Key-related hacks

Unlike wallet-related hacks, that could be prevented to some extent by patching vulnerabilities, updating software dependencies and proper configuration of safety checks, key-related hacks are a little harder to discover before it's too late. Most of the time, this type of vulnerabilities are introduced from the beginning by the protocol's authors by using deprecated cryptographic primitives, not respecting best practices regarding these cryptographic operations - such as key generation - or insufficient cryptographic knowledge about how to store secret information and generate enough random data.

One example of a key-related exploit is the incident involving the cryptocurrency wallet, MyEtherWallet, in 2018. The wallet was hacked, resulting in the loss of 215 Ether (worth around $150,000 at the time). The attack was caused by a vulnerability in the wallet's key generation process, which allowed the attacker to gain access to the private keys of multiple users. This exploit highlights the importance of proper key generation practices, such as the use of secure key derivation functions and the importance of regular software updates.

Another popular example is that of the Profanity private key generation tool used by many startups to generate gas-efficient Ethereum keys for managing project's funds. An insufficient randomness vulnerability allowed hackers to steal $160 millions worth of tokens from the Wintermute protocol.

In addition to these examples, there are numerous other key-related exploits that occur in the cryptocurrency industry, with new ones emerging regularly. Therefore, it is important for users and wallet providers to take appropriate measures to protect their private keys and to stay informed about the latest threats and vulnerabilities or to seek customer protection professionals ready to serve and protect them.