chepicap.com
A significant amount of Ethereum (ETH) may have been stolen due to the generation of weak private keys. A report carried out by the Security Evaluators research firm showed how this could happen, and identified one entity that may have acquired over 44,700 ETH.
Under normal circumstances, the chances of correctly finding a valid 256-bit private key are effectively 0%. However, the report found that many keys may be "weak or lack randomness, due to several possible factors". These factors include key truncation, malware in wallets, memory errors, and many other issues.
The team was able to gain access to over 700 ETH addresses by exploiting private keys that were not generated properly. These addresses have had almost 50,000 transactions associated with them, totalling around 32 ETH. They were also able to access a number of addresses due to their having weak or faulty passphrases, instead of using randomly-generated private keys. This is one of the key causes of crypto theft.
These addresses were linked regularly with two other ETH addresses, which the team suspected may be linked to an individual or entity attempting to steal ETH by exploiting weaknesses in encryption. They referred to them as 'blockchainbandit', and found that they had transferred ETH worth over $6 million at current prices.
In an interview with Wired, Security Evaluators Adrian Bednarek claimed that "Whoever this guy or these guys are, they're spending a lot of computing time sniffing for new wallets, watching every transaction, and seeing if they have the key to them...I wouldn’t be surprised if it’s a state actor, like North Korea...We can see people getting robbed, but we can’t say which wallets are responsible".