Blockchain Bandit stole $54 million of Ethereum by guessing weak keys

Someone has been quietly pilfering Ethereum (ETH) cryptocurrency worth millions of dollars without anyone noticing or, apparently, caring.

The discovery was made by researchers at Independent Security Evaluators (ISE) who decided to search Ethereum’s blockchain for evidence of a surprisingly simple weakness that might allow criminals to divert funds from user wallets.

Wallets should be protected by a randomly-generated 256-bit private key, which puts the probability of their discovery at around 1 in 2^{256 ­}­- an unimaginably vast number.

Using a computer capable of generating 100 trillion keys per second, brute forcing such an address would take so long ISE researcher Adrian Bednarek compares it to tossing grain of sand on a beach and asking someone to find it.

That’s the theory of key generation. But the problem is how the principle appears to have been implemented by fallible software.

What if that key had accidentally been generated with a value of 1? It sounds highly unlikely, however, Bednarek’s hunch that this might have happened turned out to be correct. There had once been an incredibly weak Ethereum private key corresponding to this value, as well as many other trivial equivalents.

Querying this with Etherscan.io, which records transactions, Bednarek discovered that this key identified a wallet that had received 592 transactions, the currency from which had immediately been emptied as soon as it was received.

Expanding the same principle to look for other simple keys amidst 34 billion addresses, he discovered 732 responsible for 49,060 transactions dating back to 2015.

“Blockchainbandit”

All had been emptied, around a dozen to a single address that appeared to belong to an individual or group dubbed the “blockchainbandit” which had worked out how to exploit the weakness. Says Bednarek in his video explanation:

There is a guy who was going around siphoning money from some of the keys we had access to. It’s statistically improbable he’d have guessed those keys by chance.

After falls in the value of Ethereum, today these would be worth around $7.4 million although at January 2018’s Ethereum peak it would have been over $54 million.

As intriguing as this discovery sounds – blockchain wallets are being preyed on by nearly invisible thieves – the point here is how such a phenomenon was made possible in the first place.

ISE’s researchers aren’t certain but suggest several possibilities, starting with simple coding errors that cause very weak private keys (i.e. single-number values) to be generated by accident.

Another possibility were keys generated by blockchain ‘brainwallet’ software from weak passphrases. Explains Bendarek:

Let’s say you use the passphrase abc123 to generate a private key. Another person who uses abc123 will get the same private key.

Incredibly, some wallets were even allowing people to create private keys simply by leaving passphrase fields empty and hitting the return key.

One way to undo past errors (if not return stolen currency) would be an Ethereum hard fork of the type that happened in 2016 after the infamous attack on DAO that led to the loss of $50 million.

Another would be to scan cryptographic algorithms for key generation errors, something the research suggests has not been happening.

As impressive as the ISE research is, the shame is that it happened after the damage was done. It’s not big news that blockchains have flaws but finding ones that could lead to millions of dollars of theft surely shouldn’t be left to chance discovery.