Ether Thief Found Stealing Funds With Weak Private Keys

A security consultancy found that an unknown person or group has been undertaking a sophisticated scheme to steal ether from weakly-protected addresses.

Apr 23, 2019 at 5:00 p.m. UTC
Updated Sep 13, 2021 at 9:06 a.m. UTC

An unknown entity has been taking advantage of weak private keys to gather up tens of thousands of ETH, according to a new study.

The study -- “Ethercombing: Finding Secrets in Popular Places” -- was undertaken by Independent Security Evaluators (ISE), a security consulting firm, and published Tuesday. The company’s findings were also covered in a story by Wired’s Andy Greenberg.

At one point -- January 2018, during last year’s crypto price ramp -- this amounted to nearly 38,000 ETH, an amount worth more than $54 million. Now, according to the report, the so-called “blockchainbandit” -- holds 44,744 ETH, or $6.1 million worth, in an address discovered amid a search for addresses that are protected by weak private keys. Private keys are strings of data that, in the case of cryptocurrencies, enable users to actually send out transactions from their addresses. These keys need to be closely guarded or may otherwise become compromised, allowing outside actors -- in this case, the blockchainbandit -- to pilfer the funds instead.

At the outset, ISE sought to “discover keys that may have been generated using faulty code, faulty random number generators, or a combination of both,” given that, under normal circumstances, discovering ones created as intended should be “all but impossible,” according to the firm.

All the same, ISE found 732 private keys over the course of its investigation, which combined issued just over 49,000 ethereum transactions. The team also “identified 13,319 Ethereum that was transferred to either invalid destination addresses, or wallets derived from weak keys that at the height of the Ethereum market had a combined total value of $18,899,969.”

Adrian Bednarek, a researcher and analyst for ISE, told Wired that the unknown thief “was doing the same things we were doing but he went above and beyond” and that the process itself was likely automated.

"Whoever this guy or these guys are, they're spending a lot of computing time sniffing for new wallets, watching every transaction, and seeing if they have the key to them,” Bednarek told the publication.

In the report’s conclusion, ISE wrote that “it should be concluded that any systems that handle private keys will be at an increased threat for targeted attacks” by would-be crypto-thieves.

“Software developers that design software or systems that interact with highly valuable private keys should incorporate all available defense in depth principles to counter present threats and use innovative measures to counter advanced present and future threats against these high value assets,” the team wrote.

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
CoinDesk - Unknown
'Does Radio Ring a Bell?': How the Metaverse Will Change Society

The metaverse is the latest technological evolution to be scoffed at – but it will change everything. This article is part of "Metaverse Week."

The metaverse is the latest technological evolution to be scoffed at – but it will change everything. This article is part of "Metaverse Week."

CoinDesk - Unknown
2
CoinDesk - Unknown
Jae Kwon Returns to ‘NewTendermint’ to Battle for the Soul of Cosmos

Ignite, which rebranded from Tendermint in February, will split into two entities: Ignite and NewTendermint.

Ignite, which rebranded from Tendermint in February, will split into two entities: Ignite and NewTendermint.

CoinDesk - Unknown
3
CoinDesk - Unknown
Crypto Whales Ditched Tether for USDC After Stablecoin Panic

The UST failure prompted large investors on the Ethereum blockchain to leave USDT for the perceived safety of its biggest competitor.

The UST failure prompted large investors on the Ethereum blockchain to leave USDT for the perceived safety of its biggest competitor.

CoinDesk - Unknown
4
CoinDesk - Unknown
FTX’s Bankman-Fried Pitches CFTC on Directly Clearing Customers’ Crypto Swaps

The crypto exchange’s founder and CEO made his case at a Washington, D.C., roundtable, while mainstream derivatives firms painted his ideas as dangerous.

The crypto exchange’s founder and CEO made his case at a Washington, D.C., roundtable, while mainstream derivatives firms painted his ideas as dangerous.

CoinDesk - Unknown