Several Ethereum Wallets Discovered To Be At Risk Because Of Weak Key Pairs
A publication concerning some faulty public and private key pairs attached to the Ethereum blockchain was released by a security consulting company called Independent Security Evaluators (ISE). The deciphering of 256-bit encryption by hackers in order to have access to random private keys is expected to take years. However, 49,060 ETH transactions are being questioned by ISE as it discovered 732 “weak” public keys with their corresponding private keys revealed.
732 Private Keys and Discovering the Blockchain Bandit
ISE, whose headquarter is in Baltimore, Maryland carried out a survey on the “weak keys” which were discovered on the Ethereum blockchain. These “weak keys” can be discovered on any blockchain implementation which utilises public key signing based on ECDSA encryption. The ISE reportedly developed a method of detecting private keys which originated from either problematic code or faulty random number generators (RNG) and a combination of both.
The report from ISE states that:
“We discovered that funds from these weak-key addresses are being pilfered and sent to a destination address belonging to an individual or group that is running active campaigns to compromise/gather private keys and obtain these funds,”
“Even when faced with this statistical improbability, ISE discovered 732 private keys as well as their corresponding public keys that committed 49,060 transactions to the Ethereum blockchain,” it continued.
The report further revealed that:
“Additionally, we identified 13,319 Ethereum that was transferred to either invalid destination addresses, or wallets derived from weak keys that at the height of the Ethereum market had a combined total value of $18,899,969.”
Highly Effective Hacking Campaign
Although 732 key pairs have been discovered another 60,286,012 tokens which are ERC20 based have been found within these keys. ISE has revealed that these 50 million public Ethereum addresses are likely to include some weak keys or the addresses may have an all-around lack of randomness.