Analysis and Tracking of Hacker ‘s Behavior in Multi – signature Contract


n

Reporter: pencil leadn

On the morning of July 20, 2017, the largest hacker theft incident since the DAO vulnerability occurred in the ethernet, due to a bug in the Parity wallet, a Multi-sig bug. This bug led to hundreds of thousands of dollars (when the value of billions of yuan) was stolen. But also have a white hat (that is, help manufacturers to analyze the loopholes are not so profitable hackers) out with the same method to turn some of the coin to protect the first to avoid further expansion of the loss.n
nTake one of the multi-signature contract addresses as an example:n
nhttps://etherscan.io/address/0xce9f93eb7f78fcb7e7d222c81f258535dc218d4bn
nThis contract is a bugged multi-signature contract, the hacker by calling InitWallet interface to set itself as the owner, the maximum daily amount of single person can be set (DayLimit) set to 10 ^ 40 Wei (Taibao minimum unit of measurement). And then the implementation of the contract will be transferred to their address, which will steal the money in the contract.n
nSee:n
nhttps://suatn
nhttps://etherscan.io/tx/0x9a675c7aada32eaea55adec60149b298917967eb6afab94d00d4019a54a16640n
nIn the second transaction, the transfer of the value of 3916.8 Taitai to hackers Address:n
nhttps://etherscan.io/address/0x1ff21eca1c3ba96ed53783ab9c92ffbf77862584n
n

n
nThrough the hacker address of the historical transaction information, found one of the contract address:n
nhttps://etherscan.io/address/0x3fce483a0236ba36869e4e82151006045e7d3331n
n

n
n

n
nNote that the above red box inside, you can see this contract was created by the hacker address in January 2016.n
nIndicating that this address is not a new address, so through the history can track the hacker-related information.n
nThrough the search, found the following website and related information:n
nhttp://etokend-docs.ambisafe.co/n
n

n
nThe above information indicates that the hacker address is actually the address of the ETokenD organization. It can be further found that:n
n

n
nThis is an organization called TAAS, is also an ICO project, the official website is: https: //taas.fund/n
nAlso on this page: https: //github.com/Ambisafe/etoken-docs/wiki/Transaction-Notificationsn
n

n
nAbove can see this site:n
nhttps://www.ambisafe.co/n
nAnd this person: Oleg Aldekein (defenders)n
nHere are some of his basic information:n
nhttps://www.facebook.com/aldekeinn
nhttps://www.linkedin.com/in/aldekein/n
nSo the basic can determine the person and the organization with this hacker address are closely linked.n
nAt the same time, the hacker address will eventually be Taitong and various tokens (Token) to the following address:n
nhttps://etherscan.io/address/0xd1f27c48b948d49f3d098f499b8a1830d8a7e229n
n

n
nAs of 21, all the digital currencies are still in this address. If the hacker has further action, we will continue to track.n

Leave a Reply

Your email address will not be published. Required fields are marked *