The amount involved is about 300 million US dollars. From the recent large-scale cryptocurrency theft case in Japan, we can see the latest scam methods used by hackers.

On May 31, according to monitoring data from a third-party blockchain security risk platform, a ‘unauthorized’ large amount of Bitcoin outflow occurred in DMM Bitcoin, a subsidiary of the Japanese super consortium DMM’s encryption asset business. Although the official has not released any investigation message at the moment, it can be basically judged from the on-chain data that this is a super large-scale encryption asset theft case, and the modus operandi of the suspected criminals is very innovative. According to public channel information, the amount involved in this case is approximately 3 billion US dollars.

The Sa sister team believes that this incident has some similarities to the Mt.Gox encryption asset platform theft case (known as the ‘Mentougou incident’) that occurred many years ago in Japan and has still not been properly resolved. Currently, DMM Bitcoin exchange has restricted new user registration, encryption asset withdrawals, spot trading purchases, and publicly stated that the platform will bear all losses from this incident. Obviously, for the large-scale DMM, a loss of $300 million is still within an acceptable risk range, which is fortunate for investors.

Today, the Sa sister team will start from this event to explain the latest hacker attack methods on encrypted assets and prevention methods for everyone.

01, How are exchanges regulated for user encryption assets

Before talking about this theft case, first of all, we need to give a general introduction to those who are not familiar with DMM. The parent company of DMM Bitcoin exchange, DMM, full name Digital Media Mart, is a super entertainment giant in Japan with a high degree of popularity. Although DMM made its fortune in a special industry in the early days, under the management of its legendary leader Keiji Kameyama for many years, its business has developed extremely extensively.

In 2009, DMM acquired a struggling online securities firm and renamed it DMM FX to enter the Japanese market.

In just one year, it has become the largest forex trading platform in Japan in terms of trading volume, and three years later, it became the world’s second largest forex broker with an annual trading volume of over $2 trillion. Since then, DMM has flourished in the Japanese financial industry. In recent years, DMM has gradually divested and sold its original special industries, transforming into a comprehensive super consortium and entering the rapidly developing cryptocurrency market. This is how our protagonist, DMM Bitcoin Exchange, came into being today.

It is worth mentioning that because the Mt. Gox incident that almost killed the industry at the first darkest moment of the encryption world in history occurred in Japan, DMM has actually established a fairly strict encryption asset protection and supervision mechanism under the blood and tears of its predecessors. According to the third-party platform Beosin’s analysis of the coin withdrawal process of the DMM Bitcoin exchange, we can find that the DMM Bitcoin exchange has physically isolated and managed the encryption assets held by customers - except for a very small number of encryption assets, more than 95% of customer assets have been stored by the DMM Bitcoin exchanges in their own cold wallets. When it is necessary to transfer a customer’s encryption assets from a cold wallet to a hot wallet, the DMM Bitcoin exchanges need to go through the review and approval of longer internal departments, and finally arrange a “cashier” team of 2 people to transfer the money.

On the surface, DMM Bitcoin exchange has done a fairly good job in safeguarding user assets, so how did this incredible theft happen?

02、How did this $300 million encryption asset theft happen

Although DMM Bitcoin exchange did not publicly disclose the specific cause of this cryptocurrency theft, according to on-chain data, excluding the possibility of insider theft within DMM Bitcoin exchange, it is likely that the relevant traders fell into the latest popular fake address trap. Simply put, the two individuals responsible for completing the transfer at DMM Bitcoin exchange were deceived by the hacker, resulting in the cryptocurrency being transferred to the wrong address. The reason why the staff made such a basic mistake is because the fake address used by the hacker for fraud looks “sufficiently similar” to the correct address.

To be honest, partners who have a little understanding of blockchain common sense all know that this method of hackers sounds both mysterious and low-level, without relying on computer system vulnerabilities or amazing special techniques, but it is such a plain and unremarkable trap that successfully stole $300 million.

As we all know, due to the special hash algorithm (SHA-256 encryption hash function) used in the design of Bitcoin, this hash algorithm is a one-way hash function h=H(x), which can transform data of any length (x) into a fixed-length output (h), and this output is usually called a hash value. The hash algorithm has a characteristic that it can only output the hash value in one direction and cannot deduce the input value from the hash value, and the collision rate of the output hash value is extremely low.

The so-called collision rate refers to the situation where different input values ​​yield the same hash value. Due to the nature of the hash algorithm itself, the input data is an infinitely large set that is not fixed, but the length of the output data is fixed. This leads to an infinite set of input data x and a finite output data h. When two different input data x yield the same output data h, it is called a ‘hash collision’.

The theoretical collision probability of the hash algorithm used by Bitcoin is: trying 2 to the power of 130 random inputs, there is a 99.8% probability of collision, and 2 to the power of 130 is an astronomical number, basically, it is almost impossible for hackers to brute force attack with the existing computing power accessible to them.

A simple understanding, the input value of the hash algorithm is the user’s private key, and the output hash value is the user’s address (public key).

In the DMM Bitcoin exchange theft case, the hacker certainly didn’t have the ability to brute force the exchange’s private key using a computer with huge computing power. Instead, they generated a massive amount of public key addresses using a computer. Because Bitcoin’s on-chain data is open and transparent, the transfer addresses commonly used by the DMM Bitcoin exchange are not a secret long ago.

Specifically, DMM Bitcoin exchange often needs to transfer online encrypted assets to the cold wallet address 1B6rJ6ZKfZmkqMyBGe5KR27oWkEbQdNM7P for storage, because the user’s encrypted assets need to be stored in the cold wallet. Coincidentally, among the massive generated addresses, a hacker happens to have an address that is very similar to the commonly used address of the Bitcoin exchange. Let’s release it for everyone to feel: 01928374656574839201

DMM Bitcoin exchange Wallet Address:

1B6rJ6ZKfZmkqMyBGe5KR27oWkEbQdNM7P

Wallet address generated by hackers:

1B6rJRfjTXwEy36SCs5zofGMmdv2kdZw7P

Therefore, it is possible that the transfer personnel of DMM Bitcoin exchange may have transferred the funds only after checking the beginning and ending of the address due to negligence, resulting in a large amount of encrypted assets being stolen.

03, Finally

Currently, a third-party company has identified the flow of encrypted assets stolen from the DMMBitcoin exchange to 10 addresses, and has marked these addresses as related addresses. DMMBitcoin exchange has also reported the case to the Japanese police, and the case is under investigation.

The Sa sister team believes that compared with Mt.Gox, which went bankrupt due to the theft of encrypted assets, resulting in severe losses of user assets, DMM’s proactive announcement to bear user losses and minimize the impact of public opinion has greatly stabilized market confidence, prevented stampede risks, and also reflects the greatly improved ability of current cryptocurrency exchanges to deal with sudden emergencies. This is thanks to the improvement of government regulatory capabilities, and even more so to the continuous improvement of compliance construction of cryptocurrency platforms.