some patience untill we solve the issue.
Late September saw yet another DeFi smart contract exploited.
Unaudited DeFi code made yet another victim, costing the community around U$ 15 million.
3/x 5. We posted the first clan "Spartans". And I went to bed.— Andre Cronje (@AndreCronjeTech) September 29, 2020
6. Around ~3AM I was messaged awake to find out a) almost 15m was deposited into the contracts b) the contracts were exploited for the full 15m and c) 8m was sent to my yearn: deployer account.
On September 26, KuCoin revealed a major hack involving Bitcoin and Ethereum. The total amount may have been over U$ 150 milllion.
Return to the main article: The complete guide to Bitcoin and altcoin hacks