1, Yesterday, there was a massive outflow of 4502 BTC from the exchange.
There has been another leakage incident. However, there is an effective method that can surely prevent leakage (hacking). But why does this method work? We will explain the theoretical aspects thoroughly and reveal the solution at the end of section 9.
Yesterday, there was a massive outflow of 4502 BTC from the exchange. Even though it was from a cold wallet, everyone was puzzled, wondering how it could have happened and why. However, understanding the blockchain mechanism reveals that there are quite a few ways for funds to be drained from a cold wallet.
How can it happen without being connected to the internet? No matter how hard you try, it should be impossible to affect a computer or wallet that is physically isolated from the internet. This common sense does not apply to blockchain. Since blockchain synchronizes information through P2P, there are indeed methods to access a cold wallet.
To prevent such situations, it’s essential to improve the performance of the keys, which are the heart of cryptocurrency, and the message hashes for signing that are passed to the private keys (this is also very important!!). Upon examining the 4502 BTC transaction, it was found that the funds were placed in an old format address from P2SH with SIG_HASHALL. It’s not advisable to place 4502 BTC there because this old SIG_HASHALL, albeit with a very small probability, has a critical vulnerability. Given that a single address is tied to a single private key on the blockchain, distributing the funds increases the number of private keys, enhancing security.
In summary, the outflow seems to have happened in this manner.
Anyway, the focus should be on improving and developing the keys and the message hashes passed to the private keys. At SORA-QAI, we are currently examining a transformation of some equations in Schnorr signatures, aiming to prioritize verification that ensures a perfect match of XY coordinates (EC_POINT). Additionally, we added another random number to the hash of the signing random number k. This is crucial as it provides an important countermeasure to the message hashes passed to the private key. Details will be documented in a technical paper at a later date.