Compromised Private Keys: Threats and Remedies - ImmuneBytes (2024)

Introduction

For all DeFi levels and for all types of customers, including whales, developers, and regular users, compromised private keys might result in significant losses. Any Defi participant can resolve this problem. Because of this, both businesses and individual clients should be aware of the scope of the issue and the available fixes.

Why is this Solution Needed, and Who can Benefit from It?

When we took a closer look at recent hacks involving crypto wallets, we found that compromised private keys?whether they belong to the platform’s hot wallet, the admin’s key, or a specific user’s keys are almost always the root of the problem. We’re learning more about this kind of vulnerability and how Hackless’s Wallet Rescue can be helpful! Let’s start by looking at some cautionary stories.

DeFi Projects that Were Hacked via Compromised Private Keys

1. Ronin Network, $624M

In one of the largest hacks in crypto history, Ronin exploit, the keys of 5 of 9 validators were compromised. This was discovered when a customer tried to make a legitimate withdrawal. As the team announced, an attacker had gained ownership over private keys required to authenticate transactions. Bad actors had managed to steal 173,600 ETH and 25.5M USDC to their wallets.

2. Harmony Bridge, $100M

Harmony bridge was drained of $100M via compromised private keys of their multisig. The bridge only needed two validating accounts to approve transactions. The hackers managed to compromise private keys and were able to approve the transfer of funds to their accounts.

3. Raydium, $4.4M

This DEX lost $4.4M in crypto, falling victim to an attacker who managed to exploit a smart contract vulnerability that allowed entire liquidity pools to be withdrawn by admins. The attacker gained control over an admin pool private key and drained LP pools without even having LP tokens. The team is not sure how exactly this private key was obtained, but they assume that a trojan program infected the virtual machine that held the key.

DeFi Projects With Users? Private keys Exposed

1. Wintermute, $160M

The market maker, Wintermute, lost $160M for good, as their hot wallet was compromised via a vanity address created with Profanity. Both Wintermute’s hot wallet and DeFi vault contract seem to have Profanity vanity addresses. The hot wallet’s private key was likely exploited and used to drain the vault. While the security flaw of Profanity-generated addresses had been known to the community for a while, it looks like this wasn’t taken seriously.

Wintermute Crypto Exchange Hack – Sep 20, 2022 – Detailed Analysis

2. ‘Slope Wallet, $6M

The huge hack of a Solana-based mobile wallet, Slope, impacted over 8,000 unique wallets and resulted in $6M of funds lost. As it turned out, the private key information of users was inadvertently transmitted to a Slope application monitoring service which resulted in exposure.

Whales & Blockchain Devs are Not Immune

While DeFi protocols and project admins are the primary victims of hackers, high-profile crypto users like whales and even blockchain developers are targets too. Why not indeed? Sometimes, the reward can be a lump sum of money, as in the cases outlined below.

1. Bitcoin Developer, $3.6M

Even a Bitcoin developer can have trouble keeping keys safe. That’s what happened to Luke Dashjr, an early Bitcoin developer. He lost $3.6M in BTC due to a key hack. Dashjr tweeted that his PGP key was compromised and that he had no idea how it all happened.

2. GMX Whale, $3.5M

The hackers took control of 82,519 GMX tokens that belonged to a high-profile token holder. Further investigation determined that only a single account was impacted, making the likely cause of the theft a compromised private key.

Regular DeFi Users are Always on the Hacker’s Radar

Hackers normally tend to attack bigger wallets, however, individuals are targets too. Let’s see what approaches and tactics hackers invent to compromise individual user wallets:

1. Malicious airdrops users receive an email, text, or social media message that a certain coin has been added to their wallet via an airdrop. Then, they are asked to connect their wallet address to an attacker’s website. Once connected, all their funds are drained.
2. Seed phrase phishing: users are often threatened with account suspension and asked to provide their seed phrases as part of account verification or the recovery process.
3. Ice phishing: this type of clickjacking scheme tricks users into delegating the approval of the user’s coin to a bad actor. Often, attackers modify the smart contract UI by injecting a malicious script into it.
4. Malicious emails, websites and messages: cloned websites, social media accounts, and fraudulent emails appear every day, tricking users by spreading fake news, and misleading them through fraudulent promos and campaigns.

What if a Crypto Wallet Needs to Be Rescued?

When a DeFi protocol or an individual wallet is being hacked, the attacker is keeping a close eye on it. This means that they see any activities you might undertake with the wallet. Also, if they understand they’ve been uncovered, they can then adjust their technology to make their attack even more effective.

But what if you have stakes or vested coins connected to this wallet and you want to transfer them? Wallet Rescue by Hackless then comes into play. Previously known as Conductor, Wallet Rescue already proved effective to some of our clients, having helped them to save around $700K in crypto.

With Wallet Rescue, you’ll be able to safely migrate assets from the hacked wallet in a manner that is invisible to a hacker. This can be done via private mining capability in the following steps:

1. Create a bundle of transactions for private mining.
2. Simulate these transactions to make sure everything will go smoothly.
3. Privately send a previously created, simulated, and signed bundle of transactions directly to miners via trusted providers.

Conclusion

Compromised private keys are almost always the root cause of major crypto wallet hacks. Private keys are used to authenticate transactions, and if a bad actor gains access to them, they can withdraw funds from the wallet or even transfer ownership of the wallet to themselves.

This vulnerability affects all levels of DeFi participants, including whales, developers, and regular users, and can result in significant losses. Hackers may compromise private keys of DeFi projects, users, whales, and developers via various methods, such as phishing attacks, smart contract vulnerabilities, or by exploiting weaknesses in the security of hot wallets or DeFi protocols.

The consequences of such hacks can be devastating, resulting in losses of millions of dollars. Therefore, it is crucial for DeFi participants to be aware of this issue and take steps to protect their private keys.