A “blockchain bandit” is using a technique known as “Ethercombing” to empty Ethereum wallets protected with weak keys.
Researchers at Independent Security Evaluators (ISE) found that the unknown individual or group has a history of gathering and/or compromising Ethereum wallet owners’ private keys. The bad actor then uses those keys to obtain funds stored in those wallets. Via this method of the attack, the malefactor amassed a balance totaling 37,926 Ethereum on 13 January 2018.
According to the January 2018 exchange rate, this amount of Ethereum was worth more than $54 million at the time. But that’s no longer the case. Fluctuations in the market have since caused the small fortune, like all other Ethereum holdings, to depreciate by 85 percent.
ISE came across the blockchain bandit while conducting its own study of the Ethereum blockchain. Essentially, the security firm wanted to see if it could beat the 1 to 2256 odds of encountering a private key that matched someone else’s Ethereum wallet. It set out to do this not by brute forcing random private keys. Instead, it came up with several methods collectively known as “Ethercombing” for discovering “weak” private keys that might have been the products of faulty code, unreliable random number generators or both.
Using this method, the researchers were able to discover 732 private keys along with their corresponding public keys responsible for more than 49,000 transactions on the Ethereum blockchain. They also identified 13,319 Ethereum that ended up in an invalid destination address or wallet derived from weak keys. These funds, which total close to $19 million, are irrevocably lost because the private keys for those addresses remain unknown.
Published just days after Ethereum suffered a certificate outage, ISE’s findings reveal that the impact of a weak encryption strategy can extend beyond downtime or customer frustration. It can also lead to stolen cryptocurrency if organizations aren’t too careful when creating and storing encryption keys. As quoted in a blog post:
“Due to the popularity and easy monetization of cryptocurrencies combined with the evidence that there are highly successful hacking campaigns ongoing to steal these virtual currencies, it should be concluded that any systems that handle private keys will be at an increased threat for targeted attacks. Software developers that design software or systems that interact with highly valuable private keys should incorporate all available defense in depth principles to counter present threats and use innovative measures to counter advanced present and future threats against these high value assets.”