This week, the USA security service published a report about a case when a hacker was guessing private keys on Ethereum blockchain.
Beside that, the service established around 700 private keys that were weak enough and could be guessed easily. A blockchain bandit was found, who actually did it: guessed weak private keys and got an access to cryptocurrency wallets of a number of users.
The thief managed to steal more than 45,000 Ether by using those keys.
How it could happen?
The service representative tells, he discovered the hacker by accident. The service officer was doing some research for one of his clients. The research target was the integration of some algorithm for generating keys to crypto-wallets.
So, he told that to start any project, a specialist needs to understand all in depth, to the smallest details. So, he was going to study about keys in Ethereum.
So, the main thing they had to research was the private key generation. The principles, rules and so on.
So, all major cryptocurrencies support the ECDSA (Elliptic Curve Digital Signature Algorithm) protocol. The keys are represented as 256-bit numbers. The ISE made it simpler by narrowing it down to 32-bit keys.
And then, I discovered, that there are about 34 bln weaker keys. The ISE scanned them all.
Those were not normal keys. They were generated due to a faulty code. As well, faulty random numbers generators were used.
The private key is at the same time a used ID and the password. It is not like any other login. So, if two persons create a wallet with the same key, they will have the same wallet, even though they do it by accident.
Further, it was discovered, that the private key 1 was used on the mentioned blockchain! And there were thousands of transactions with it! How it was possible? Moreover, why did people use it? And later, one more news followed: more than 732 very weak private keys. And the total number of transactions was around 50,000. And there were suspicious transactions, when money was coming to an account and not out. So, there must be somebody stealing money from those keys that we have discovered.
So, the thief installed and setup a code that would automatically transfer funds from weak keys to his account, as soon as such funds are available. So, the researchers used so-called honey-pot. They transferred one dollar by using one of those weak keys. The money disappeared within one second!
So, it was not a manual thing, otherwise, the money would be taken within some time. so, the hacker had a blockchain node which used to serve as a part of a transaction network, and it was setup who knows where. And as soon as money comes to a weak key, the tool sends a request to transfer this money to his account.
Etherscan showed, that the wallet of this hacker has to have around 45,000 USD already. As well, it was determined, that the hacker could have sold around 50 million already. According to some data, this thief has been stealing money for some years. Even in one post of Reddit from 2016 it was mentioned, that Ethereum nodes with insecure RPC settings were exploited heavily. There was even an example given when a redditor setup an Ethereum node and it was attacked just some minutes after it had gone live. So, it is recommended to keep your keys on cold wallets or paper wallets.