CyberWire Daily - Blockchain bandits plunder weak wallets. [Research Saturday]
Episode Date: June 1, 2019Adrian Bednarek is a senior research analyst at Independent Security Evaluators. He and his colleagues looked at weak private cryptocurrency keys on the Ethereum blockchain in an attempt to discover h...ow and why they are being generated as well as how bad actors are taking advantage of them. The original research is here: https://www.securityevaluators.com/casestudies/ethercombing/ Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K.
Hello, everyone, and welcome to the CyberWire's Research Saturday.
I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down threats and vulnerabilities and solving some of the hard problems of
protecting ourselves in a rapidly evolving cyberspace.
Thanks for joining us.
And now, a message from our sponsor, Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs,
yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust Plus AI stops attackers by hiding your attack surface,
making apps and IPs invisible, eliminating lateral movement,
connecting users only to specific apps, not the entire network,
continuously verifying every request based on identity and context, Thank you. organization with Zscaler, Zero Trust, and AI. Learn more at zscaler.com slash security.
I'm a security analyst, and one of our clients was doing a blockchain-based solution.
That's Adrian Bednarik. He's a senior security analyst at Independent Security Evaluators. The research we're discussing today is titled Ethercoming,
Finding Secrets in Popular Places. And as a security analyst, we have to understand
all components that make up the blockchain and how a bad guy could abuse it. One of those things was an Ethereum
public address and a private key.
Basically, the way you interact
with the blockchain is you have a secret, which
is known as a private key. If you're
the holder of that private key, you can
commit funds to the blockchain
and you can take funds out. So basically
the private key is
basically like the PIN number to your bank
account. If anybody is able to guess
that private key, they can steal your funds. So I was researching one day how exactly a private
key is generated. And during my research, I found that people were using the private key of one.
The private key is supposed to be 78 digits long, but you know, somebody decided, hey,
let's use 77 digits, all of those being zero.
And then the last digit is one.
So effectively, they had the private key of one. And if you go in and look at that address that's generated from a private key of one,
you'll see that there's thousands of transactions committed to that key.
So there's been lots of people like interacting and colliding using this shared private key,
basically.
Is that private key of one?
Is your sense that that was created accidentally or intentionally?
I think it's a mixture of both.
It's hard to say exactly what caused it because all we have is the evidence.
We can't reconstruct time backwards and say what exactly caused this.
I suppose it's just somebody else like me that was playing around and they're like,
hey, can I actually send money to this and will it get stolen? So curious people sent money here. Sometimes maybe developers were testing some
code and they were like, I don't want to generate a 78-digit number. I'll just use the private key
of one. So it's likely that there's a sponsored test code and possibly a wallet that was out there
was somehow generating a private key of one for people. There is a lot of transactions behind it, and it's unusual.
So we decided to look at other private keys.
Like we were like, is two used?
And we found out, yes.
So we went to like three, four, five, six, seven, eight.
We found pretty much all of them were used.
So we were like, okay, this is an interesting issue.
Because if you were generating truly random keys,
then that would not be what you would expect
to find. Absolutely. So here's like a rabbit hole. I dove down, scanning each key manually took,
you know, a minute or two at a time. I was like, I need to scan a lot of keys, like more than I can
do manually. So I automated the scanning technique and I ran it on lots of computers up in the cloud.
And I was able to scan 4 billion keys within an 8 hour period. And I found that within that
4 billion key range, I found a few hundred keys. So I was like,
okay, this is interesting. I scanned a lot of keys and I found a lot more
keys that I could interact with. So then I wanted to scan a lot
more ranges within the private key
space of a private address. And the total sum of the addresses we found that we were able to
interact with were 732. Now, when you say interact with, when you have the private key,
does that give you complete control over that account? Yes. Basically, you become the owner of that account. It becomes like a shared bank account
with whoever else has the private key. I see. So you can put funds in, you can take funds out.
But again, it shouldn't be this easy to stumble across these private keys.
Right. So there's an issue. We don't know what it is. And then we kind of went down another rabbit
hole. We kind of started investigating some of the weirder private keys, like say 80,000 was a
private key that was used. We kind of looked at it and we said, who's using this key? Where did
the money come from? Where's the money going? And we saw that there was a few inbound transactions,
dozens of dollars, if not more, wasn't too significant. But we saw that there was an
outbound transaction to a guy that was holding like 45, wasn't too significant. But we saw that there was an outbound transaction
to a guy that was holding like 45,000 units of Ethereum,
which was a significant amount in present day value
that's almost $8 million.
So we kind of looked around and saw that this guy
was also interacting with more than just that single private key
that we had shared knowledge of.
He was interacting with, I believe it was like between 8 and 12 private keys.
So this guy was doing the exact same thing, but he was a lot more successful at it.
So you suppose that like you, he had stumbled upon or I guess even brute forced his way into finding some private keys.
And was he just standing by and waiting for something to go into these accounts and then he would take it out quickly?
So there's multiple interesting things with this person.
We kind of dubbed him the blockchain bandit because we didn't know what to call him.
It might not be a single person.
It could be an entity.
We have no idea who it is.
Hopefully, once public awareness reaches a certain level, then maybe some people might infer who it might be.
But this person has basically held on to this stolen loot
without actually withdrawing any of it. He made some withdrawals in May of 2017, and those were
pretty small. He only withdrew $70,000 worth. Between May of 2017 and June of 2018, that's when
the crypto bubble like really took off. Bitcoin was worth $20,000. Ethereum went to like $1,300.
CryptoBubble really took off. Bitcoin was worth $20,000. Ethereum went to $1,300.
This person or entity was worth $54 million in January of 2018. Between that time, he really didn't sell anything off, which is interesting because I guess his penance for stealing all of
this was participating in the crypto crash. And this person or entity saw their $54 million dwindled down to, you know, a paltry $7.7 million right now.
Easy come, easy go, right?
Exactly.
Wow.
So what else do you think could be at play here?
I mean, the first thing that I think of is, could this be some sort of method for laundering money?
There's a lot of weird things going on in blockchain space because some of the coins provide anonymity.
So where you could, you know, use it for malicious activities like laundering money, buying goods that you shouldn't be able to buy and things like that.
But the other interesting thing about this crypto bandit is we tried two experiments.
One, we sent a dollar to a private key we both interacted with in the past just to see how long it would take him to steal it. And we sent him a dollar to a private key we both interacted with in the past, just to see how long it would take him to steal it.
And we sent him a dollar to a private key
we both had shared knowledge of,
and that disappeared within like two seconds.
Oh, wow.
I sent a dollar in, I refreshed the page
to see what the balance was, and it was immediately gone.
Easy come, easy go, right?
There you go.
Yeah, exactly.
And I could see that it went to this crypto bandit guy.
So I was like, okay, that's interesting. So then we sent a dollar to a brand new address that
is likely to be a weak key. So it's an address that's never been used before. It's a brand new
account, but it's using what we'd consider a weak private key. What would you consider to be a weak
private key? So a strong private key would be a random 78 digit number. For a weak private key, we just used a 10 digit number. Okay. So we sent
the dollar there. We expected, you know, to maybe wait a few minutes, maybe hours or days for the
dollar to disappear. But we were surprised and the guy immediately stole it again within seconds.
The same guy? Yep. Okay. Connect the dots for me there.
With a catch though. So this brand new address, there were three people that attempted to take
the money out because when you interact with the blockchain, you say, hey, I want to take some
money out. The first person to do so successfully gets the money. So three separate people tried to
take money out. One of them was the crypto bandit, but he was a few milliseconds
too slow. Somebody else naked him and got the dollar first. So there's basically a minefield
or, I don't know, booby trap set on weak private keys where there's groups or entities or people
watching key spaces where weak random keys exist. And they basically immediately monitor transactions
coming into those keys,
and they immediately take money out.
Well, help me understand, because if this was a brand new account on this blockchain that hadn't previously existed,
when you spin up the account, does some sort of notice go out,
or is there a method by which they can just be pinging the network and checking to see if an account with this weak private key has been created?
That's a good point.
Here's another interesting misconception people have about the blockchain.
You know, a lot of people think that when you create an account on the blockchain, it's like kind of going into your bank and you create a new account to get your number and then you can interact with it.
That's not really the case. The account is created automatically
when you send money into it,
which is kind of strange to think about.
But basically, as soon as we sent a dollar
to a new account generated from a private key
that was never used before,
that transaction was then recorded on the blockchain.
That was the first time that account
would appear on the blockchain is That was the first time that account would appear on the blockchain
is with that transfer of a dollar.
And somehow these people were monitoring it and they saw,
hey, this account I have the private key to,
therefore I can steal the money out of it.
And they did so within, you know, 200 milliseconds.
So do you suppose, I mean, they are out there
generating these weak private keys
and then
just monitoring for when they get used?
Is that what's going on?
Yep, absolutely.
So we assume that they're basically generating tons of weak private keys, creating a database
of them.
And if they see a transaction come in, they look up that transaction's address in their
database.
And if there's a match, then they know they have the private key to it.
Therefore, they can take the funds out of that account.
Help me understand another component of this, because I'm fuzzy on it, which is
you have your private key and you have your public key. What's going out on the blockchain
for public consumption? Is it the public key that's derived from the private key? Or
do you follow my line of questioning here? How are they able to get to that private key?
key? Or do you follow my line of questioning here? How are they able to get to that private key?
Basically, a transaction on the blockchain uses digital signatures. Basically, you sign a transaction using your private key. It creates a value that can then only be decrypted using
your public key, which is publicly known. Therefore, it proves ownership. Because
if you send out an encrypted message
and you say, hey, use my public key to decrypt it, then therefore, the only person that created
that message could be only the account holder of the private key, if that makes sense.
It's a little hard to wrap your head around because basically, you create a message using
your private key without revealing your private key. And people use that public key
that's derived from your private key to verify that your message was signed by your private key
without knowing your private key. It's kind of proving ownership of a transaction.
Right. So out there in the real world, why do you suppose some of these weak keys are getting spun up?
There's a lot of reasons. Some of them could be malicious wallets generating weak private keys on purpose. We've seen that. And a really good example of that was with IOTA coin, I-O-A-T-A.
And that's where a person maliciously compromised the random number generator
to basically create deterministic private keys
that only he could derive the knowledge of.
And the interesting thing was his wallet was open source.
Anybody could review it,
but he made his code so convoluted and obfuscated
that people really had a hard time reading it.
So it was really hard to audit exactly what was going on.
So he got away with injecting malicious code into public code that was then
used by people to create wallets that then he was able to come back,
you know,
a few months later and basically robbed and blind.
And I think he stole $25 million worth of IOTA coin and he got caught.
And I think he's sitting in the German prison right now.
Yeah.
This is something that kind of unrolled within the
past six months. So, you know,
there could be malicious wallets, there could
be coding errors, like some wallets
could be generating really good random
numbers that are 78 digits long
but in the way computers work and processors
work, they might be using code
that takes that 78 digit number and
truncates it down
to like a six-digit number or something like that. So it's not using the full key once it goes to,
you know, the magic that actually makes the wallet generation happen. And that's about it. I mean,
there could be developers that are just using test code. They're just randomly putting in keys.
Some all have the functionality of recovering your private key
from a passphrase, but maybe some
people misuse it and they actually put in
the private key without knowing
what's going on. So the alt asks
for their private key and they enter
1,000 or whatever.
There's a lot of weird, different reasons that
these keys could exist, but
it's hard to say which one is the
most prevalent.
It's probably a mixture and a combination of everything that's going on at the same time. Now, another thing that your research highlights here is the use of null strings and how some folks have sort of, I guess, maybe fallen into that trap.
It seems maybe accidentally there's been a good amount of funds lost by,
I guess, some coding errors there. What's going on with that one?
Null strings refers to brain wallets. Brain wallets are basically using passphrases to
generate a private key. If you use a brain wallet and you use the passphrase ABC123 for your wallet,
then if another person uses that same passphrase, ABC123, then both of you have access to each
other's
funds. You basically collided wallets. And since a lot of people tend to reuse passwords,
like people will use password 123 very commonly. So it's very likely to be collided with other
people. That's why using brain wallets is typically frowned upon in the crypto community.
The blank passphrases. So those are from brain wallets, and
there was one wallet that allowed people to use
blank passphrases. So basically
the software asked the user
for a password to protect
their private key, and people would
just hit enter and just ignore it.
They'd be like, I don't want to use a password.
Or whatever. Like people
typically do, you know. So they
were using a blank passphrase wallet
that anybody else that did the same thing you know just skipped the password creation step
they could interact with each other's wallets and you know the bad guys got onto that that a lot of
people were using blank passphrases and you know there was 5,200 Ethereum that went into wallets that had a blank passphrase.
Wow. And that's a lot of money.
Yep. At one point, that was worth $5.2 million.
Okay. Yeah. Adds up. So what are your recommendations in terms of people actually being able to generate truly random private keys and being able to verify that they're actually doing
so. What are the best practices there? I think the main takeaway is to use
well-used and trusted software. If people are getting into the crypto space to invest or use
cryptocurrency as a utility to trade for goods and services, they should look into communities
that are using various
cryptocurrency wallets and look to see which ones are popular, which ones people recommend.
Stay away from random things they find on search engine results because some of those
can be polluted with malicious software or wallets. So the takeaway would be just use
well-known wallets that are accepted by the community. Blockchain and cryptocurrencies are a new technology.
And anytime you have a new technology, there's benefits that are brought in by it.
And then you have bad actors that come in to see how they can exploit it to benefit themselves.
So you always have to be careful when new things come out.
And make sure to use software that is in line with best practices and accepted
by the community.
Our thanks to Adrian Bednarik from Independent Security Evaluators for joining us.
The research is titled Ether Combing, Finding Secrets in Popular Places.
We'll have a link in the show notes.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
defenses is by targeting your executives and their families at home. Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
The Cyber Wire Research Saturday is proudly produced in Maryland
out of the startup studios of Data Tribe,
where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Bond, Thanks for listening.