Skip to main content
banner image
venafi logo

Blockchain Bandit Using Ethercombing to Empty Ethereum Wallets with Weak Keys

Blockchain Bandit Using Ethercombing to Empty Ethereum Wallets with Weak Keys

cryptocurrency security, cryptocurrency insurance, blockchain
May 7, 2019 | David Bisson

A “blockchain bandit” is using a technique known as “Ethercombing” to empty Ethereum wallets protected with weak keys.

Researchers at Independent Security Evaluators (ISE) found that the unknown individual or group has a history of gathering and/or compromising Ethereum wallet owners’ private keys. The bad actor then uses those keys to obtain funds stored in those wallets. Via this method of the attack, the malefactor amassed a balance totaling 37,926 Ethereum on 13 January 2018.


According to the January 2018 exchange rate, this amount of Ethereum was worth more than $54 million at the time. But that’s no longer the case. Fluctuations in the market have since caused the small fortune, like all other Ethereum holdings, to depreciate by 85 percent.

ISE came across the blockchain bandit while conducting its own study of the Ethereum blockchain. Essentially, the security firm wanted to see if it could beat the 1 to 2256 odds of encountering a private key that matched someone else’s Ethereum wallet. It set out to do this not by brute forcing random private keys. Instead, it came up with several methods collectively known as “Ethercombing” for discovering “weak” private keys that might have been the products of faulty code, unreliable random number generators or both.

Using this method, the researchers were able to discover 732 private keys along with their corresponding public keys responsible for more than 49,000 transactions on the Ethereum blockchain. They also identified 13,319 Ethereum that ended up in an invalid destination address or wallet derived from weak keys. These funds, which total close to $19 million, are irrevocably lost because the private keys for those addresses remain unknown.

Published just days after Ethereum suffered a certificate outage, ISE’s findings reveal that the impact of a weak encryption strategy can extend beyond downtime or customer frustration. It can also lead to stolen cryptocurrency if organizations aren’t too careful when creating and storing encryption keys. As quoted in a blog post:

“Due to the popularity and easy monetization of cryptocurrencies combined with the evidence that there are highly successful hacking campaigns ongoing to steal these virtual currencies, it should be concluded that any systems that handle private keys will be at an increased threat for targeted attacks. Software developers that design software or systems that interact with highly valuable private keys should incorporate all available defense in depth principles to counter present threats and use innovative measures to counter advanced present and future threats against these high value assets.”

These defense-in-depth principles should include investing in a solution that helps you ensure strong cryptography as well as monitoring keys and certificates for signs of abuse. Learn why the Venafi platform is an obvious choice.

Related posts

Like this blog? We think you will love this.
image representing big data
Featured Blog

Was ist homomorphe Verschlüsselung, und wie wird sie verwendet?

Was ist homomorphe Verschlüsselung? Zweck der

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more