Connect with us

Cryptocurrency

A ‘Blockchain Bandit’ Is Guessing Private Keys and Scoring Millions

A ‘Blockchain Bandit’ Is Guessing Private Keys and Scoring Millions

Last summer, Adrian Bednarek was mulling over ways to steal the cryptocurrency Ethereum. He’s a security consultant; at the time, he was working for a client in the theft-plagued cryptocurrency industry. Bednarek had been drawn to Ethereum in particular because of its notorious complexity, and the potential security vulnerabilities those moving parts might create. But he started instead with the simplest of questions: What if an Ethereum owner stored their digital money with a private key—the unguessable, 78-digit string of numbers that protects the currency stashed at a certain address—that had a value of 1?To Bednarek’s surprise, he found that dead-simple key had in fact once held currency, according to the blockchain that records all Ethereum transactions. But the cash had already been taken out of the Ethereum wallet that used it—almost certainly by a thief who had thought to guess a private key of 1 long before Bednarek had. After all, as with Bitcoin and other cryptocurrencies, if anyone knows an Ethereum private key, they can use it to derive the associated public address that the key unlocks. The private key then allows them to transfer the money at that address as though they were its rightful owner.That initial discovery piqued Bednarek’s curiosity. So he tried a few more consecutive keys: 2, 3, 4, and then a couple dozen more, all of which had been similarly emptied. So he and his colleagues at the security consultancy Independent Security Evaluators wrote some code, fired up some cloud servers, and tried a few dozen billion more.”You have a thief here that amassed this fortune and then lost it all when the market crashed.Adrian Bednarek, Independent Security EvaluatorsIn the process, and as detailed in a paper they published Tuesday, the researches not only found that cryptocurrency users have in the last few years stored their crypto treasure with hundreds of easily guessable private keys, but also uncovered what they call a “blockchain bandit.” A single Ethereum account seems to have siphoned off a fortune of 45,000 ether—worth at one point more than $50 million—using those same key-guessing tricks.”He was doing the same things we were doing but he went above and beyond,” Bednarek says. “Whoever this guy or these guys are, they’re spending a lot of computing time sniffing for new wallets, watching every transaction, and seeing if they have the key to them.”Combing a Gazillion BeachesTo explain how that blockchain banditry works, it helps to understand that the the odds of guessing a randomly generated Ethereum private key is 1 in 115 quattuorvigintillion. (Or, as a fraction: 1/2256.) That denominator is very roughly around the number of atoms in the universe. Bednarek compares the task of identifying a random Ethereum key to choosing a grain of sand on a beach, and later asking a friend to find that same grain among a “billion gazillion” beaches.But as he looked at the Ethereum blockchain, Bednarek could see evidence that some people had stored ether at vastly simpler, more easily guessable keys. The mistake was probably the result, he says, of Ethereum wallets that cut off keys at just a fraction of their intended length due to coding errors, or let inexperienced users choose their own keys, or even that included malicious code, corrupting the randomization process to make keys easy to guess for the wallet’s developer.Bednarek and his ISE colleagues eventually scanned 34 billion blockchain addresses for those sorts of weak keys. They called the process “ethercombing,” like beachcombing but for more guessable grains of sand among Ethereum’s vast entropy. They ultimately found 732 guessable keys that at one point held ether but had since been emptied. Though some of those transfers were no doubt legitimate, Bednarek guesses that 732 is still only a small fraction of the total number of weak keys from which ether has been stolen since the currency launched in 2015.Amidst those emptied addresses, meanwhile, Bednarek was intrigued to see that 12 that seemed to have been emptied by the same. They had been transferred into an account that now held a remarkable horde of 45,000 Ethereum. At today’s exchange rates, that’s worth $7.7 million.Ether Comb, Ether GoBednarek tried putting a dollar’s worth of Ethereum into a weak key address that the thief had previously emptied. Within seconds, it was snatched up and transferred to the bandit’s account. Bednarek then tried putting a dollar into a new, previously unused weak key address. It, too, was emptied in seconds, this time transferred into an account that held just a few thousand dollars worth of ether. But Bednarek could see in the pending transactions on the Ethereum blockchain that the more successful ether bandit had attempted to grab it as well. Someone had beaten him to it by mere milliseconds. The thieves seemed to have a vast, pre-generated list of keys, and were scanning them with inhuman, automated speed.In fact, when the researchers looked at the history of the blockchain bandit’s account on the Ethereum ledger, it had pulled in ether from thousands of addresses over the last three years without ever moving any out—money movements Bednarek believes were likely automated ethercombing thefts. At the peak of Ethereum’s exchange rate in January of 2013, the bandit’s account held 38,000 ether, worth more than $54 million at the time. In the year since then, Ethereum’s value has plummeted, reducing the value of the blockchain bandit’s haul by about 85 percent.”Don’t you feel bad for him?” Bednarek asks with a laugh. “You have a thief here that amassed this fortune and then lost it all when the market crashed.”Despite tracking those transfers, Bednarek has no real idea of who the blockchain bandit might be. “I wouldn’t be surprised if it’s a state actor, like North Korea, but that’s all just speculation,” he says, referencing the North Korean government’s targeting of cryptocurrency exchanges and other victims to steal more than half a billion dollars worth of cryptocurrency in recent years.Weak in the KeysBednarek also can’t identify the faulty or corrupted wallets that produced the weak keys. Instead, he can only see the evidence of the weak keys’ creation and the resulting thefts. “We can see people getting robbed, but we can’t say which wallets are responsible,” he says. For the blockchain bandit in particular, it’s not clear if simple weak key thefts comprise the majority of his or her stolen wealth. The bandit could have deployed other tricks, such as guessing the passphrases for “brain wallets”—addresses that are secured with memorizable words, which are more easily bruteforced than fully random keys. One team of security researchers found evidence in 2017 of 2,846 bitcoins stolen with brain wallet thefts, worth more than $17 million at current exchange rates. One single Ethereum brain wallet theft in late 2015 made off with 40,000 ether, nearly as big a haul as the blockchain bandit’s.ISE hasn’t yet managed to replicate its experiment on the original Bitcoin blockchain. But Bednarek did perform some spot checks of about 100 weak Bitcoin keys and found that the contents of the corresponding wallets had all been stolen, too, though none had been taken by an obvious big fish like the Ethereum bandit they’d identified—perhaps evidence of fiercer, more distributed competition among thieves targeting Bitcoin compared with Ethereum.Bednarek argues the lesson of ISE’s ethercombing is, for wallet developers, to audit their code carefully to find any bug that might truncate keys and leave them vulnerable. And users should take care with what wallet they choose. “You can’t call the help desk and ask them to reverse a transaction. When it’s gone, it’s gone forever,” Bednarek says. “People should use trusted wallets and download them from a trusted source.” Ethereum exchange rate fluctuations aside, the blockchain bandit doesn’t need any more donations.More Great WIRED Stories15 months of fresh hell inside FacebookCombatting drug deaths with opioid vending machinesWhat to expect from Sony’s next-gen PlayStationHow to make your smart speaker as private as possibleMove over, San Andreas: There’s a new fault in town🏃🏽‍♀️Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones.📩 Get even more of our inside scoops with our weekly Backchannel newsletter
Source

Continue Reading
Advertisement
Loading...
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cryptocurrency

Everything 3lau needs to perform live

Everything 3lau needs to perform live

What’s in your bag? is a recurring feature where we ask people to tell us a bit more about their everyday gadgets by opening their bags and hearts to us. This week, we’re featuring music producer and record label owner 3lau.
Justin Blau, otherwise known as 3lau, is sitting with The Verge on the floor of a green room trailer at a festival. We’re directly behind the main stage, and the trailer’s wood-paneled walls are vibrating from the act currently playing. Blau himself is about to step on stage, but is letting us rummage through his briefcase beforehand, which contains all the things he needs to perform live.
Known for his melodic-leaning dance songs, along with other endeavors — like blockchain-powered festival OMF and non-profit record label Blume — Blau’s reach extends far beyond music itself. And he’s always forward-thinking. In the past year he’s collaborated with the likes of HYO from Girls’ Generation, worked on a track with Ninja for the gamer’s NINJAWERKS Vol. 1 compilation, and put out several lush and pop-forward singles on his own imprint, like “Touch” and “Would You Understand.” He has two albums planned for early 2020. On top of that, as evidenced by where we’re talking with Blau, he maintains a constant touring schedule.
It’s a lot for one person to juggle, but as we see in his bag, Blau’s able to do it all through being a very meticulous person. “Wow,” he says in admiration after The Verge has arranged his array of cables on the trailer’s carpet. “It looks really pretty. You guys did a great job, and I’m very detail-oriented.”

You have a briefcase?
There’s a lot of interesting things in here! You’re skeptical!
No! It’s just unexpected.
I just come to the show like this. Business. It is a Tumi. I do love Tumi. My luggage is also Tumi. I use this because I already have a backpack. If you see my full luggage setup, the briefcase makes more sense. It fits perfectly on one side of my luggage. I’m super efficient about how I pack.

And here I have my DJ controller.
Whoa! That’s the perfect size for your bag, and I love the color.
Thank you. It’s custom iridescent red.
Does it glow under black light?
It does. Part of the Ultraviolet idea. It’s made by a company called Livid. They’ve actually discontinued it, which is a nightmare for me because I only have two. If they break I’m literally screwed. I’ll have to reprogram one or ideally have somebody else design one. It’s basically a MIDI controller for Ableton. I’ve always DJed with Ableton. Everyone is like, well why don’t you DJ with CDJs? And the reason why is because when was in college I couldn’t afford CDJs. I learned on Ableton. A CDJ setup is like, four grand, and there were no clubs for me to go check it out. And this little thing is $500.
It was a way more affordable alternative. I stole Ableton at the time, totally did not buy it. But now I own Ableton and am a real licensor.
I had the APC 40 back in the day and this [Livid controller] was the replacement. It’s more customizable. There’s a lot more I can do with it. I can create my own custom MIDI scripts. It’s really cool.
Livid knew that I was using it from photos and they reached out to me and said they wanted to make me a custom one. My first one was black and they powder coated it this red. It’s one of a kind. And it’s discontinued. So this is my pride.

Let’s see what else you’ve got in here.
My backpack has my production laptop, and adapters, my headphones, all that stuff. This bag has the stuff I need live.
This is a good one. An extra battery.
Does that charge your laptop too?
Yes. It’s a newer Mophie. I love them. This battery can charge the laptop and the phone. I usually travel with three of them because on an international flight if there isn’t an outlet when my laptop dies, I know I have batteries I can use. Ideally that will eventually change. But international flights don’t always have adapters, and that’s why I travel with three.
Dongles. More dongles. And more cables. I keep extras because it’s so easy to lose them.
And then the trusty old earplugs. And a splitter. A splitter is especially good at festivals if I’m hanging out with another artist and we’re showing each other new music. It can be loud, and there can be a lot of people in the green room.

What do you use this laptop for?
So this is just the DJ laptop. Way less ports, which is why I have those extra dongles. Disaster. This is the 13 inch, and then I have a 15 inch as well.
What phone is this?
The iPhone X. Worst phone ever.
Why?
Well, actually the software update fixed a lot of problems. The Wi-Fi used to fucking close for no reason.
Is there a particular reason why you have an iPhone?
The ease of connecting everything. Because I’m all Mac it makes life easy. I communicate with everybody on iMessage.

And these earplugs and earbuds?
I have Westone custom earplugs because this is the first company that somebody told me about. At the time I ordered, it was like, $50 per extra mold. I got three molds and I’ve only lost one over the past eight years or so. I’m proud of that. I did lose one of the db filters, but you can order those on Amazon.
If you’re at festivals enough, it’s something to consider. Honestly, I’ll also use the dead plugs on airplanes sometimes, and it just cuts everything, even babies’ cries. It’s the best kind of earplug.
And then I have portable little Beats. I don’t particularly love them, but they’re great for when I’m in the green room and on the laptop. It’s nice to bring this little bag instead of the big headphones. I normally have the Bose QCs when I’m on airplanes.
What about these USBs?
These are fan songs that I probably haven’t listened to yet.
People gave you those?
Right. A lot fans give them to me and I say, listen, here’s my personal email, I promise I’ll check it but I’m sure I’m going to lose the USB. Those are two of the maybe 50 that I’ve kept. I have no idea what’s on them. Once a month I try to go through my demo folder and listen to as much as I can. And in some cases I wind up working with some of these artists.

Where did you get your wallet?
It’s my Margiela wallet. I ordered it online from a website called SSense where I order a lot of my clothes from.
Matthew Reeves: It’s sale season!
You know! I see the Y3 shoes over there. I see it.
Dani Deahl: Matt is one of Rick Owens’ primary photographers.
Wait, what? Hold up. No way! Oh my god. I normally have a Rick zip-up sweatshirt vest. But it’s so hot so I’m not wearing it now. I got it when I was in the Rick Owens store in Tokyo. He’s got a sculpture of himself in there that’s crazy.

Why do you have a Sharpie?
There’s always a fan that wants me to sign something. Signing someone’s phone is the most common request believe it or not. They want me to sign their phone cases. Some people let me sign straight on their phone. Hats are the second most common.
I think I know where the $2 bills are from.
They are from Steve… Two Dollar Hollar. Steve Reisman is a very successful entertainment lawyer. He gives all his favorite artists $2 bills whenever he sees them. He’s just loaded up with them all the time. He’s really close with Drake and a lot of big artists, and I’m honored that I’m a friend of his. I use the $2 bills for valet tips. I keep every $2 bill I’ve gotten from him in my car.
[Places card down] We’ll put that in there just for fun.
What is it?
It’s for a blockchain-powered festival I threw last year called OMF.
And last, the Listerine strips.
Listerine strips are always on my rider. It’s more efficient than gum. I don’t want to carry a pack of gum in my pocket, but I want that because it’s small. I wear tight jeans. It’s as simple as that. And if I forget and they get washed, it just dissolves and smells really good. That happens all the time.
Vox Media has affiliate partnerships. These do not influence editorial content, though Vox Media may earn commissions for products purchased via affiliate links. For more information, see our ethics policy.

Source

Continue Reading

Cryptocurrency

Max Keiser Says ‘Stack Satoshis,’ Bitcoin to Beat All Asset Classes

Max Keiser Says ‘Stack Satoshis,’ Bitcoin to Beat All Asset Classes

Max Keiser Says ‘Stack Satoshis,’ Bitcoin to Beat All Asset ClassesMax Keiser tells Crypto Trader that when an asset rises from $5,000 to his price prediction of $100,000, it is going to beat the returns of every other asset class. | Source: (i) Brendan Moran / SPORTSFILE / Web Summit (ii) REUTERS / Dado Ruvic ; Edited by CCNBy CCN: Broadcaster Max Keiser is a noted bitcoin bull. The host of the Keiser Report on media channel RT is well-known for his $100,000 bitcoin price forecast, telling the world time and again to keep accumulating the digital currency because it is on its way to hitting six figures.Keiser doubled down on his $100,000 bitcoin price target earlier this month. Now he’s reiterating his ambitious outlook, suggesting in an interview with CNBC Crypto Trader that it’s only a matter of time for the bitcoin price to reach his target.“The timing is immaterial. It is still going to outperform every other asset you can possibly imagine owning over the next five, 10, 15 years. Forget about timing. Timing is for people who think that, ‘I’m going to wait and buy it at a better price.’ And that is a bad way to approach crypto. Stack Satoshis!”‘Best-Performing Asset’Keiser’s reasoning for bitcoin beating every other investment category is simple – when an asset rises from $5,000 to $100,000, it is going to beat the returns of every other asset class.While Keiser is willing to go out on a limb on the bitcoin price, he believes it’s a bad idea to try and time bitcoin’s rise. According to Keiser, one should keep accumulating the cryptocurrency instead of waiting for a better entry point because of the massive upside potential. He even recommended that people not waste their money buying Mother’s Day gifts. Instead, he says, investors “should have been stacking Sats.”All of this makes it evident that Keiser is a big-time bitcoin bull.Hyperinflation a Big Catalyst for the Flagship CryptocurrencyKeiser is critical of the Federal Reserve performing quantitative easing. He said during the interview that the Fed’s inclination toward permanent quantitative easing would lead to “money printing without end.”Keiser believes that such a move would lead to hyperinflation, and bitcoin – like gold – will thrive in such an environment. This is not the first time that a Wall Street veteran is comparing the digital asset to gold.Asset management firm Morgan Creek Digital recently said that bitcoin price could hit $500,000 because it is a better investment than gold.An increase in money supply is one of the two reasons leading to inflation. Hyperinflation occurs when a country’s government begins to print money to meet its spending and fails to tighten the money supply when needed. In a state of hyperinflation, the value of gold shoots up as it is a known hedge against volatility and inflation.As it turns out, bitcoin is displaying gold-like characteristics. The price of bitcoin has rallied at a time when there is volatility in the global markets.Fascinating interview between @maxkeiser and Harry Halpin, who is building the next level of privacy for the internet https://t.co/ZHumJHP9vE— John Smithies (@jdsmithies) May 25, 2019What’s more, just like gold, bitcoin is a finite asset; only 21 million coins can be mined. So the demand for bitcoin is expected to increase in the future, especially if the Fed keeps printing money and creates a hyperinflationary environment.As such, Keiser believes buying and holding bitcoin would be a great idea because you could enjoy gains of more than 1,100% even if you buy it at the current price of around $8,000 – if his price prediction comes true. About The AuthorHarsh ChauhanHarsh Singh Chauhan has a wealth of experience evaluating publicly-traded companies across several verticals, including technology, oil and gas, retail, and consumer goods. He is a syndicated author whose articles have been published on reputed online platforms across the U.S., Europe, and India since 2011.This article was edited by Gerelyn Terzo.
Source

Continue Reading

Crypto Live Prices

  • USD
  • EUR
  • GPB
  • AUD
  • JPY
Advertisement
Loading...
Advertisement
Advertisement

Trending

Copyright © 2018 Crypto141.com