- Hackers are using sophisticated software to run passwords against target crypto wallets.
- Some hacker wallets have been found to have over $50 million in crypto.
- Keyless crypto solutions help clients avoid the pitfalls of using private keys.
The crypto world is the wild west of the financial industry. Its history is checkered with implausibly audacious heists, some leading to billions of dollars in losses. The immutable blockchain technology that powers crypto networks lacks centralized control and regulations, and hackers strive to take advantage of this inherent loophole.
Security researchers have in the past stumbled upon elaborate hacker syndicates that use advanced brute-force software to crack crypto wallets. Using powerful, sophisticated algorithmic servers, they are able to run millions of pre-generated keys and hacker databases against target cryptocurrency wallets.
In April, researchers at the Security Evaluators agency came across hundreds of compromised crypto addresses while Ethercombing for vulnerable Ethereum wallets. One hacker unit had the capacity to automatically snatch up funds from such wallets within milliseconds of funds being deposited. Its wallets had over $50 million in cryptocurrencies.
How Easy is It to Brute-Force a Bitcoin Address
The answer relies heavily on the length and complexity of the private key. A bitcoin private key is a hexadecimal alphanumeric code that is randomly generated and exceptionally hard to guess. For perspective, it would take the average contemporary personal computer less than a minute to crack a 4-digit numerical key.
But it would take the same computer about 2 centuries to crack a 12-letter password. Using a combination of numbers, upper and lower-case letters, plus special characters will exponentially increase the time taken to guess the private key.
Keyless Solutions on the Rise
There are numerous strategies out there that are used to keep private keys safe. Some experts recommend that crypto wallet users write down their private keys on a piece of paper and store it in a secure location such as a safety deposit box.
However, many users are apt to keep their private keys in obvious and insecure locations such as in their phones or computers. It is worth noting that devices that are connected to the internet are less than ideal because hackers can use malware, and phishing techniques to access the files.
Cold storage or air gapping is the other alternative but it also has its own drawbacks. Brute-force systems can easily bypass such strategies.
Cold storage also requires that a user be physically present to access the device. This can be a major inconvenience, especially when a user is looking to trade funds right away. Such pitfalls give keyless crypto solutions a definite advantage.
Curv, for example, has come up with a solution that relies on multi-party computation (MPC) technology. The service allows institutional enterprises to manage funds by setting up keyless private access parameters. The technology drastically lowers the risks of theft because there are no keys involved in the first place.
The company additionally offers insurance cover for held assets. Clients get up to $50 million in coverage.