Earlier this week, the security consultant for the US-based Independent Security Evaluators (ISE) published a private key report for the Ethereum blockchain.
Despite establishing some 700 weak private keys that are being used regularly by several people, the researchers discovered a "bandit blockchain" that managed to collect almost 45,000 Ether (ETH) by successfully guessing the fragile private keys. The Cointelegraph interviewed Adrian Bednarek, ISE's chief security analyst, to find out more about what they describe as "ethercombing."
Background of the investigation and main results
Bednarek says he discovered the hacker by accident. At that time, I was researching for a corporate client who planned to implement their own bag with an integrated key generation algorithm.
"As a security analyst, before you begin any assessment, you need to understand the underlying technologies very clearly, basically as if you were designing them," he told the Cointelegraph.
"The generation of private keys was one of the components we had to investigate, and I was reviewing the basics of what a private key is in Ethereum: How large is it? How is it generated? And how is it used to derive the key public address? "
In Ethereum, Bitcoin (BTC), or any other main blockchain that supports the ECDSA (Digital Signature Algorithm) protocol, private keys are represented by 256-bit numbers. The ISE reduced to eight 32-bit "sub-regions" in the 256-bit key space during its investigation, because forcing a private key within a larger region is a statistical improbability.
Do not stop reading: Common owners, common funds: What we know about the Bitfinex / Tether scandal
These eight subregions contained a total of 34,000 million weaker keys, which the ISE subsequently analyzed. "It took me a whole day," Bednarek says.
It should be noted that these keys were generated due to defective code and defective random number generators, and that the researchers focused specifically on sub-optimal keys.
"The private key is your user ID and password at the same time," explained the security analyst, breaking down the basic mechanics. "It's different than what you need to start your banking session, for which you have your username and password […] So when two people use the same password to create a Brainwallet [es decir, monederos que contienen frases de contraseña como parte de la generación de claves privadas] Like "password123", both will have exactly the same bag. "As Bednarek says," it's like connecting two people to the same bank account. "
Initially, the ISE expert discovered that the private key of "1" *, chosen as the lower bound of a possible private key, was being used in the blockchain. In addition, he participated in several thousand transactions.
* – (0x00000000000000000000000000001, if you write using the 256-bit code)
"That was a red flag," Bednarek recalled. "Why are people using the private key of 1? That should not be possible." His team began scanning more clues to see how widespread the problem was. Although the ISE researchers have established that this issue is not particularly ubiquitous, they found up to 732 weak private keys associated with a total of 49,060 transactions.
It may interest you: the bubble burst Bitcoin: an autopsy
"Approximately, there are about 50 million keys that were used in the blockchain of the Etereum and we only discovered 732 of them."
The Blockchain Bandit
As mentioned above, during the investigation, the ISE team noticed how some of the exchanges associated with private keys – found with their methods below ideal – had a large number of transactions going to a specific address, and there was no money to return to leave . As Bednarek said in an explanatory video posted on the ISE website:
"There was a guy with an address that was out there, diverting money from some of the keys we had access to, we found 735 private keys, and it turned out that he got money from 12 of those keys that we also had access to – statistically unlikely that he guessed these keys by chance, so he was probably doing the same thing. […] Basically, I was stealing funds as soon as they reached people's pockets. "
In a conversation with the Cointelegraph, Bednarek explained that the hacker (or a group of hackers) had established a knot to automatically steal address funds with weak keys. To check this, the researchers used a trap: they sent a dollar using a weak private key, which they knew the hacker was aware of, to see how fast he would be taken. The money disappeared in a matter of seconds, said the ISE official:
"If it was something manual, they might have taken it in a day or something, but as soon as we sent it, we went to the scanner blockchain and saw that there was a transfer that came out immediately, in a matter of seconds. [el hacker] has is a blockchain node that is part of the established transaction network somewhere. As soon as he realizes that the transactions arrive with a private key of which he is aware, he immediately sends a request to transfer the money. "
According to data obtained from Etherscan, the hacker's portfolio contains about 45,000 ETHs (worth over $ 7.3 million at the time this article was written). During the higher value of the ether, it is estimated that the villain's estate could have been sold for more than 50 million dollars.
According to the comments section of the crook's purse address, he had stolen funds for several years. One of the comments, reportedly submitted by ETH's major stock exchange provider, MyEtherWallet (MEW), includes a link to a thread in Reddit 2016 titled "Ethereum nodes with unsafe RPC configurations are actively exploited." In it, a redditor described the configuration of an Ethereum node "with its HTTP RPC API exposed to the Internet" and being attacked within a few minutes after launch.
"If you search Google for address [del hacker]there are many people who complain about him, "confirms Bednarek, admitting that the fraudster's tactics proved successful:
"This guy took a multiple approach to stealing money."
Continue reading: New York Attorney General's charges are "full of inaccuracies," says Bitfinex's letter to users
The security analyst described the fraudster's method in more detail: "Um: you're seeing bad private keys, two: you're looking for weaknesses based on badly configured RPCs and passwords, you should not expose RPC from your Ethereum node, but sometimes people do that, and if you do not have the password set, someone can basically empty the default wallet associated with the node. "
But such asset ownership is not a problem exclusive to the Ethereum blockchain, warns the ISE security researcher. "The blockchain is working as planned, it's how people are using it," he said, describing an ethics-related problem his team faced while doing their research:
"Before we started this (research), we had an ethical dilemma: what if one of these keys found a million dollar purse?" "We leave it there, but if we leave it there, we know there's a faulty private key and it is likely to be stolen, then we would be a bit responsible for that money being stolen because we could have warned someone, but the second problem is, who do we notify? There is no easy way to identify the problem. privately, maybe we could take the money temporarily until someone can prove it's yours, but that creates a lot of legal issues, so the CEO of the company [para la que estaban investigando] He contacted the IFS to ask for legal advice and was basically told, `If you find something, leave it there. Make no transfer. That way, you will not have any legal problems. "
Safety tips and additional research
Therefore, according to Bednarek, private keys tend to be vulnerable due to two main factors. The first is to code the errors in the software responsible for generating them. Second, some crypt owners tend to get identical private keys through weak password phrases, such as "abc123", or even leave them blank.
For example, the ISE report has established that one of the most popular weak private keys is that generated from an empty recovery phrase, ie, "" using the parity miller. There were 8,772 transactions registered in this direction with a total transferred of 5,215,586 ETH.
"For a while, Parity allowed the use of a default password of nothing and would generate the private key based on that," Bednarek explains, adding that the purse developer allegedly solved the problem at some point. "I think they've introduced some minimum requirements for passwords [desde entonces]. It may be a single character, but you can not use blank passwords in Parity at this time if you are using the latest version of your software. "
No purse maker has contacted ISE yet, according to Bednarek:
"It's an interesting topic because it's hard to tell which bag was responsible, if there was a purse, it could just be that people introduced the wrong private keys, could be the first versions of purse-clearing, could be the It's a bit difficult to say why it exists and which bag is to blame, is something I do not think we'll ever know. "
You might also be interested in: They report that Samsung joins corporate giants interested in crypts
Bednarek's chief advice to those who are not computer experts is to use known and trusted purses, possibly shifting to hardware or paper bags if there are large amounts of cryptomoeda involved. I say that:
"If there is going to be a trade or possession of a large amount of money, use a hardware portfolio where the private key will never be revealed." Many of my long-term friends use paper bags in which they generate a random key. they store it on paper so it never touches the computer. "
However, there is always some risk, even when it comes to popular software, warned Bednarek, citing the example of the Iota grant, which was compromised by an Oxford developer who was arrested and accused of stealing about 10 million euros a month. past
Since Iota's portfolio is open source, its code has been published on Github. At some point, the scammer modified the random number generator by sending a change to the code.
"This was done in a very overshadowed way," Bednarek said. "Even though many people could check the code," they simply assumed it should work, according to him.
In this way, the hacker could see how the private keys were generated and reproduce them using the code injected, explained the ISE specialist.
"After many people lost a lot of money, someone finally invested their modifications in the random number generator and they could see that they were creating sequential numbers within the specific range of the key space."
Regarding the future, ISE plans to continue overseeing blockchains and weak private keys on a larger scale. "Let's move our method of scanning to use the GPU, where we can analyze 38,000 million keys in a matter of seconds," Bednarek told the Cointelegraph.
More information at: According to a BBVA executive, crypto-coins are not a credible alternative to money in its current state.
"As we make the analysis more efficient, we can do some additional things, like going after brainwallets or other key generation algorithms that may be faulty, so we'll expand to different areas to identify more keys."
In addition, the security research group will post more information – including failing public keys – for people to do their own searches and be warned of possible security breaches. "Maybe this will become a collaborative effort to help find some of the causes," Bednarek suggested.