Recently, the news that a pig-butchering gang in Cambodia had 120,000 bitcoins confiscated by the U.S. government spread across the internet. Many people's first reaction upon reading this news was, "Is Bitcoin still safe?" Some even believed that "Bitcoin is finished."
Several friends have asked me this question, and readers have also mentioned it in the comments below the article.
Regarding this issue, I think Wu's article "120,000 Bitcoins of the Cambodian Pig-Butchering Boss: How Were They Confiscated by the U.S. Government?" (full text can be found in the reference link at the end) explains it quite clearly.
If we summarize the content of the article, it can be generally concluded that:
The private key of the wallet storing the bitcoins had obvious vulnerabilities at the time of its generation, and the root of this vulnerability lies in the insufficient randomness of the random numbers used. Alternatively, the wallet holder may have left some information about the private key off-chain that the U.S. government has obtained.
If the holder leaked the information themselves, then the issue lies with the holder and is unrelated to the security of the private key.
If the security of the private key itself is insufficient, then there is a problem with the wallet software that generated the private key: its random number generation is not random enough—this is something we should pay attention to.
Theoretically, the random numbers generated by current computing systems are not truly random but pseudo-random. However, with advancements in technology, many methods have been invented to make these numbers as close to true randomness as possible.
If the random numbers used to generate the key are too "pseudo," it will leave obvious vulnerabilities for attackers to guess what the key is, thus stealing the coins in the wallet.
When I previously worked at a blockchain company, an engineer once playfully used a special tool to generate a large number of Ethereum wallet addresses containing auspicious numbers, which he then gave to many colleagues.
Wallets like these do not have keys generated using numbers close to true randomness, so their keys are very insecure and easily compromised.
Despite this, several colleagues actually deposited some Ethereum into these wallets to make transactions. They certainly knew these wallets were not secure but still used them for transactions. This was purely for fun, especially to show off to outsiders.
A more common example can illustrate how important the randomness of a private key is.
We have all applied for email accounts. When applying for an email, we are required to set a password, and many email services require the password to be at least 8 characters long, consisting of a combination of uppercase and lowercase letters, special symbols, and numbers.
If we set the password this way, generally speaking, the more characters there are, the harder it is to crack.
However, some people do not follow this rule; they set all characters to be the same letter, number, or special character, and they inadvertently reveal this habit of setting passwords.
In such cases, it becomes very easy for an attacker to break into their email.
If any readers were early adopters in this ecosystem, they might remember:
Early wallets required users to randomly move their mouse on the screen when generating seed phrases (keys). The purpose of this was to increase the randomness of the keys through the user's random actions.
Now, many wallets no longer require this because there are better user experiences and better methods for obtaining random numbers.
So generally speaking, if you are using a well-known, established wallet brand, the private keys they generate are still relatively secure, and ordinary users do not need to worry too much.
In fact, for technically inclined players, it is even possible to generate highly random keys using physical methods, which provides even more reassurance.
In summary, this case is merely an isolated incident; the issues it reflects are more about human operation problems or wallet software issues rather than the security of the Bitcoin mechanism itself.
Overall, Bitcoin, Ethereum, and even general wallets strictly based on cryptography remain secure.
Reference link:
https://mp.weixin.qq.com/s/rdLsYDPfi0P1bVEtIdOoDQ
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
