Researchers Find Hundreds of Ethereum Wallets at Risk Due to Weak Key Pairs

On April 23, the security consulting firm Independent Security Evaluators (ISE) published a document concerning a number of unsound public and private key pairs tied to the Ethereum blockchain. The probability of chance needed to crack 256-bit encryption would take years for hackers to access random private keys. However, ISE recently queried 49,060 ETH transactions which found 732 “weak” public keys, essentially revealing the corresponding private keys.

Also read: Bitcoin Cash Markets and Network Gather Strong Momentum in Q1

732 Private Keys and Discovering the Blockchain Bandit

An independent security consulting firm headquartered in Baltimore, Maryland has recently released a new study concerning “weak keys” found on the Ethereum blockchain. The researchers ISE detail that this trend could be detected on any blockchain implementation that uses public key signing based on ECDSA encryption. According to ISE they devised a scheme that can discover private keys that were generated by using either faulty code or defective random number generators (RNG), and a combination of both.

While studying the matter, ISE found an individual or group they dubbed ‘Blockchain Bandit’ who has been pilfering these weak key addresses. ISE claims Blockchain Bandit managed to steal 37,926 ETH valued at $54.3 million by January 13, 2018.

“Even when faced with this statistical improbability, ISE discovered 732 private keys as well as their corresponding public keys that committed 49,060 transactions to the Ethereum blockchain,” explains the study. “Additionally, we identified 13,319 Ethereum that was transferred to either invalid destination addresses, or wallets derived from weak keys that at the height of the Ethereum market had a combined total value of $18,899,969.”

Highly Successful Hacking Campaigns

In addition to the 732 key pairs found, there were 60,286,012 ERC20 based tokens held within these keys. ISE says with 50 million public Ethereum addresses there’s likely to be some weak keys found or a general lack of randomness. One of the biggest would be key truncation which is when the key length of the symmetric 256-bit encryption is generated but only a small subset is used due to errors. All kinds of errors can exist like type confusion, random device or RNG errors, seed re-use, memory reference errors, memory corruption, code logic errors and entropy errors. While querying another region of key space on the chain, the researchers discovered more vulnerable key pairs.

“Scanning this region of the key space yielded 8,920 transactions through 464 private keys,” the ISE paper details. “The total value of transactions using these weak private keys was 28.9456 Ethereum — While transactions are common in this range, there is currently a balance of 0 ETH.”

The ISE paper underscores that the use of weak private key pairs is not a “widespread problem” and it took the researchers 1024 hours total to complete the task. But the researchers note that any similar cryptographic algorithms can be examined for key generation errors which would include networks like BTC, ZEC, XRP, XMR and others. Because these cryptocurrencies are so popular, ISE can envision “highly successful hacking campaigns ongoing to steal these virtual currencies.” If the cryptocurrency network effect continues to grow, ISE stresses that software developers who build infrastructure need to incorporate every defense mechanism available to keep private keys safe. Innovative measures need to be taken to counter successful attackers like Blockchain Bandit and future hacking attempts.

What do you think about the private keys found by ISE due to errors and weak key pairs? Let us know what you think about this subject in the comments section below.

Image credits: Shutterstock, Independent Security Evaluators (ISE), and Pixabay.

Have you tried the open source, noncustodial Bitcoin.com Wallet? Try it today over 3.9 million wallets created so far!

Show comments

comments powered by Disqus.

In Case You Missed It

While You're Under Quarantine, Check These Sites for Remote Crypto Jobs

If you are on the lookout for a job in these pressing times, when the coronavirus pandemic has limited public movement and shut down businesses, it's worth exploring opportunities to work from the relative safety of your home. The number ... read more.

How to Quickly Cash Out From Crypto to Fiat

There are many reasons why you might seek to liquidate your digital assets into fiat currency, be it to pay a bill, buy a meal, or cover an emergency. When needs must, speed is of the essence; no one has ... read more.

Judge Grants Injunction Halting Telegram's TON Release Again, Notice of Appeal Reportedly Filed

The embattled Telegram Open Network (TON) blockchain and its native gram cryptocurrency have seen plans for launch stifled once again, with a preliminary injunction granted by Southern District of New York Judge P. Kevin Castel. The March 24 injunction sides ... read more.

Here’s How to Order Food From Your Home Using Cryptocurrency

Staying home during the coronavirus epidemic reduces the risk of getting infected with the deadly covid-19. The disease, which has already claimed the lives of over 20,000 people globally, spreads through human contact. Food is one of the few basic ... read more.

Making Bitcoin Go Viral: Endless Printing Could Trigger Hyperbitcoinization

Hyperbitcoinization has been defined as "a state where bitcoin becomes the world’s dominant form of money." But what actually needs to happen for bitcoin to 'go viral'? As it turns out, a hyperbitcoinization event may be more likely than many ... read more.

4 Virtual Crypto Conferences You Can Attend From Home

The crypto industry has had to quickly adapt to the escalating coronavirus pandemic, with major conferences postponed, canceled or hastily reformatted for the virtual realm. Due to its disproportionately high number of remote workers, though, the industry is more geared ... read more.

Printing Money from Thin Air - How the Fed Reduces Purchasing Power and Makes You Poorer

Unless you have your head in the sand, you've probably realized that governments and central banks can print money out of thin air and in unlimited amounts. The United States and the Federal Reserve have been creating money from nothing ... read more.

Coronavirus Relief: Cryptocurrency Aid Programs Launched to Combat Covid-19 Outbreak

Cryptocurrencies are being used to help fight the global coronavirus pandemic. Crypto companies are doing their part to provide coronavirus aid to countries, hospitals, and people suffering from covid-19. A coronavirus relief campaign, a Red Cross bitcoin fundraiser, and an ... read more.

Bitcoin Miners Are Selling Coins Faster Than They Can Generate Them

According to data sites and a number of observers, bitcoin miners are selling coins faster than they can produce them. Ever since the market downturn on March 12 and the week of falling prices that followed, bitcoin miners have been ... read more.

Vermont Rapper Releases Hip Hop Track '#Freeross,' Ulbricht Petition Nears 300K Signatures

Southern Vermont-based hip-hop artist, Krypto Man, has released a new single called “#Freeross” in hopes to get Ross Ulbricht released from prison. Krypto Man is a well known rapper on the east coast and revenue from the song will be ... read more.

Ripple CEO's Public Statements About XRP Token Under Fire in Class-Action Lawsuit

Plaintiffs in the class action lawsuit against Ripple Labs have filed another litigation complaint against Ripple CEO Brad Garlinghouse. The news follows the recent court judgment that denied Ripple Lab’s attempt to get the case dismissed. Also read: Market Update: ... read more.

Major South Korean Bank Prepares to Launch Crypto Services as Government Green-Lights Regulation

Following the approval of a regulatory framework for cryptocurrencies by the South Korean government, one of the largest banks in the country is preparing to launch a range of crypto services. KB Kookmin Bank has applied for trademark registration, reportedly ... read more.

'Bull Run May Not Come Immediately After Bitcoin Halving,' Says Bitmain's Jihan Wu

Bitmain cofounder Jihan Wu's recent interview discusses some of his predictions concerning the future of bitcoin, mining, the bitcoin halving, and the cryptoconomy. Despite the coronavirus outbreak and its effect on the global economy, Wu is optimistic and he believes ... read more.

Trump Signs Largest Relief Bill in US History: When Will Americans Get Stimulus Checks

U.S. President Donald Trump has signed into law what he calls the largest single economic relief bill in history. "At $2.2 trillion dollars, this bill will deliver urgently-needed relief for our nation's families, workers, and businesses," Trump said. Americans are ... read more.

US Lawmaker Claims Stimulus Bill Bolsters Fed Secrecy, Pork Funds, and Wall Street Bailouts

On Friday, U.S. bureaucrats passed the 2020 stimulus bill, which has become the largest cash injection package ever created by the federal government. However, following the bill making it through the Senate and House, Republican representative Thomas Massie told the ... read more.

Trader Survey Respondents Predict Bitcoin Price Will Surpass $22K in 2020

San Francisco-based exchange Kraken conducted a poll that stems from the responses of 400 “VIP” cryptocurrency traders. Despite the current economic climate, surveyed participants indicate they still believe the cryptoconomy is in a "bull market." Moreover, Kraken’s survey respondents think ... read more.

Free from Tron: Steemit’s Blockchain Fork Hive Outperforms Steem Token Value

For weeks now, the cryptocurrency community has been fervently discussing the recent acquisition of the Steemit blockchain. Skeptics believe that the Tron takeover has shown significant vulnerabilities with delegated-proof-of-stake (DPoS) projects. Following the takeover, the community still managed to fork ... read more.

In-Between Bitcoin Halvings: Analyst Proves Bitcoin's Price Not Bound to 4-Year Cycles

Crypto traders and analysts have always looked to the halvings for some kind of clues in order to predict the future price of bitcoin. A number of traders also think that BTC price movements shift every four years and speculators ... read more.

Microsoft Patents New Cryptocurrency System Using Body Activity Data

Microsoft has patented a cryptocurrency mining system that leverages human activities, including brain waves and body heat, when performing online tasks such as using search engines, chatbots, and reading ads. "A user can solve the computationally difficult problem unconsciously," the ... read more.

Latest Bitcoin.com Wallet Release Features Live Charts and Price Tracking

This week, our developers rolled out the latest version of the lightning-fast, noncustodial Bitcoin.com Wallet. The new version now comes with live price graphs so crypto enthusiasts can follow crypto price changes in real-time. Moreover, the wallet software also features ... read more.

IMF Declares Global Recession, 80 Countries Request Help, Trillions of Dollars Needed

The International Monetary Fund (IMF) has declared that we have entered a global recession — one that is as bad as or worse than the previous global financial crisis. 80 countries have already requested emergency assistance from the IMF. Meanwhile, ... read more.

Bitcoin Mining Roundup: BTC Regains 100 Exahash, Miners Close Shop, Pre-Halving Shake-Up

In 44 days, BTC miners will face the third reward halving as the block subsidy will soon shrink from 12.5 to 6.25 coins per block. Following the market carnage in mid-March, BTC’s hashrate plummeted 44% to a 2020 low of ... read more.

Egypt Limits Bank and ATM Withdrawals Citing Rampant Cash Outflow and Coronavirus Fears

On Sunday, the Central Bank of Egypt (CBE) announced it had instructed financial institutions in the country to put withdrawal limits in place for cash. Regional reports disclose that Egyptian residents can only withdraw 10,000 Egyptian pounds ($640) and businesses ... read more.

Stablecoin Market Caps Swell Over $7 Billion - Volumes Surpass Most Trading Pairs

While most digital assets have been suffering, stablecoins have been surging since the market downturn in mid-March and tether (USDT) is capturing more than 70% of BTC trades today. Besides tether, a wide range of other dollar-pegged cryptocurrencies have also ... read more.