Beware of the Blockchain Bandit

James McDowell May 6, 2019
0 Comments

What are the odds of guessing an Ethereum private key? According to a recent Wired.com article, it is 1 in 115 quattuorvigintillion (1 in 2^256), which makes the odds of winning the lottery (1 in 292 million) seem like a safe bet. 

This ridiculously large number ensures the security of individual’s cryptocurrencies, right? Wrong…According to research conducted by Adrian Bednarek and his colleagues at ISE, an individual Ethereum account dubbed the “Blockchain Bandit,” is seemingly responsible for stealing over 45,000 ether. 

So, what allowed the user(s) known as the “Blockchain Bandit” to steal such a large quantity of ether from a seemingly secure mechanism? By creating user wallets with identical private keys, the “Blockchain Bandit” was able to misappropriate victim funds. It appears fraudsters, such as the “Blockchain Bandit,” could generate lists of weak private keys by breaking the 256-bit private key into eight separate 32-bit subsections. Then, one could scan and run them in parallel to increase the speed. By breaking the key into smaller bits and running them in parallelBednarek and his colleagues were able to generate roughly 34.3 billion keys in an 8-hour period A bad actor, such as the “Blockchain Bandit,” could then use automated processing to scan the blockchain and steal cryptocurrencies from these weak keys within milliseconds of the generation of accounts with the same, weak private key. According to the ISE report, the amount of computing power required to mastermind such a feat is approximately 128 CPU hours per region or 1,024 hours total 

 The cause of such weak keys could be as simple as coding errors by wallet developers or allowing novice users to generate their own keys. The “Blockchain Bandit” illustrates the importance for developers to audit their code and correct issues. Additionally, it reinforces the importance of investor’s conducting due-diligence prior to participating in the cryptocurrency market and serves as a cautionary tale for newcomers who may want to create their own private keys. 

“New technologies offer fraudsters new opportunities to steal. While securities regulators are still determining the framework for cryptocurrency regulation, technology continues to advance and market participants should proceed with caution.” Said Amanda Senn, Deputy Director of Enforcement with the Alabama Securities Commission.

Unfortunately, with schemes such as the one perpetrated by the “Blockchain Bandit,” investors are unable to reclaim stolen funds after they are gone. Investors are encouraged to conduct thorough due diligence prior to participating in the cryptocurrency marketand if they are victims of such a scheme, they are encouraged to contact their regulator. 

For more information, contact

James McDowell, Alabama Securities Commission

 

Categories: Uncategorized
James McDowell

Related Articles

Responses

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .