This article is part of our complete guide to Bitcoin and altcoin hacks. Here we cover Bitcoin and altcoin security incidents from the year 2020.
2020 has been an unusual year from multiple angles. The COVID-19 pandemic took investors on a wild ride, with Bitcoin ranging from U$ 4,100 to U$ 12,200 in the first 6 months of the year.
June
Wallet Brute Forced
In June 2020, Lightning Network developer John Cantrell was able to brute force a Bitcoin wallet to recover its keys in under 30 hours.
This is a grassroots Bitcoin hack, in the sense that Cantrell actually did beat the cryptographic system at what it was supposed to do best – avoid brute force.
What he did was try permutations of 12 word mnemonics used to recover a wallet. The process involved :
- Building the 12 word combination
- Deriving the private key from the new mnemonic
- Deriving the public key from the private one
- Deriving a public Bitcoin address from the public key
- Testing this Bitcoin address against his target
To achieve this, Cantrell implemented his own brute force software in OpenCL – an open standard for GPU processing. Find technical details here.
July
The Twitter Hack
Every major news outlet has called the July Twitter hack a “Bitcoin hack”. This is an incorrect approach that shows just how much the media is biased against cryptocurrencies in general.
Calling the Twitter hack a “Bitcoin scam” is like calling every bank robbery a “dollar scam”.
However, there are some aspects about this hack we could discuss in the context of cryptocurrencies. Especially how amateurish it all seems to be.
As Larry Cernak of The Block pointed out, the subsequent Bitcoin mixing job was absolutely sloppy.
The Twitter hacker continues to split up their payout in smaller addresses. There are now 17.2 (~$156,000) split across 59 wallets. The largest single wallet is of 1 BTC https://t.co/UoeKw8gLSY pic.twitter.com/efeYr0sayw
— Larry Cermak (@lawmaster) July 20, 2020
It’s trivial for law enforcement to track down whoever is behind this Bitcoin activity.
As we’ve pointed out in previous articles, Bitcoin is a permanent and immutable record of financial transactions. Doing anything illegal on the blockchain generates a trace that lasts forever. Contrary to the mostly negative image of cryptocurrencies propagated by mainstream media, blockchain makes transactions much more transparent than other financial instruments used by criminals.
August 2020
Realistic Signals Group
Read our main article about the RSG scandal here.
September 2020
Israeli SS7 Telegram Hack
While not directly related to cryptocurrencies, the SS7 hack targetted Israelis somehow linked to cryptocurrency work. Hackers exploited Signaling System 7 (SS7) in order to gain access to users’ Telegram accounts.
Slovenia Eterbase Hack
Slovenian exchange Eterbase was hacked on September 10, causing an estimated U$ 5 million losses.
Dear users, the exchange is currently in maintenance mode because our hot wallets were compromised last night:https://t.co/XWZZoWxLd0
— ETERBASE (@ETERBASE) September 8, 2020
Sorry for the inconvenience and please have some patience untill we solve the issue.
Eterbase Telegram announcement.
Eminence DeFi Hack
Late September saw yet another DeFi smart contract exploited.
Unaudited DeFi code made yet another victim, costing the community around U$ 15 million.
3/x 5. We posted the first clan "Spartans". And I went to bed.
— Andre Cronje (@AndreCronjeTech) September 29, 2020
6. Around ~3AM I was messaged awake to find out a) almost 15m was deposited into the contracts b) the contracts were exploited for the full 15m and c) 8m was sent to my yearn: deployer account.
KuCoin Hack
On September 26, KuCoin revealed a major hack involving Bitcoin and Ethereum. The total amount may have been over U$ 150 milllion.
Links
Major Chilean bank shuts down all branches following ransomware attack
KuCoin hack unpacked: More crypto possibly stolen than first feared
Return to the main article: The complete guide to Bitcoin and altcoin hacks