Michael Lynch, an awesome individual I met while I was in NYC last month, published a blog post titled How I Stole Your Siacoin today.
Mike took notice when someone posted their Sia wallet seed on the /r/siacoin subreddit, complaining that it wasn't working. €2000 worth of Siacoin was locked up in the wallet.
Mike's intuition told him that one of the seed words was likely misspelled, and that he could reverse-engineer the actual seed and claim the loot.
His hackery begins as he looks into the Sia codebase to find how wallet seeds are generated. He then writes a short Python script to find seed words that are within 1 Levenshtein distance of the provided words. A few steps later, explained through his characteristically hilarious prose, he unravels the correct seed and unlocks the wallet.
It was time to break out the big guns (I refer to the two fingers I use to type code as “guns”). I needed a way of finding all the words in that dictionary that were one copying error off from the seed that got posted to reddit.
Being a nice guy, Mike contacts the wallet owner and returns their coins to them. He shares the core takeaway that "even an incorrect or partial version of the seed can completely compromise your wallet."
Cryptocurrencies remove banks as middlemen. By doing so, they put the responsibility for security squarely in our hands. Keeping private keys private is something we will all have to become better at.