Another week, another security upset in the blockchain space. Now it pertains to a supposed “blockchain bandit” who has been guessing private keys and stealing investors’ Ether. An independent security firm out of the United States established that there were approximately 700 weak private keys that were in use. The bandit is able to gain access to these funds by “ethercombing”, a new term to describe how this bandit continues to “find” private keys and siphon off the funds almost instantly.
Private keys for most of the major blockchains are represented by 256-bit numbers. There are certain sub-regions that may be generated by the algorithm that are easier to attack with brute force. If one were to try this in a larger “region”, it would be statistically improbable they would actually gain access to any Ether.
Weakness of the Wallets
Keys in this subregion are considered faulty, and probably shouldn’t have been generated in the first place. This is especially dangerous when your private key is basically your username and password at the same time. Just knowing a key exists in a certain region is a security risk.
So picture this: if multiple people are using a the key equivalent of “password” or “123456”, then they would all technically have the same bank account. All their funds would be co-mingled, and there would be a major issue. When researchers at Independent Security Evaluators (ISE) were able to discover 732 different keys that had this significant overlap and should never have been generated in the first place, they knew there was a problem.
Then they noticed something:
“There was a guy who had an address who was going around and siphoning money from some of the keys we had access to. We found 735 private keys, he happened to take money from 12 of those keys we also had access to.”
Basically, someone had figured out how to swipe funds from all the…