Blockchain Bandit Exploits Weak Private Keys, Ethercoming, Netting Millions

Blockchain Bandit Exploits Weak Private Keys, Ethercoming, Netting Millions

An article today from Wired stated: A single Ethereum account seems to have siphoned off a fortune of 45,000 ether—worth at one point more than $50 million—using those same key-guessing tricks.

The article details the actions of a new brand of highwayman intent of discovering YOUR weak private keys and moving your crypto to their wallets. The article is based on this study from Independent Security Evaluators. An excerpt of the abstract is below, along with comments from Bit 49’s staff on our private chat service.

Blockchains are public ledgers of transactions verified through the use of public and private keys to sign and prove ownership of transaction data. Popular blockchains have hundreds of millions of transactions which include some of the most popular — Bitcoin, Waves, Ripple, ZCash, Monero and Ethereum. Currently, on the Ethereum blockchain there are 345 million transactions [1] across 47 million [2] key pairs. The chance of generating a private key already used on the blockchain is around 1 in 2256 – all but impossible.

In this paper we examine how, even when faced with this statistical improbability, ISE discovered 732 private keys as well as their corresponding public keys that committed 49,060 transactions to the Ethereum blockchain. Additionally, we identified 13,319 Ethereum that was transferred to either invalid destination addresses, or wallets derived from weak keys that at the height of the Ethereum market had a combined total value of $18,899,969. In the process, we discovered that funds from these weak-key addresses are being pilfered and sent to a destination address belonging to an individual or group that is running active campaigns to compromise/gather private keys and obtain these funds. On January 13, 2018, this “blockchain bandit” held a balance of 37,926 ETH valued at $54,343,407.

Bit 49 internal chat:

EMPLOYEE 1 [9:39 AM]

“Ethercombing” it’s a catchy new word. Thoughts?

EMPLOYEE 2 [9:57 AM]

I’m not sure how significant it is. Combing datasets for valuable information is really common, and doing it to recover private keys is also common even outside of ethereum and blockchain (for example researchers and adversaries have been testing this for a long time with TLS certificates). So even though the word sounds catchy, it’s describing something that is already well known.

What this paper (and others like it) describes is really interesting though. Basically digital security relies on random numbers, in part because they ensure that our private keys are all unique. When the random number source is bad then you can start to guess the values, which then lets you guess things like ETH accounts and steal money, which is what they’re showing.

Close Menu