By CCN: Years ago, a thief had a simple idea: figure out a way to guess Ethereum private keys and write software to sweep the crypto funds from the blockchain. Guessing the 72-character private key is no small feat – your odds are about 1 in 115 quattuorvigintillion.
The researchers told Wired that trying to do this without the help of high-powered computers would be like:
“[…] Choosing a grain of sand on a beach, and later asking a friend to find that same grain among a ‘billion gazillion’ beaches.”
The Fatal Flaw of Crypto ‘Brain Wallets’
The idea has blossomed into an incredibly successful business model, which capitalizes on malformed private keys and poor wallet development.
Wired reports on security researchers who uncovered this phenomenon and even proved the concept by sending funds to one of the wallets they suspected had been swept – within minutes the Ether disappeared to the address they believed was home to all the stolen cryptocurrency. If a private key is generated correctly, it’s far less susceptible to guessing than if it is truncated by a character or two or worse, manually chosen by a person. A private key of all 0s or that sums up as 1 is the type of private keys that this sneaky fox is snatching.
In case our reader is new to blockchain technology, let’s briefly explain the nature of a private key. In private/public key cryptography, which all cryptocurrency is based on, ownership of the private key gives you access to anything associated with the public key – funds received or controlled by a Bitcoin or Ethereum address, for example. Bitcoin wallets are composed of multiple private keys, each corresponding to a public address, while the Ethereum system uses a single “account” architecture. A single private key in Ethereum will control all of that account’s Ether as well as its tokens. If someone compromises the private key, they can import the funds and then sweep them to somewhere else.
Tracking the Stolen Ethereum Funds
Wired doesn’t report which address keeps swiping, but says it has gained 45,000 Ether over the years. It’s had over 5,000 transactions, and a great many of these have been incredibly small. The script is indiscriminate – if any amount of Ether is moved into an address it has compromised, it swipes it immediately. As you can see if you visit Etherscan, it’s received dozens of nearly worthless transactions, the sum of which begins to add up. However, it’s interesting to note that they seem to be hoarding Ethereum. There are less than 100 outgoing transactions, most of which happened a couple of years ago. It seems when the EOS token left Ethereum and became a reality, they redeemed the EOS the account held. It would be interesting to check the status of this account the next time the Ethereum price pushes toward $1,000. Here are the alternative options:
ethereum crypto wallet
Addresses on the Ethereum blockchain which contain around 45,000 Ether. Was it a rogue developer who wanted to discourage use of bad private keys, or highlight the insecurity of certain Ethereum wallets?