sb-as logo
Story image

‘Blockchain bandits’ brute-forcing weak Ethereum private keys

30 Apr 2019

Researchers at Independent Security Evaluators (ISE) have discovered 732 actively used private keys on the Ethereum blockchain. 

In their new study titled Ethercombing, ISE found that poorly implemented private key generation is also facilitating the theft of cryptocurrency. 

The researchers identified 13,319 Ether(ETH) which was transferred to both invalid destination addresses and forever lost, as well as to wallets derived from weak private keys which were targeted for theft. 

The value of the combined total loss would have been $18,899,969 at the peak of the Ethereum market in mid-January 2018. 

“The chances of duplicating or guessing the same randomly-generated private key already used on the Ethereum blockchain is approximately 1 in 115 quattuorvigintillion (2^256), so brute forcing someone’s private key should be practically impossible,” says ISE researcher Adrian Bednarek. 

In light of these odds, the number of ETH tokens, number of transactions, the total USD value of lost ETH, and the number of actively used private keys found by ISE’s researchers was significant. 

ISE's ability to find these actively used private keys was presumably made possible due to programming errors in the software which generated them. 

For example, the team hypothesised that in various Ethereum wallet software implementations, a 256-bit, sufficiently random private key might be created, but the full value of the key becomes truncated on output due to coding mistakes. 

Likewise, error codes used as keys, memory reference issues, object confusion, stack corruption, heap corruption, or unchecked pre-compiled coding errors could also result in weak keys.

These private keys are not sufficiently random which makes it trivial for a computer to brute force and eventually guess. 

To find these keys, the researchers enumerated every possible private key in targeted sub-sections of the 256-bit key space where truncated or weak keys seemed likely to occur. 

To their surprise, the private keys discovered corresponded with 49,060 transactions on the Ethereum blockchain.

In the process, ISE discovered an individual or group they dubbed the “Blockchainbandit” pilfering ETH funds from some of the wallets associated with the discovered weak private keys.

They observed that the bandit was sending that ETH to a destination wallet that was collecting the loot.

On January 13, 2018, Blockchainbandit’s wallet held a balance of 37,926 ETH valued at $54,343,407, now worth far less by today’s valuation of ETH.

Even to this day, the bandit seems to be operating an ongoing campaign to loot cryptocurrencies from wallets derived from weak private keys. 

ISE researchers intentionally placed one US dollar worth of ETH in a weak private key derived wallet and witnessed that within seconds, the ETH was transferred out and into the bandit’s wallet.

“The bottom line is that a private key needs to be random, unique, and practically impossible to guess in a brute force attack,” says ISE executive partner ted Harrington. 

Duplicating or guessing just one randomly-generated private key already in use on the Ethereum blockchain would be a statistically significant event, yet ISE was able to uncover 732 of them, alluding to issues in key generation.

These underlying problems likely extend to other cryptocurrency platforms and to any software which generates cryptographic keys. 

As a result, ISE offers a number of recommendations for developers and institutions that rely on cryptographically secure random values.

Recommendations for developers

  • Use well-known libraries or platform-specific modules for random number generation
  • Use a cryptographically secure pseudo-random number generator instead of just any pseudo-random number generator
  • Audit source code and resulting compiled code to verify randomly generated keys are not truncated or become malformed by faulty workflows that interact with them
  • Use multiple sources of entropy
  • Leverage NIST compatible hardware random number generation instructions provided by AMD/Intel (RDRAND/RDSEED)*
  • Review NIST/FIPS guidelines on cryptographic random number generation
  • Review and use the NIST Statistical Test Suite (NIST SP 800-22)

Tips for uses of cryptographically secure wallets

  • Do not use untrusted software that may be harvesting private cryptocurrency keys
  • A cryptocurrency private key should be completely random, so use well-trusted software and hardware wallets to generate private keys
  • Do not generate private keys based from passphrases, a.k.a. brain wallets – as people tend to commonly use similar or easily guessable passphrases

This study is part of an ongoing research initiative conducted by Independent Security Evaluators to inform developers and manufacturers about vulnerabilities in an effort to protect businesses and consumers. 

Independent Security Evaluators (ISE) is a security consulting firm specialising in application, network, and blockchain vulnerability assessments, as well as training and secure software development for companies protecting high-value assets.

ISE analysts are also active in the security research community, speaking at conferences about relevant security issues and providing the public with cutting-edge, threat-based advisories. 

Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
Attack from DOS: In Zero We Trust
In combination with malware, DDoS attacks on banks have been used to cause distraction so the transfer of stolen funds goes unnoticed. More