A shocking report came out on Wired that shows how one bandit has been stealing millions of dollars in Ethereum.
The so-called Blockchain Bandit has been exploiting weak Ethereum private keys and has so far managed to accumulate a fortune of 45000 Ethereum. The hackers are devoting a lot of computing resources to scanning the Ethereum blockchain, watching for new wallets and when they have the keys, stealing the cryptocurrency.
The hackers have been able to exploit these addresses due to surprisingly weak private keys which have been generated. The odds of guessing a randomly generated Ethereum private key is 1 in 115 quattuorvigintillion. According to the specialist who discovered this theft that was happening, the task of identifying a random Ethereum key is like trying to choose a grain of sand on a beach and then later asking a friend to find that same grain of sand among a billion gazillion beaches. However, Ethereum was stolen despite these wild odds and 45,000 Ethereum is quite a lot of money.
How did it happen?
It specifically happened with Ethereum wallets that did things like cut off keys at just a fraction of their intended length. Either due to things like hoarding errors or other activities or wallets that included malicious codes, basically corrupting the randomization process to make the keys easier to guess.
Out of the 34 billion blockchain addresses that the researchers scanned, they found 732 addresses with easily guessable keys which basically means that only a small fraction of the total amount of keys are likely to be easily guessable. Most of the work seems to be done already though as the thieves seem to have a wast pre-generated list of keys as was evidenced by the researcher placing a dollar worth of Ethereum into a previously unused address which had a weak key and that Ethereum was immediately stolen by the bandit’s bots.