Single Ethereum Account Stole $50 Mln Worth of ETH by Correctly Guessing Private Keys

News
Tue, 04/23/2019 - 18:26
Alex Dovbnya
🔐🔑Are you sure that your private key is secure enough? The latest study shows that it could be easily guessed by ‘Blockchain bandits’
Single Ethereum Account Stole $50 Mln Worth of ETH by Correctly Guessing Private Keys
Cover image via U.Today
Contents

A single Ethereum account, dubbed ‘Blockchain bandit’, managed to steal 45,000 ETH (around $50 mln at the time of writing) by guessing the private keys of his victims, Wired reports. In certain cases, it is not that hard to get around a long string of digits.    

Related It Would Take Several Seconds to Hack Every Cryptocurrency in the Nearest Future
Related
It Would Take Several Seconds to Hack Every Cryptocurrency in the Nearest Future

The guessing game

The study entitled Ethercombing: Finding Secrets in Popular Places, conducted by security consulting company Independent Security Evaluators (ISE), sheds light on the modus operandi of the above-mentioned Blockchain bandit, who made a fortune because of weak private keys. Normally, one has a snowball's chance in hell of correctly guessing the 78-digit code (1 in 115 quattuorvigintillion), but there are numerous workarounds for bad actors.

In particular, some private keys were cut off due to coding errors or being compromised by malicious software. Some users were also gullible enough to come up with their own keys that were easy to guess. After analyzing 34 billion Ethereum addresses, ISE found 732 private keys, and (you guessed it) all ETH holdings have already been pilfered.

Related Hacked Zaif Exchange Is Back, Fully Operational with New Management Team
Related
Hacked Zaif Exchange Is Back, Fully Operational with New Management Team

Is North Korea behind it?

The researchers would methodically send a dollar worth of ETH to ‘weak’ addresses to check how fast they would be stolen. ISE points out that there are multiple competing ‘Blockchain bandits’ who strive to snatch new deposits first. However, the fact that these transactions are conducted ‘within milliseconds’ proves that it could be automated bots who are operated by a single actor.

They do not rule out that it could be North Korea since the country relies on crypto to maintain its authoritarian regime.

About the author

Alex Dovbnya (aka AlexMorris) is a cryptocurrency expert, trader and journalist with extensive experience of covering everything related to the burgeoning industry — from price analysis to Blockchain disruption. Alex authored more than 1,000 stories for U.Today, CryptoComes and other fintech media outlets. He’s particularly interested in regulatory trends around the globe that are shaping the future of digital assets, can be contacted at alex.dovbnya@u.today.