Someone has been quietly pilfering Ethereum (ETH) cryptocurrency worth millions of dollars without anyone noticing or, apparently, caring.
The discovery was made by researchers at Independent Security Evaluators (ISE) who decided to search Ethereum’s blockchain for evidence of a surprisingly simple weakness that might allow criminals to divert funds from user wallets.
Wallets should be protected by a randomly-generated 256-bit private key, which puts the probability of their discovery at around 1 in 2256 - an unimaginably vast number.
Using a computer capable of generating 100 trillion keys per second, brute forcing such an address would take so long ISE researcher Adrian Bednarek compares it to tossing grain of sand on a beach and asking someone to find it.
That’s the theory of key generation. But the problem is how the principle appears to have been implemented by fallible software.
What if that key had accidentally been generated with a value of 1? It sounds highly unlikely, however, Bednarek’s hunch that this might have happened turned out to be correct. There had once been an incredibly weak Ethereum private key corresponding to this value, as well as many other trivial equivalents.
Querying this with Etherscan.io, which records transactions, Bednarek discovered that this key identified a wallet that had received 592 transactions, the currency from which had immediately been emptied as soon as it was received.
Expanding the same principle to look for other simple keys amidst 34 billion addresses, he discovered 732 responsible for 49,060 transactions dating back to 2015.
“Blockchainbandit”
All had been emptied, around a dozen to a single address that appeared to belong to an individual or group dubbed the “blockchainbandit” which had worked out how to exploit the weakness. Says Bednarek in his video explanation:
There is a guy who was going around siphoning money from some of the keys we had access to. It’s statistically improbable he’d have guessed those keys by chance.
After falls in the value of Ethereum, today these would be worth around $7.4 million although at January 2018’s Ethereum peak it would have been over $54 million.
As intriguing as this discovery sounds – blockchain wallets are being preyed on by nearly invisible thieves – the point here is how such a phenomenon was made possible in the first place.
ISE’s researchers aren’t certain but suggest several possibilities, starting with simple coding errors that cause very weak private keys (i.e. single-number values) to be generated by accident.
Another possibility were keys generated by blockchain ‘brainwallet’ software from weak passphrases. Explains Bendarek:
Let’s say you use the passphrase abc123 to generate a private key. Another person who uses abc123 will get the same private key.
Incredibly, some wallets were even allowing people to create private keys simply by leaving passphrase fields empty and hitting the return key.
One way to undo past errors (if not return stolen currency) would be an Ethereum hard fork of the type that happened in 2016 after the infamous attack on DAO that led to the loss of $50 million.
Another would be to scan cryptographic algorithms for key generation errors, something the research suggests has not been happening.
As impressive as the ISE research is, the shame is that it happened after the damage was done. It’s not big news that blockchains have flaws but finding ones that could lead to millions of dollars of theft surely shouldn’t be left to chance discovery.
Russell Pruitt
Looks an awful lot like the wired article I read yesterday? I come to your site not to reread articles I have already read.
John E Dunn
It was based on the same research so there are bound to be some similarities!
Paul Ducklin
Following that comment, I took what I hope was an objective look at the two articles and although the subject matter and the primary sources are not merely similar but identical (unavoidable, because the original research and video we’re quoting didn’t change between WIRED writing this up and us doing so), the two articles are much more different than they are similar. Different style, different emphasis, different articles.
The same story told in two different ways by two writers working independently. What’s wrong with that?
Anonymous
“Oh shit, Russell already read an article like this, I guess we can’t publish it.”
Anonymous
Shouldn’t the heading read “Blockchainbandit” ? It misses out on a “ck”
Paul Ducklin
Ahhhhhh, yes! Fixed, thanks.
notme
missing a c now lol
Paul Ducklin
Aaaaargh, how about now?