itb-au logo
Story image

‘Blockchain bandits’ brute-forcing weak Ethereum private keys

30 Apr 2019

Researchers at Independent Security Evaluators (ISE) have discovered 732 actively used private keys on the Ethereum blockchain. 

In their new study titled Ethercombing, ISE found that poorly implemented private key generation is also facilitating the theft of cryptocurrency. 

The researchers identified 13,319 Ether(ETH) which was transferred to both invalid destination addresses and forever lost, as well as to wallets derived from weak private keys which were targeted for theft. 

The value of the combined total loss would have been $18,899,969 at the peak of the Ethereum market in mid-January 2018. 

“The chances of duplicating or guessing the same randomly-generated private key already used on the Ethereum blockchain is approximately 1 in 115 quattuorvigintillion (2^256), so brute forcing someone’s private key should be practically impossible,” says ISE researcher Adrian Bednarek. 

In light of these odds, the number of ETH tokens, number of transactions, the total USD value of lost ETH, and the number of actively used private keys found by ISE’s researchers was significant. 

ISE's ability to find these actively used private keys was presumably made possible due to programming errors in the software which generated them. 

For example, the team hypothesised that in various Ethereum wallet software implementations, a 256-bit, sufficiently random private key might be created, but the full value of the key becomes truncated on output due to coding mistakes. 

Likewise, error codes used as keys, memory reference issues, object confusion, stack corruption, heap corruption, or unchecked pre-compiled coding errors could also result in weak keys.

These private keys are not sufficiently random which makes it trivial for a computer to brute force and eventually guess. 

To find these keys, the researchers enumerated every possible private key in targeted sub-sections of the 256-bit key space where truncated or weak keys seemed likely to occur. 

To their surprise, the private keys discovered corresponded with 49,060 transactions on the Ethereum blockchain.

In the process, ISE discovered an individual or group they dubbed the “Blockchainbandit” pilfering ETH funds from some of the wallets associated with the discovered weak private keys.

They observed that the bandit was sending that ETH to a destination wallet that was collecting the loot.

On January 13, 2018, Blockchainbandit’s wallet held a balance of 37,926 ETH valued at $54,343,407, now worth far less by today’s valuation of ETH.

Even to this day, the bandit seems to be operating an ongoing campaign to loot cryptocurrencies from wallets derived from weak private keys. 

ISE researchers intentionally placed one US dollar worth of ETH in a weak private key derived wallet and witnessed that within seconds, the ETH was transferred out and into the bandit’s wallet.

“The bottom line is that a private key needs to be random, unique, and practically impossible to guess in a brute force attack,” says ISE executive partner ted Harrington. 

Duplicating or guessing just one randomly-generated private key already in use on the Ethereum blockchain would be a statistically significant event, yet ISE was able to uncover 732 of them, alluding to issues in key generation.

These underlying problems likely extend to other cryptocurrency platforms and to any software which generates cryptographic keys. 

As a result, ISE offers a number of recommendations for developers and institutions that rely on cryptographically secure random values.

Recommendations for developers

  • Use well-known libraries or platform-specific modules for random number generation
  • Use a cryptographically secure pseudo-random number generator instead of just any pseudo-random number generator
  • Audit source code and resulting compiled code to verify randomly generated keys are not truncated or become malformed by faulty workflows that interact with them
  • Use multiple sources of entropy
  • Leverage NIST compatible hardware random number generation instructions provided by AMD/Intel (RDRAND/RDSEED)*
  • Review NIST/FIPS guidelines on cryptographic random number generation
  • Review and use the NIST Statistical Test Suite (NIST SP 800-22)

Tips for uses of cryptographically secure wallets

  • Do not use untrusted software that may be harvesting private cryptocurrency keys
  • A cryptocurrency private key should be completely random, so use well-trusted software and hardware wallets to generate private keys
  • Do not generate private keys based from passphrases, a.k.a. brain wallets – as people tend to commonly use similar or easily guessable passphrases

This study is part of an ongoing research initiative conducted by Independent Security Evaluators to inform developers and manufacturers about vulnerabilities in an effort to protect businesses and consumers. 

Independent Security Evaluators (ISE) is a security consulting firm specialising in application, network, and blockchain vulnerability assessments, as well as training and secure software development for companies protecting high-value assets.

ISE analysts are also active in the security research community, speaking at conferences about relevant security issues and providing the public with cutting-edge, threat-based advisories. 

Story image
Q&A: StorageCraft director on how backup and recovery has changed in 2020
Techday spoke to StorageCraft international product marketing senior director Florian Malecki, who discusses the importance of backup and recovery, the products and solutions that StorageCraft offers in this field, and the revenue opportunities partners can capitalise on. More
Story image
AppsFlyer opens Sydney office, expands into A/NZ region
AppsFlyer has opened an office in Sydney, it’s 19th office worldwide and its first in Australia and New Zealand (A/NZ), marking the company’s expansion into the region.More
Story image
Interview: Appian's Matt Calkins on low-code & the rise of hyperautomation
A lot can change in 21 years. It takes a strong company to remain true to a few key technology ideas, and concentrate on their evolution.More
Story image
ECI Software Solutions acquired by Leonard Green & Partners
"We are excited to welcome LGP as our new partner, and I am confident that this is the right choice for our future – and the future of our 1,700 employees and more than 22,000 customers.”More
Story image
Voice phishing attacks on the rise, remote workers vulnerable
There is an increase in voice phishing attacks, where hackers use existing employee names in attempt to trick victims into sharing login credentials and data by phone.More
Story image
E-waste becoming a massive issue for businesses, so what can be done?
E-waste is a global concern, and is quickly becoming a crisis of its own, the researchers state. In fact, more than 53 million metric tons of e-waste was produced in 2019.More