Security consultants turned into hackers, relying on swearing to steal $50 million in Ethereum, an alternative legend for blockchain thieves.

Source | WIRED Compilation | Guoxi Editor | Aholiab | Blockchain(blockchain_camp)

In Ethereum, guessing the private key is like guessing the lottery winning number, which is not statistically realistic. However, some users are clever and set their own Ethereum private keys into easy-to-remember characters, which is convenient for themselves and leaves a chance for the blockchain thief.

WeChat picture_20190504171154

Recently, "Wired" magazine exposed the story of a blockchain thief. He only guessed the Ethereum private key and stole $50 million of the Ethereum. However, his ill-gotten wealth shrank. 85% .

So how did he steal the Ethereum? By guessing, you can crack someone else's private key. Is this God God's operation? How was he pulled out? Let us walk into the sad life of this blockchain thief.

Adrian Bednarek was a security consultant, and his clients were plagued by the theft of cryptocurrencies, so Bednarek began to think about the problem from the perspective of his opponent.

Since last summer, the issue of how to steal Ethereum has been plaguing Adrian Bednarek. Of course, he does not really want to be a “blockchain thief” .

But with so many cryptocurrencies, why does Bednarek choose Ethereum? This is because of the so-called complexity of Ethereum, and the complex components of Ethereum may bring potential security holes, which makes Ethereum vulnerable to attack.

However, the easy attack here is only relatively speaking, and Ethereum is not vulnerable. So, Bednarek chose to start with the simplest attack method: the private key .

We all know that Ethereum's private key is proof of ownership of the account, which can be used to manage Ethereum. According to Ethereum, the private key should be a string of 256-bit binary numbers that are difficult to guess.

WeChat picture_20190504171221

However, Ethereum users can set the private key arbitrarily for the convenience of memory, for example, set to 1, but this simple private key is easy to guess, so the security is very poor, often not used by people, people usually Use the wallet software to generate a random private key.

Surprisingly, by retrieving the Ethereum transaction data stored on the blockchain, Bednarek found that someone really used this extremely simple private key to trade.

However, the Ethereum in this account has been transferred, and it is almost certain that the money was stolen by the blockchain thief. He stole the money before Bednarek. Like other cryptocurrencies such as Bitcoin, if someone knows your Ethereum private key, he can calculate your public key and account address from the private key.

So the blockchain thief can use this private key to transfer the Ethereum balance in your account, and the miners who verify the transaction on the blockchain will not and cannot verify whether the transaction is actually the owner of the account .

This discovery aroused the curiosity of Bednarek. So he tried several simple private keys in succession: 2, 3, 4, and then tried 10, 20, 30 such a complicated private key, but the account balances of all these private keys were emptied, so Come, guessing the private key to steal the Ethereum is not a case.

To capture more information about the blockchain thief, Bednarek and his colleagues at the security consulting firm Independent Security Evaluators wrote some code to automate the check of millions of simple private keys on the cloud server.

Bednarek's team wrote the results of the experiment as a paper and published it on Tuesday. In the paper, Bednarek's team found that in the past few years, users have kept their precious cryptocurrencies in accounts that are easily guessed by hundreds of private keys.

At the same time, they also pulled out a "blockchain thief." The thief has stolen nearly 45,000 Ethereums using this method of guessing private keys. According to the price of the currency at the time, the ill-gotten wealth was worth $50 million.

“This blockchain thief did the same thing as us, except that he got the first move,” says Bednarek.

"We don't know whether this blockchain thief is a person or a gang, but what is certain is that he spends a lot of time and computing power to monitor every Ethereum transaction, testing every Ethereum wallet, trying Go stealing the Ethereum."

Guess the Ethereum private key is equal to Shali Gold Rush

In order to better explain how blockchain thieves steal money, we first need to explain the probability of guessing a randomly generated Ethereum private key. The private key of Ethereum is a 256-bit binary number, so the probability of guessing it is 1 of 256th of 2, and the value is about 10 of 78th power, which means that the denominator is 10 followed by 78. 0.

How to understand this magnitude? This denominator is roughly equal to the number of atoms in the universe. In this case, Bednarek made a wonderful metaphor. The probability of guessing a randomly generated Ethereum private key is tantamount to finding a grain of sand hidden by someone else on the beach .

We often say that opponents who are not afraid of God are afraid of teammates like pigs. Although Ethereum's own private key mechanism is sufficiently secure, there is no way for users to choose a private key that is easy to guess and has very low security.

Bednarek found a lot of this phenomenon, of course, in addition to the user's own responsibility, the wallet software is also responsible. Some wallet software does not generate keys according to the given length due to coding errors, and some wallet software overestimates the user community's understanding of the blockchain, so that some inexperienced users directly choose their own memory. Private key.

In the worst case, the developer of the wallet software deliberately destroys the random generation process of the private key, so that the user's private key can be guessed later and the user's Ethereum is stolen.

In order to find addresses with poor private key security, Bednarek's team eventually scanned 34 billion Ethereum addresses. They called this process " ethercombing ". Just like looking for a grain of sand on the beach, in the Ethereum search, the private key is arranged more disorderly and the target is more.

Eventually they found (accurately guessed) 732 accounts that had been saved with Ethereum but whose balance was cleared. Although some of the account balances are undoubtedly the owner of the account, Bednarek pointed out that since the official launch of the Ethereum in 2015, there have been many Ethereum thefts caused by poor security of private keys on the Ethereum. 732 accounts may be just the tip of the iceberg.

WeChat picture_20190504171306 Invaded Ethereum Account Division

At the same time, in those accounts that were emptied, Bednarek found an interesting phenomenon, with 12 accounts being emptied by the same blockchain thief .

In other words, the Ethereum balances in these 12 accounts were transferred to the same account, and the ETC holdings of this account reached an astonishing 45,000. Even today, when the price of the Ethereum has fallen so badly, these Ethereums are still worth $7.7 million.

Master tricks, recruiting deadly

The blockchain thief has stolen so much money. Does he now have a gold basin to wash his hands? With this question, Bednarek did another experiment. He transferred a $1 worth of Ethereum to a less secure private key that had been emptied by the blockchain thief. To everyone’s surprise, just a few seconds later, the money Block thieves are in the bag.

Then Bednarek transferred a $1 worth of Ethereum to a less secure private key, and the money was emptied in just a few seconds, but the payee’s account Unlike the last time, this account only holds thousands of dollars worth of Ethereum.

In the Ethereum blockchain pending transactions (the transactions that were initiated but not yet recorded in the blockchain), Bednarek found that another blockchain thief was also robbing the $1 ether. The coin was only one step late and did not grab it. In view of this, these blockchain thieves seem to have a large, pre-generated list of public key private keys and automatically scan these accounts at a rate that is very achievable.

In fact, when the researchers looked at the “criminal evidence” left by the blockchain thief on the Ethereum blockchain, the thief had stolen Ethereum from thousands of Ethereum accounts in the past three years, but He has never had a record of transferring Ethereum to the outside world, and Bednarek believes this may be an automated Either theft .

At the peak of the Ethereum price in January 2018, the Blockchain Thief account held 38,000 Ethereum, which was worth more than $54 million at the time. Since then, the price of the Ethereum has plummeted, and the wealth of blockchain thieves has shrunk by about 85%.

“Would you feel sorry for him?” Bednarek asked with a smile. “The blockchain thief has stolen a lot of wealth, but as the market is sluggish, these ill-gotten gains have shrunk dramatically.”

The anonymity design of the blockchain caused some interference to the experiment. Although Bednarek is clear about the criminal facts of blockchain thieves, he has no way to find out the true identity of this person. However, given the North Korean government’s use of cryptocurrencies to evade economic sanctions and the fact that it has stolen more than $500 million in cryptocurrencies in recent years, Bednarek began to suspect North Korea, saying, “I think this may be a national act, and maybe It’s North Korea, but it’s just speculation.”

Private key security

In addition to being unable to extract the true identity of the blockchain thief, Bednarek also does not recognize which wallet software generated a less secure private key due to failure or corruption. He can only see that these less secure private keys were created. Evidence that came out and thus led to the theft of the Ethereum.

Bednarek said, "We can see the user's Ethereum being stolen, but we can't figure out which wallet software is responsible." For blockchain thieves, it is unclear whether his ill-gotten gains are derived from accounts with poor private key security , because in addition, he may have other theft techniques.

For example, guess the account private key generated by Brain Wallet. The brain wallet only needs a few words from the user, it will automatically generate the private key and the public key. At first glance, this method is very convenient, but the public key private key generated by these words is more vulnerable to brute force than the completely random generated one. .

In 2017, a team of security researchers discovered that a blockchain thief stole a total of 2,846 bitcoins by attacking the brain wallet, even though the bitcoin price plunged today, the value of these bitcoins exceeded 17 million. Dollar. Coincidentally, at the end of 2015, a blockchain thief stole nearly 40,000 Ethereums by attacking the brain wallet on Ethereum, and the blockchain thief in the above was “indifferent”.

Bednarek's team has not repeated such experiments on the Bitcoin blockchain. However, Bednarek has conducted a random check on 100 bitcoin accounts with poor security of private keys. He found that the balances of the corresponding accounts were all emptied.

However, there is no such thing as a blockchain thief on the Ethereum. It may be because Bitcoin is the first largest cryptocurrency, so the competition among thieves in the Bitcoin blockchain is more intense. Therefore, the distribution of the money is more decentralized.

Bednarek's experiment gave a vivid lesson to wallet software developers. Developers should carefully review the code for the wallet software to identify vulnerabilities that may result in poorly generated private keys and other risks .

At the same time, users should choose the wallet software carefully. "Because after your cryptocurrency is stolen, you can't call the service desk and ask them to cancel the transaction. After they are stolen, they can't find it again," Bednarek said. "So people should choose trustworthy." Wallet software and download them from reliable sources such as the official website."

Don't let your beloved cryptocurrency be the tuition fee for the blockchain thief.