How to steal the key of Ethereum wallet? (Part2)

How to steal the key of Ethereum wallet? (Part1)

The arrangement of Ethereum, the destination of Ethereum

Bedna Reek tried to deposit a dollar of Ethereum in a weak key address, which the thief had emptied before. Within a few seconds, it was transferred to the robber's account. Bednacre then attempted to put a dollar into a new weak key address that had not been used before, and it was also emptied in a few seconds. This time it was transferred to an Ethereum account worth only a few thousand dollars, but Bedna Reek saw thieves trying to steal it in an undetermined deal on the Ethereum blockchain. The thieves seem to have a large list of pre-generated keys and are scanning them at non-human, automatic speeds.

In fact, when the researchers looked at the blockchain robbers' records on the Ethereum ledger, it had stolen Ethereum from thousands of addresses in the past three years without any outflows.

When the Ethereum exchange rate peaked in January 2018, the robber’s account held 38,000 dollars, which was worth more than $54 million.

Since then, the value of Ethereum has plummeted, reducing the value of blockchain thieves by about 85%.

"Don't you feel sorry for him?" Bednarik said with a smile. "You have a thief here, he has accumulated this wealth and then lost everything when the market crashed."

Despite tracking these shifts, Bedna Reek does not really know who might be a blockchain thief. "I wouldn't be surprised if it were a country like North Korea, but it was just speculation," he said. He pointed out that the North Korean government has targeted cryptocurrency exchanges and other victims in recent years, stealing cryptocurrencies worth more than $500 million.

Weakened key

Bedna Reek also failed to identify the wrong or damaged wallet that produced a weak key. Instead, he can only see evidence of weak key creation and the resulting theft. He said: "We can see people being robbed, but we can't say which wallet is the culprit." Especially for blockchain thieves, it is unclear whether simple, weak key theft cases accounted for their theft. The vast majority of wealth. Thieves can also use other techniques, such as guessing the "brain wallet" password – an address protected with memorable words that are more vulnerable to violence than a completely random key. A group of security researchers found evidence of 2,846 bitcoins being stolen in 2017. At the current exchange rate, stolen bitcoins are worth more than $17 million. Later in 2015, in an "Ether" brain wallet theft, 40,000 cases of theft were stolen, almost as much as the blockchain thieves.

ISE has not successfully replicated its experiments on the original Bitcoin blockchain. But Bednarek did some spot checks on about 100 weak bitcoin keys and found that the contents of the corresponding wallet were also stolen, although there was no obvious thief taken by them – perhaps evidence It shows that the competition between thieves targeting Bitcoin is more intense and more dispersed than in Ethereum.

Bednerek believes that the lesson learned by ISE is that for wallet developers, they should carefully review their code to identify any vulnerabilities that might truncate the key and make it vulnerable. Users should pay attention to the wallet they choose. Bednarek said: "You can't call the service desk and let them cancel a transaction. When the transaction ends, it will disappear forever." "People should use a trusted wallet and download from a reliable source. ”