美国司法部没收12.7万枚比特币，所谓绝对安全的加密钱包为何如此不堪一击？

Core Insights - A significant technical vulnerability has led to the seizure of $15 billion worth of cryptocurrency by the U.S. Department of Justice, marking the largest cryptocurrency confiscation in its history [1][3] - The seized Bitcoin was not stored in regulated exchanges but in a non-custodial wallet controlled by the founder of the criminal group, Chen Zhi, which was expected to be secure [1][3] Group 1: Criminal Activities and Financial Losses - Chen Zhi, a dual national of the UK and Cambodia, has been accused of using his business network to operate at least ten fraudulent "forced labor camps" in Cambodia since 2015 [3] - The U.S. Treasury estimates that losses from online investment scams in the U.S. have exceeded $50 billion in recent years, with a 66% increase in losses due to Southeast Asian scams in 2024 alone [3] Group 2: Money Laundering Techniques - The criminal group established a complex money laundering system using "spraying" and "funneling" techniques to manage illicit funds [3] - "Spraying" involves breaking large sums into numerous small amounts and distributing them across many new Bitcoin addresses, while "funneling" consolidates these dispersed funds back into a few core addresses [3] Group 3: Technical Vulnerabilities - Experts suggest that the U.S. government may have cracked the non-custodial wallet through various means, including potential cooperation from the group's technical staff under judicial pressure [6] - A critical flaw identified was the use of a 32-bit integer for the random number generator, drastically reducing the private key space and making it susceptible to brute-force attacks [6][8] Group 4: Regulatory Implications - The U.S. government is shifting its stance on Bitcoin, viewing it as a strategic national asset rather than merely a tool for crime, as evidenced by recent executive orders and proposed legislation [11] - The establishment of a comprehensive public plan for the custody of federal digital assets indicates a move towards regulatory oversight in the cryptocurrency space [11] Group 5: Security Myths and Recommendations - The incident highlights a critical vulnerability in the perceived security of Bitcoin, emphasizing that randomness quality is essential for private key security [8][14] - Experts recommend using verified, open-source non-custodial wallets and hardware wallets to enhance security, along with strict measures to protect mnemonic phrases and private keys [14][16]