The recent hacks from Twitter accounts have been a boom in the social network, with several hacked accounts like Coinbase, Binance, Bill Gates, CoinDesk and even Twitter support. All of this makes it clear that the attack is a well-coordinated and well-functioning attack with the aim of carrying out a large-scale fraud So far, it has cost more than $ 100,000 and left several victims. Victims who trusted verified profiles that were used illegally to promote this scam.
The attack, which is still being investigated by Twitter and those affected, has brought with it another strange fact that has been recorded forever on the Bitcoin blockchain. We’re talking about two transactions that contain a strange message between the hacking noise on Twitter. The first transaction and the second transaction contain the same message recorded in the Vanity address type Bitcoin addresses to which some Satoshis were sent.
The message in question is clear and reads as follows:
“Just read all the transactions that are printed as text. You take a risk if you use Bitcoin for your Twitter game Traceable Bitcoins. Why not Monero?”
What in Spanish can we translate as:
“Just read all transactions as text. This runs the risk of using Bitcoin for your game on Twitter. Bitcoins are understandable. Why not Monero?”
The message is certainly curious enough to pay close attention to it, but the strangest thing is the way it was sent. Use clearly generated Bitcoin addresses that contain the words for this message.
A strange way to send hackers a clear message
For those who have been in the Bitcoin world for a long time, it will be easy to recognize these types of addresses, but for newbies we are talking about Vanity Address. Vanity addresses are a kind of Bitcoin address that we can generate using a special service or software. The purpose is very simple: create a Bitcoin address, the pattern of which we have chosen as a form of adaptation.
To some extent, vanity addresses can be generated free of charge in some services, but at a certain point these addresses are chargeable. The reason? Generating these addresses requires enormous computing power and tedious brute force work to generate both the address and the associated public and private keys. Because a Bitcoin address without a public and private key is a key without use.
Of course you can download the software and generate the key with your own computing power. However, if the direction of generation is very complex, it can take a few days to millions of years if you don’t have the computing power to create it.
However, Oddly enough, multiple vanity addresses were used in this message sent to hackers, ranging from 11 user-defined characters (1JustReadALL1111111111111114ptkoK) to 25 user-defined characters (1YouTakeRiskWhenUseBitcoin11cGozM). A situation that quickly raises the question Do those who created these vanity addresses have the computing power to generate these personalized keys in a matter of hours? If so, how does this affect the security of Bitcoin and its users?
Generate addresses defraud
The answer to the first question is that this can undoubtedly be true. Bitcoin addresses are generated using a very secure cryptographic process that could undoubtedly be interrupted. We speak of the fact that the creation of each Bitcoin address is a private ECDSA key, which then generates a public key.
This public key goes through an encryption process that uses the RIPEMD-160 and SHA-256 hashes to reduce its size and prevent the public key from being displayed directly. Proven cryptography with generally accepted security is used throughout the process, and this is what has kept its users’ Bitcoin balances secure for more than 10 years.
However, this generation process can be avoided in order to generate valid Bitcoin addresses to which we can send money, but which we can never use, since this “trap” does not generate the public key or the private ECDSA key of this address. To test this point, we use the following string as an example “1MyVanityAddressxxxxxxxxxxxxxxxxx”. As you can see, this chain is a custom chain and we will use the process to make it a valid Bitcoin address.
First we use a Base58 decoder which gives the following result: “0003F77A201F20EDFABA39DCB6FB20D7DEDAC6D5A9F521DC11”. From this string I will put the last eight characters “0003F77A201F20EDFABA39DCB6FB20D7DEDAC6D5A9” aside and apply a binary SHA-256 to this result. The result obtained is this SHA-256 hash “ceeb665e3f12dfac7ab540c920558c81e2a1adcab04ffd28fd378f47f4d9895f”. On the same hash, I apply the same SHA-256 again and get “f197f8f57097c8017415ddee702f675ba743f093bfbbbd155e88ea2d43577c0e”.
If you continue, the last hash has used the first eight characters “f197f8f5”. This is my checksum. These characters are added to the end of this string “0003F77A201F20EDFABA39DCB6FB20D7DEDAC6D5A9” and I have “0003F77A201F20EDFABA39DCB6FB20D7DEDAC6D5A9F197F8F5”. Finally, I can only encode this string with Base58, which leads to my valid Bitcoin address “1MyVanityAddressxxxxxxxxxxxxsigrx”. As you can see, a hand-generated vanity address is created, from which we have no public or private key, but which is equally valid for the network.
This is the trap that people who sent this strange message used about these two Bitcoin transactions. This also means that these addresses can only receive money, but can never be withdrawn, as it is not possible to manage the funds within these addresses without the private keys.
The answer to the second question is that this has no impact on Bitcoin’s security. If we generate addresses in this way, we will never have access to the ECDSA keys from which they originated. So we can be sure that Bitcoin has not been hacked and its security is currently under threat.
The worst case, however, is that the vanity addresses of these transactions mobilize this money. In this case, one could say that Bitcoin’s security has been fatally violated. But that’s very unlikely
There is no doubt about that; as Those who send the message do so knowing that this Twitter hack and subsequent scams have left an impossible trail that can be deleted. Every transaction in Bitcoin is public and will not be changed. This is an important point to find out who or who carried out this attack. The fact will surely be investigated and investigated by the community while the Bitcoin community has been left with a message to think about. Is privacy and anonymity sufficiently protected in Bitcoin?