A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions(wired.com)
wired.com
A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions
https://www.wired.com/story/blockchain-bandit-ethereum-weak-private-keys/
190 comments
I don't know much about bitcoin, but how hard would it be to actually exchange that money for US dollars?
Small amounts are somewhat easy to exchange, if you want to exchange millions it gets much, much more difficult since you have to explain the source of funds to the exchanges and banks involved. If you have hacked them they will use blockchain analysis etc.
they will use blockchain analysis
Tumbling the coins would help with this, right?
Tumbling the coins would help with this, right?
If you have to explain where it's from it may be more suspicious if it looks like you took steps to hide the origin, calling for even more detailed proofs.
If you're in the US getting dollars wouldn't be hard.
Laundering it appropriately that wouldn't raise questions might be a bigger issue. By no means impossible but a challenge that all by itself could get you in trouble.
Laundering it appropriately that wouldn't raise questions might be a bigger issue. By no means impossible but a challenge that all by itself could get you in trouble.
It'd probably be easier to just withdraw a small monthly amount (<500$) to pay for bills and such. I'd be a good way to pay for non-essential things, maybe even rent.
If you're small-scale then this works. I imagine big wallets are being tracked by governments, you probably don't want to create a log that can be traced to you.
Ultimately, big-scale heists will always need money laundering.
Ultimately, big-scale heists will always need money laundering.
Laundering on a blockchain should be fairly simple (Monero or ZCash can be used to filter the money).
ShapeShift was popular with ETH thieves. Convert & tumble. Not sure now with ShapeShift moving towards KYC requirements.
doesn't seem that hard, launder it through mixers and then sell it on unregulated exchanges at a discount, maybe use localbitcoins too.
he's just in it for the long run and will probably have the last laugh. 2017 was probably not the last major bull run in cryptos.
Why would crypto run? There's way too many of them.
Because it’s a rigged market and easily manipulated because it’s unregulated.
The same reasons it’s run in the past...essentially the same reason for boom and bust cycles in normal markets.
The same reasons it’s run in the past...essentially the same reason for boom and bust cycles in normal markets.
Rigged how? Isn't a major point of blockchain its unriggability?
Blockchain is absolutely riggable, that’s what a famed “51% attack” is, but that’s not what we’re talking about.
Very little blockchain activity happens “on chain”, and absolutely none of the buying/selling to and from other currencies (including USD) does, because thats not possible. Instead most activity happens on exchanges, which hold onto coins for the user and track account balance in a SQL database just like a traditional exchange. Only if a user moves between exchanges or takes possession of their own coins (a rare occurrence) does an on chain transaction happen, otherwise the rest happens in a SQL database somewhere.
These exchanges are absolutely full of straight up fraud, with some analysts claiming up to 95% faked trade volume. Most exchanges trade on their own account, sometimes badly, and the seediest didn’t even require that you create 2 accounts to wash trade. In this case the on chain transactions aren’t rigged, but the price sure is.
Note: these are the exchanges that also famously get robbed (or “robbed”) and go bankrupt with their clients money. Examples famously include Quadrigacx, Mt. Gox, and others.
Very little blockchain activity happens “on chain”, and absolutely none of the buying/selling to and from other currencies (including USD) does, because thats not possible. Instead most activity happens on exchanges, which hold onto coins for the user and track account balance in a SQL database just like a traditional exchange. Only if a user moves between exchanges or takes possession of their own coins (a rare occurrence) does an on chain transaction happen, otherwise the rest happens in a SQL database somewhere.
These exchanges are absolutely full of straight up fraud, with some analysts claiming up to 95% faked trade volume. Most exchanges trade on their own account, sometimes badly, and the seediest didn’t even require that you create 2 accounts to wash trade. In this case the on chain transactions aren’t rigged, but the price sure is.
Note: these are the exchanges that also famously get robbed (or “robbed”) and go bankrupt with their clients money. Examples famously include Quadrigacx, Mt. Gox, and others.
> Blockchain is absolutely riggable, that’s what a famed “51% attack”
that sounds a bit FUD-dy. 51% allows you to make a double-spend, not "absolutely rig" the blockchain. even with 100% hashrate you won't be able to spend bitcoins without having a private key.
that sounds a bit FUD-dy. 51% allows you to make a double-spend, not "absolutely rig" the blockchain. even with 100% hashrate you won't be able to spend bitcoins without having a private key.
low volume means price can be relatively easily manipulated.
The price is easily manipulated due to the low liquidity of the BTC market. The blockchain itself is irrelevant when discussing trading/price manipulation.
Correction: low liquidity of the majority of cryptocurrencies/tokens. BTC has by far the best liquidity among the cryptocurrencies.
Still very low compared to normal markets, I would think.
Yes.
S&P 500 E-mini futures have a notional value of roughly $147,000 right now, and on average, 1-2 million contracts change hands daily.
On average, about 35 billion dollars of SPY, a single S&P 500 ETF is traded daily.
It's hard to find accurate BTC average daily volume numbers, but probably somewhere between 1 and 10 billion dollars daily.
So yes, bitcoin is an extremely thin market compared to the market depth of 2 extremely liquid assets, both of which pale in comparison to the 550 billion USD daily volume of the treasuries market.
BTC does have the tightest bid/ask spread of pretty much any asset that is traded, as a percentage of the asset's value. It's typically a penny to a few cents on the major exchanges, which is a few thousandths of a percent.
S&P 500 E-mini futures have a notional value of roughly $147,000 right now, and on average, 1-2 million contracts change hands daily.
On average, about 35 billion dollars of SPY, a single S&P 500 ETF is traded daily.
It's hard to find accurate BTC average daily volume numbers, but probably somewhere between 1 and 10 billion dollars daily.
So yes, bitcoin is an extremely thin market compared to the market depth of 2 extremely liquid assets, both of which pale in comparison to the 550 billion USD daily volume of the treasuries market.
BTC does have the tightest bid/ask spread of pretty much any asset that is traded, as a percentage of the asset's value. It's typically a penny to a few cents on the major exchanges, which is a few thousandths of a percent.
so is market cap
That statement doesn’t make sense. The dynamics of open markets with open trade data that make spoofing difficult (e.g. the stock exchanges) are very different than a rigged market.
So not the same reason for boom/bust cycles at all.
So not the same reason for boom/bust cycles at all.
>The dynamics of open markets with open trade data
Well the mortgage data was available, but no one looked into it until they did, and even then the smart money bet against the market...yet everything remained AAA rated for years despite the known toxicity, turns out the ratings were rigged also.
It’s pump and dump schemes all the way down, public markets/crypto markets it make no difference. There isn’t an economist alive who doesn’t say the stock market is significantly overvalued at this time and yet...historic highs remain, until they don’t.
Well the mortgage data was available, but no one looked into it until they did, and even then the smart money bet against the market...yet everything remained AAA rated for years despite the known toxicity, turns out the ratings were rigged also.
It’s pump and dump schemes all the way down, public markets/crypto markets it make no difference. There isn’t an economist alive who doesn’t say the stock market is significantly overvalued at this time and yet...historic highs remain, until they don’t.
>> historic highs remain, until they don’t.
As someone who started a 401k fresh out of college in 1988, this fear will be in the back of my mind until convert my entire portfolio into bonds. Probably in a few more years it'll begin.
As someone who started a 401k fresh out of college in 1988, this fear will be in the back of my mind until convert my entire portfolio into bonds. Probably in a few more years it'll begin.
rigged market is one argument. another is that price discovery is still in process, it's still a relatively new commodity, there's as much reason for it to go up as there is to go down. bull run of 2017 was no different from one in 2013 and 2010 before that - there's no strong argument to say 2017 was the last one.
Blockchains have a 3-way mechanism of value, security and adoption, which are also strongly tied to network effects. The value somewhat follows the square of the number of users. That's why the strongest will get stronger, in value, security and adoption.
Obviously the market value is based on speculation which tries to predict the future development, and is also strongly affected by the current mood of the markets. That's why there has been a constant increase in value and in addition cyclical 'bubbles'. Currently it seems that the market is starting an another 'bubble cycle'.
There isn't enough users and security for all blockchains to be valuable.
Obviously the market value is based on speculation which tries to predict the future development, and is also strongly affected by the current mood of the markets. That's why there has been a constant increase in value and in addition cyclical 'bubbles'. Currently it seems that the market is starting an another 'bubble cycle'.
There isn't enough users and security for all blockchains to be valuable.
> Despite tracking those transfers, Bednarek has no real idea of who the blockchain bandit might be. "I wouldn’t be surprised if it’s a state actor, like North Korea, but that's all just speculation,"
Given how "easy" the attack actually is, I see no reason to suspect a state actor. This is a genuine question: why don't people start by suspecting some kind of criminal organizations like the mafia instead?
Given how "easy" the attack actually is, I see no reason to suspect a state actor. This is a genuine question: why don't people start by suspecting some kind of criminal organizations like the mafia instead?
Or more generally, why do so many people attribute particular competence to, uh, state actors?
While he was at the NSA, Edward Snowden complained that it stores more information on Americans than on Russians. He complained that that's illegal, but there's another remarkable facet to it: How good is the NSA at collecting information from Russia, then? I can hardly believe that the NSA tries to collect more data on Americans than on its actual mission, so how good is the NSA at its mission?
There are many other examples, like the German service that's supposed to monitor the nazis and missed the a group that made and sold a DVD about its killings.
It seems so strange to assume higher-than-average competence in organisations like that.
While he was at the NSA, Edward Snowden complained that it stores more information on Americans than on Russians. He complained that that's illegal, but there's another remarkable facet to it: How good is the NSA at collecting information from Russia, then? I can hardly believe that the NSA tries to collect more data on Americans than on its actual mission, so how good is the NSA at its mission?
There are many other examples, like the German service that's supposed to monitor the nazis and missed the a group that made and sold a DVD about its killings.
It seems so strange to assume higher-than-average competence in organisations like that.
In general, it makes sense to assume that stuff which irrespective of competence would require large amounts of resources, access to intercepts or the ability to flagrantly breach local laws without anyone stepping in might have state involvement, especially if there's an obvious motive for the state to target that person/organization.
Not convinced that guessing private keys of anonymous randoms for a few million in assets of limited fungibility falls into that category. I'm not sure it's a question of competence in this case so much as why would a state be the ones tackling these accounts, when a lone criminal with relevant knowledge of cryptography would have the ability and a lot more motivation to do it?
Not convinced that guessing private keys of anonymous randoms for a few million in assets of limited fungibility falls into that category. I'm not sure it's a question of competence in this case so much as why would a state be the ones tackling these accounts, when a lone criminal with relevant knowledge of cryptography would have the ability and a lot more motivation to do it?
Why would a criminal leave the coins to sit in the final wallet undisturbed? The article said the wallet only had incoming transactions and never sent any coins anywhere. Surely if you're a criminal organization stealing cryptocurrency you'd want to actually use it.
It's not necessarily the only wallet a criminal has access to, and most people don't draw on their savings account all the time. Can't fathom why a government would want to write algorithms that quietly steal tokens from thousands of random individuals unfortunate enough to have particularly crackable private keys and send them to a particular dormant account either. It's not like there's a lack of other crypto-heist stories out there.
A government has a much more plausible reason to be willing to siphon off and stockpile large amounts of cryptocurrency without using it, just in case they ever do need to have a bunch of coins on hand for something.
A state like North Korea is different than a state like Russia or the US. It’s possible that they employ hackers who’s mandate is to generate revenue.
The NSA is probably better at domestic surveillance because it's much easier and/or cheaper than foreign surveillance. If people of the same ability level work on both, the domestic results will be better. That doesn't meant the NSA is incompetent.
You're comparing two different things, though.
Collecting data, and further, processing that collected data, is fundamentally different than executing a difficult, targeted attack.
State level actors have massive amounts of resources, which makes them uniquely situated to perform difficult tasks like cracking encryption keys or developing insanely complex exploits.
So - the particular competence people give state actors generally has to do with that level of resources, while the same state actors are accurately attributed the incompetence that comes with large bureaucracies.
Collecting data, and further, processing that collected data, is fundamentally different than executing a difficult, targeted attack.
State level actors have massive amounts of resources, which makes them uniquely situated to perform difficult tasks like cracking encryption keys or developing insanely complex exploits.
So - the particular competence people give state actors generally has to do with that level of resources, while the same state actors are accurately attributed the incompetence that comes with large bureaucracies.
Fairly good, I'd reckon https://www.wired.com/2015/02/nsa-firmware-hacking/
That's awesome and reminds me of this sparetime project: http://spritesmods.com/?art=hddhack
The biggest threat to the NSA and its budget proponents is not foreign.
Oh and their mission changed but it's still self contradictory.
https://withoutbullshit.com/blog/nsa-adopts-new-watchwords-m...
Oh and their mission changed but it's still self contradictory.
https://withoutbullshit.com/blog/nsa-adopts-new-watchwords-m...
[deleted]
[deleted]
"State actor" is security research speek for "I am very happy that you interview me, and I understand your need for an sexy headline."
Why not a 15 year old script kiddie? All you need to coordinate this attack is some anonymous server power that cannot be linked to you, and it's not something that's very hard to come by.
Depends on how weak the keys are. They say some were trivial, but it's possible others still had enough entropy to require a lot of brute forcing. Most 15-year-olds don't have a lot of capital to deploy.
Yeah, but this one, if he exists, does. Crack open a piggy bank, find enough money to buy safecracking tools.
Yeah.... if the first ones were trivial and acted as a proof of concept, that would generate enough money for them to invest in better servers with more distance from the actual person running it.
> why don't people start by suspecting some kind of criminal organizations like the mafia instead?
Same logic as you've just used: it's so easy you don't need to be the mob. What would their edge be anyway? All you need is enough money to rent some cloud servers.
Same logic as you've just used: it's so easy you don't need to be the mob. What would their edge be anyway? All you need is enough money to rent some cloud servers.
Because they haven't cached out? If you don't cash out, then the point is something other than just getting the money. The amount seems excessive for someone that is just a researcher, so a state actor that is trying to destabilise the whole system makes a bit of sense.
At one point a couple of years ago, for testing purposes, I created a brain wallet (that is, a short phrase that when hashed would yield a key pair) in Bitcoin testnet so that a group of people could each have access to them for testing purposes. It was just a simple substitution -- a common enough word with 3's and !'s mixed in. For testnet coins, which are worthless, it seemed harmless enough.
It was "stolen" literally minutes after first depositing the coins at the address; we assumed by someone running a monitoring daemon looking for a large rainbow table of bitcoin addresses, and testing out there efforts on the testnet. I wonder how many bitcoins they managed to extract once they put their system into production.
It was "stolen" literally minutes after first depositing the coins at the address; we assumed by someone running a monitoring daemon looking for a large rainbow table of bitcoin addresses, and testing out there efforts on the testnet. I wonder how many bitcoins they managed to extract once they put their system into production.
Or they were a whitehat wanting your problems to be caught in testing.
It's possible. We did a cursory look for the destination address to see what was happening. If I were a whitehat looking to educate people I would publish the destination address with a message saying what had happened, and probably send the coins back to one of the testnet faucets. As it was it looked like our coins went to a single-use address and sat there, which seems like more of a black-hat strategy.
I don't remember the address we used, though. Here's [1] a similar one, for "correct horse battery staple" -- the funds were moved (in the same block) from the address to a single-use address where they sat.
[1] https://live.blockcypher.com/btc-testnet/tx/835509e51ab9054e...
I don't remember the address we used, though. Here's [1] a similar one, for "correct horse battery staple" -- the funds were moved (in the same block) from the address to a single-use address where they sat.
[1] https://live.blockcypher.com/btc-testnet/tx/835509e51ab9054e...
> I would publish the destination address with a message saying what had happened
Bitcoin does not support embedding messages in addresses (and embedding messages in transactions is controversial as it will be stored in blockchain forever, so many block explorers do not render such messages to discourage it).
Bitcoin does not support embedding messages in addresses (and embedding messages in transactions is controversial as it will be stored in blockchain forever, so many block explorers do not render such messages to discourage it).
I mean publish in the old fashioned sense - put it on a web page so someone could google it.
If he screwed up their project without permission, that's not totally "white hat".
It was testnet, though, so worthless, and easily obtained (in small amounts) from a testnet faucet (like [1], [2], or [3]). We considered continuing to share, but in the end it was just easier for individual developers to obtain their own and use them for testing rather than managing a central pool.
[1] https://testnet-faucet.mempool.co/
[2] https://bitcoinfaucet.uo1.net/
[3] https://kuttler.eu/en/bitcoin/btc/faucet/
[1] https://testnet-faucet.mempool.co/
[2] https://bitcoinfaucet.uo1.net/
[3] https://kuttler.eu/en/bitcoin/btc/faucet/
That's the kind of stuff testnet is for. It's better to have worthless coins stolen during testing than real coins stolen later.
To clarify the title: they’re guessing insecure private keys, not keys generated by normal (and not buggy) wallet software.
This isn’t surprising. “Brain wallets” have been been discouraged for a long time now. Unless you really know what you’re doing it’s easy to accidentally pick an insecure phrase. Even a paragraph of text from, say, an obscure book will probably eventually be found, if that book ever ends up digitized on the Internet.
The safest way is to generate a truly random key, then map that to a wordlist like BIP39 does.
This isn’t surprising. “Brain wallets” have been been discouraged for a long time now. Unless you really know what you’re doing it’s easy to accidentally pick an insecure phrase. Even a paragraph of text from, say, an obscure book will probably eventually be found, if that book ever ends up digitized on the Internet.
The safest way is to generate a truly random key, then map that to a wordlist like BIP39 does.
Can anyone read the article on mobile ? Half the page is covered by a stupid overlay telling me i got two articles left to read. If only i can read the first one !
Disable Javascript for wired, it removes everything but a small nav header.
Can you even disable js on mobile?
Yes, by using something like uBlock Origin's advanced mode, you can disable js selectively (per site), even on mobile. It makes a huge difference on the data usage, which is important when your mobile data is limited.
Yes (for both Chrome and Firefox), and it massively improves browsing experience, IMO. At least for Chrome you can even do site-specific exclusions.
I see it now: https://support.mozilla.org/en-US/questions/934492
I had no idea about:config worked in the Android app as well.
I had no idea about:config worked in the Android app as well.
On the iPhone, you just go to Safari settings, then Advanced and switch Javascript off.
That's what reader view was made for. Just click it
Welcome to modern Web
If you're on iOS, try a little blocker app called Unobstruct - it has a share sheet extension that strips off all obstructing overlays (social media sharig stuff, dickbars, etc) when activated. Very effective, and on demand.
People used to do this to bitcoin addresses all the time back in 2013, the same servers are probably still running
I always thought about all the opportunities to do it on other blockchains, but the challenge of picking which blockchain would be so taxing
Now that this season there are several high values one like Ethereum you can easily choose
The concepts are the same for all of the chains
Also lol at state actor. Guessing a private key of “1”? Come on. People were doing this with entire phrases from obscure songs and poems 6 years ago. No brainwallet is safe. Deflecting is a great way to get away with hacking
I always thought about all the opportunities to do it on other blockchains, but the challenge of picking which blockchain would be so taxing
Now that this season there are several high values one like Ethereum you can easily choose
The concepts are the same for all of the chains
Also lol at state actor. Guessing a private key of “1”? Come on. People were doing this with entire phrases from obscure songs and poems 6 years ago. No brainwallet is safe. Deflecting is a great way to get away with hacking
Probably used the technique described here,
https://bitcoin.stackexchange.com/questions/25814/ecdsa-sign...
It's much easier! Just call ethereum's `crypto.ToECDSA` [1] with a big-endian encoded 256-bit unsigned integer of interest, e.g. 0x1 or 0x100, as described in the article. Try the resulting private key.
[1] https://godoc.org/github.com/ethereum/go-ethereum/crypto#ToE...
[1] https://godoc.org/github.com/ethereum/go-ethereum/crypto#ToE...
Y'all are talking about two different things.
Secret key recovery via nonce reuse(linked SO post) is a different than simply trying a range of integers which is mostly what these researchers did.
Secret key recovery via nonce reuse(linked SO post) is a different than simply trying a range of integers which is mostly what these researchers did.
There are many addresses created from integers under 1000000. This is nothing special. There are also many addresses created from basic words converted to sha256 and the used as the primary key hex. Eg, ‘Satoshi Nakamoto’ .
This is what they did: https://www.securityevaluators.com/casestudies/ethercombing/
So this was a heist performed on a number guessing game by guessing numbers? Poetry in motion.
Any idea why the keygen failed so badly? Debian's openssl patches generated predictable private keys for a while but they wouldn't be a single digit. It's Wired so I don't expect technical details but some info woukld be nice.
The idea mentioned in the article of either unintentional or intentionally badly coded wallets seems likely.
Yeah but I'd like to know how the unintentional mistake was made. Eg
- Debian OpenSSL was a Debian dev trying to prevent use of uninitialised memory (because Valgrind complained), without realising that uninitialised memory is used for randomness.
- Years ago a bunch of PHP stuff (I forget what) was seeded with the string value of a randomness function, rather than it's output.
What happened here?
- Debian OpenSSL was a Debian dev trying to prevent use of uninitialised memory (because Valgrind complained), without realising that uninitialised memory is used for randomness.
- Years ago a bunch of PHP stuff (I forget what) was seeded with the string value of a randomness function, rather than it's output.
What happened here?
> without realising that uninitialised memory is used for randomness
It was more subtle than that: there were two identical calls, one of which added uninitialized memory, while the other added real entropy. The developer mistakenly removed both, thinking both were equally useless, instead of only removing the one with undefined behavior. To make things worse, another call added the current PID, so the results weren't identical every time. See more detail at https://research.swtch.com/openssl
It was more subtle than that: there were two identical calls, one of which added uninitialized memory, while the other added real entropy. The developer mistakenly removed both, thinking both were equally useless, instead of only removing the one with undefined behavior. To make things worse, another call added the current PID, so the results weren't identical every time. See more detail at https://research.swtch.com/openssl
There's lots of third party wallets, so the answer is probably all that and more. Broken KDFs, truncating things, etc.
This part was interesting: "Bednarek then tried putting a dollar into a new, previously unused weak key address. It, too, was emptied in seconds, this time transferred into an account that held just a few thousand dollars worth of ether. But Bednarek could see in the pending transactions on the Ethereum blockchain that the more successful ether bandit had attempted to grab it as well. Someone had beaten him to it by mere milliseconds." [emphasis mine]
It seems like there is an arms race of Blockchain Bandits leading to HFC-like systems aiming to try out as many generic private keys as possible as quickly as possible.
It seems like there is an arms race of Blockchain Bandits leading to HFC-like systems aiming to try out as many generic private keys as possible as quickly as possible.
High frequency crypto 'theft', amazing.
There's a hundred private keys on this page
https://2coin.org/keys-btc.html
I discovered this personally when writing some bitcoin code.
I got to a stage where I wanted to test my code all the way to the BTC blockchain. I figured I'd stick in the randomizing seed later, and just make sure I could talk to the blockchain. To my surprise, every time I made a transaction I'd see another one on the explorer sites, emptying my new address. I did it a couple of times thinking I'd coded something wrong or something like that.
I got to a stage where I wanted to test my code all the way to the BTC blockchain. I figured I'd stick in the randomizing seed later, and just make sure I could talk to the blockchain. To my surprise, every time I made a transaction I'd see another one on the explorer sites, emptying my new address. I did it a couple of times thinking I'd coded something wrong or something like that.
How did you generate your seed? Not trying to insult you, but the number of people generating seeds online or using very poor seeds is mind boggling.
Just a crappy simple word. I thought I'd just make sure the whole process worked first, then replace the string with something more sensible.
You'd think they'd put a minimum in there before grabbing the coins.
You'd think they'd put a minimum in there before grabbing the coins.
As the stream of transactions goes up, how difficult is it to keep up with them to pull this kind of heist off? Actually, I don't even know how many transactions/sec are happening in the Ethereum/Bitcoin world right now. Is there some sort of a stream one can subscribe to, to see what transactions are happening, and try to compromise them?
Just run a full node and your peers will send you new transactions. Ingest them from the node’s RPC interface into your own application for processing. Send your own transactions out through the same node.
> As the stream of transactions goes up
It doesn't. Bitcoin is architecturally limited to ~7 transactions per second, and typical rates are about half that.
It doesn't. Bitcoin is architecturally limited to ~7 transactions per second, and typical rates are about half that.
I spent a few weeks last year running a server on the head of the ethereum chain looking for any up coming transactions with notes containing something in a private key format. I was shocked at the number of notes which mapped to real wallets
Hypothetical..
Ethereum is the world currency. Everyone is using it. Criminals and script kiddies are running scripts that guess completely random private keys. Occasionally they make hits and steal people's wealth.
What's the next step in securing your wallet? Making sure your wealth is stored across a million wallets?
Ethereum is the world currency. Everyone is using it. Criminals and script kiddies are running scripts that guess completely random private keys. Occasionally they make hits and steal people's wealth.
What's the next step in securing your wallet? Making sure your wealth is stored across a million wallets?
This hypothetical starts to look silly when you do the math. Rolling random private keys is effectively a form of very inefficient mining. You'd spend a ton on electricity, and your odds are lower than just buying a lottery ticket.
These occasional hits are basically mathematically impossible. It wouldn't make sense for anyone to run a script to do this.
If you were really concerned, you could make a multisig wallet.
If you were really concerned, you could make a multisig wallet.
That’s proved a little more perilous with Ethereum compared to Bitcoin, heh
https://github.com/ethereum/EIPs/blob/master/EIPS/eip-999.md
https://github.com/ethereum/EIPs/blob/master/EIPS/eip-999.md
[deleted]
[deleted]
zackkatz(5)
He's not a bandit nor a thief. This is how crypto-property works : if you have knowledge of the keys, it's yours.
Successfully guessing the correct combination on a padlock does not make it any less criminal when you decide to steal someone's bike.
Also: even if it were legal, it would still be stealing someone else's property.
But crypto property is NOT regular property
magic internet property
A bunch of others have made the obvious reply, that knowing the keys doesn't transfer legal ownership.
But you still have a good point: Ethereum -- which the article is about -- specifically endorses the philosophy of "code is law", that you can actually replace all of law enforcement and courts with smart contracts on the blockchain, that there's no need for an external power to override its results.
Dumb contract spec? Give out the private keys? Tough. "Code is law."
This is a philosophy not universally held by blockchain advocates, but definitely held by Ethereum advocates (if inconsistently -- see DAO hack). So it's a fair response in this case.
But you still have a good point: Ethereum -- which the article is about -- specifically endorses the philosophy of "code is law", that you can actually replace all of law enforcement and courts with smart contracts on the blockchain, that there's no need for an external power to override its results.
Dumb contract spec? Give out the private keys? Tough. "Code is law."
This is a philosophy not universally held by blockchain advocates, but definitely held by Ethereum advocates (if inconsistently -- see DAO hack). So it's a fair response in this case.
Your post confuses me. Ethereum did a rollback, so how can they continue with their “Code is Law” belief?
An inconsistently adopted/implemented belief doesn’t sound like a belief at all.
An inconsistently adopted/implemented belief doesn’t sound like a belief at all.
I agree they've been hypocritical about it, but it's at least what they claim to support.
[deleted]
That's like saying: If you know the vault combination at a bank, the content is yours.
In the end, you still have to obey the laws of the land. No mater how decentralized some tech is, it's still attached to some country, and thus its laws.
In the end, you still have to obey the laws of the land. No mater how decentralized some tech is, it's still attached to some country, and thus its laws.
That assumes there's some state that accepts or claims the responsibility of arbitrating issues of cryptocurrency ownership, and has both the capability and the will to enforce its rulings.
Which seems like just the kind of dependency many crypto-enthusiasts are trying to avoid; and it's unclear to what extent states are interested in taking on that responsibility.
Without that, it really is a wild west out there, where anyone who can guess my key is free to claim my wealth. That model may appeal to some people, but I doubt the general public will care for it.
Which seems like just the kind of dependency many crypto-enthusiasts are trying to avoid; and it's unclear to what extent states are interested in taking on that responsibility.
Without that, it really is a wild west out there, where anyone who can guess my key is free to claim my wealth. That model may appeal to some people, but I doubt the general public will care for it.
There have already been several cases of the police getting involved in crypto thefts. Here is an example: https://cointelegraph.com/news/international-police-collabor...
It sounds like that guy created what appeared to be a legitimate wallet creation service, and then emptied the accounts of anyone who used it. That definitely sounds fraudulent.
We don’t know if the person “guessing” Ethereum keys is also the one generating them, but from the article it seems there are multiple people scanning for known keys, so at least some of them aren’t intentionally duping users.
We don’t know if the person “guessing” Ethereum keys is also the one generating them, but from the article it seems there are multiple people scanning for known keys, so at least some of them aren’t intentionally duping users.
In general governments are more than happy to arbitrate civil issues of ownership regardless of the property, but there may not be much appetite to pursue criminal investigation.
You really don't have to if your own state has a complete disregard for the laws that a third party state with a grievance tries to apply to you, which is the reality for a lot of people.
Same with anything really. If you know my password everything in my bank account is yours too. A private key is simply a very complex password.
Unfortunately crypto’s greatest strength (that it’s akin to cash) is also it’s greatest weakness. There’s no way to set up 2FA like I can with my bank and there’s no fraud protection, etc.
Edit: doesn’t mean he’s not a thief, btw.
Unfortunately crypto’s greatest strength (that it’s akin to cash) is also it’s greatest weakness. There’s no way to set up 2FA like I can with my bank and there’s no fraud protection, etc.
Edit: doesn’t mean he’s not a thief, btw.
"If you know my password everything in my bank account is yours too."
That's not true. Bank transactions are reversible. The legal system has your back.
https://www.consumerfinance.gov/ask-cfpb/how-do-i-get-my-mon...
That's not true. Bank transactions are reversible. The legal system has your back.
https://www.consumerfinance.gov/ask-cfpb/how-do-i-get-my-mon...
And... I addressed that?
You can set as many devices as you want in a M-of-N multisignature address where M out of N devices have to sign in order to move funds
And how many people do that? Is there an organized process for advocating that?
I guess what I’m really asking is: does Coinbase do this? Because honestly, if Joe User doesn’t know to do this and it’s not made available through the most popular consumer interface... it doesn’t matter.
I guess what I’m really asking is: does Coinbase do this? Because honestly, if Joe User doesn’t know to do this and it’s not made available through the most popular consumer interface... it doesn’t matter.
I thought 2FA or similar was "just around the corner" for bitcoin?
Hardware wallets have been used for years.
2FA should be enabled for any centralized accounts, like exchanges, but there’s no authority who could require a second factor for a real Bitcoin wallet.
Edit: multi-sig has been available for a while, so I suppose that could almost be considered 2FA
2FA should be enabled for any centralized accounts, like exchanges, but there’s no authority who could require a second factor for a real Bitcoin wallet.
Edit: multi-sig has been available for a while, so I suppose that could almost be considered 2FA
Analogies to bicycles or bank safes are silly.
Crypto is putting something in a magic box with a sign on it that says "contents property of the first person to utter the magic words". "Your" cryptocurrency is not yours. It's "owned by" the magic words, not you. You can assign new magic words, but you can never insert yourself between the crypto and magic words, until you cash out the crypto to some other form of currency.
Crypto is putting something in a magic box with a sign on it that says "contents property of the first person to utter the magic words". "Your" cryptocurrency is not yours. It's "owned by" the magic words, not you. You can assign new magic words, but you can never insert yourself between the crypto and magic words, until you cash out the crypto to some other form of currency.
True crypto-libertarians would of course respond that once cashed out to "some other form of currency" it still isn't owned by you.
I agree if we are talking about legally theft. If people are going to turn to the state to protect their crypto, what is the point of crypto? Just use state backed money in that case.
IMO it's a little different on if it's morally wrong/theft.
IMO it's a little different on if it's morally wrong/theft.
That would make for an interesting legal case if the parties were known and in a suitable jurisdiction.
Yawn, just another case of poor password selection.
I built a house with no walls, and then someone stole my TV!
This analogy falls completely flat. It is more like you live in the most secure fortress but set your door code to 1234.
But also because crypto is totally unregulated -- and by the rules of the game, if you have the keys, you have the coins -- you have zero recourse. Not that it could be reversed anyways. In both these real-world cases, you've got the police.
In the context of the US, crypto is regulated.
https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
Yes technically that's true but it doesn't really matter, those laws won't have any effect on activities like this.
There's always some other hacker in some other country ready to take your unsecured coins.
There's always some other hacker in some other country ready to take your unsecured coins.
That applies to regular theft as well, it's illegal and still it happens.
I'm not a lawyer, but I'm pretty sure that using a guessed key to transfer funds is as illegal as using a guessed password would be to transfer funds from one bank account to another or using a "guessed" house key to enter a house and walk away with the TV.
That's not to say that you have a lot of options to get your ether back, but that's not fundamentally different from regular theft either.
I'm not a lawyer, but I'm pretty sure that using a guessed key to transfer funds is as illegal as using a guessed password would be to transfer funds from one bank account to another or using a "guessed" house key to enter a house and walk away with the TV.
That's not to say that you have a lot of options to get your ether back, but that's not fundamentally different from regular theft either.
> but that's not fundamentally different from regular theft either.
Regular theft certainly occurs and is illegal, however this scenario is entirely different from the most common types of regular theft.
A criminal operating in a foreign nation is going to steal: physical items from my house, my wallet, my car, items in my car, my bike, the watch on my arm, the tv in my living room, valuables in my home safe, valuables in my safety deposit box (that one is very difficult in general)? Nope.
The most common types of regular theft involve physical items that are physically lifted. Even most bank account scams are performed domestically, not internationally.
There is an extraordinarily tiny set of potential criminals likely to, or capable of targeting me when it comes to the most common forms of regular theft. It is not open to a global-scale competition as in this 'blockchain bandit' case.
A friend recently had their vehicle broken into. A thousand dollars worth of physical items were stolen. Half of it was recovered quickly by checking local pawn shops. Good luck doing anything like that with Ethereum and a foreign bandit.
Regular theft certainly occurs and is illegal, however this scenario is entirely different from the most common types of regular theft.
A criminal operating in a foreign nation is going to steal: physical items from my house, my wallet, my car, items in my car, my bike, the watch on my arm, the tv in my living room, valuables in my home safe, valuables in my safety deposit box (that one is very difficult in general)? Nope.
The most common types of regular theft involve physical items that are physically lifted. Even most bank account scams are performed domestically, not internationally.
There is an extraordinarily tiny set of potential criminals likely to, or capable of targeting me when it comes to the most common forms of regular theft. It is not open to a global-scale competition as in this 'blockchain bandit' case.
A friend recently had their vehicle broken into. A thousand dollars worth of physical items were stolen. Half of it was recovered quickly by checking local pawn shops. Good luck doing anything like that with Ethereum and a foreign bandit.
> A friend recently had their vehicle broken into. A thousand dollars worth of physical items were stolen. Half of it was recovered quickly by checking local pawn shops. Good luck doing anything like that with Ethereum and a foreign bandit.
That's true, at least for recognizable things. If the thief steals currency, e.g. a stack of dollar bills, you'll have about the same potential to get those bills (or others) back unless you locate the thief. The jurisdiction adds a layer of confusion, but that's not the relevant part imho. If I break into your mail account and illegally transfer your domains to my hoster, you'll have high chances to get them back, even if I'm in another country or continent, because there's a central authority that has the power to make it happen if you can provide sufficient proof. There's no such authority for ether (well ... they could fork, but realistically, they won't) or cash, and that's what makes it hard.
That's true, at least for recognizable things. If the thief steals currency, e.g. a stack of dollar bills, you'll have about the same potential to get those bills (or others) back unless you locate the thief. The jurisdiction adds a layer of confusion, but that's not the relevant part imho. If I break into your mail account and illegally transfer your domains to my hoster, you'll have high chances to get them back, even if I'm in another country or continent, because there's a central authority that has the power to make it happen if you can provide sufficient proof. There's no such authority for ether (well ... they could fork, but realistically, they won't) or cash, and that's what makes it hard.
Regular theft has the added benefit (for the victim) of the thief having to show up on-site in order to steal anything.
That puts him squarely in the jurisdiction of whatever country the victim lives in, with all the complications that entails (for the thief, that is.)
This is basically theft where there is no risk for the thief.
That puts him squarely in the jurisdiction of whatever country the victim lives in, with all the complications that entails (for the thief, that is.)
This is basically theft where there is no risk for the thief.
> This is basically theft where there is no risk for the thief.
Sure, my point is just that the difference isn't in legality or possibility for recourse, but in the probability of successful enforcement of the law. The problem isn't so much that the thief is in another country, even if he lives next door to you, it's impractically hard to track him down unless he makes a mistake.
Sure, my point is just that the difference isn't in legality or possibility for recourse, but in the probability of successful enforcement of the law. The problem isn't so much that the thief is in another country, even if he lives next door to you, it's impractically hard to track him down unless he makes a mistake.
He does still need to withdraw funds though, which might be a problem nowadays (with KYC). Or are there still anonymous ways to withdraw funds?
You can exchange for Monero to gain anonymity, and there will always be a way if you're willing to pay for it. 80% of a few millions is still a good sum.
> But also because crypto is totally unregulated -- and by the rules of the game, if you have the keys, you have the coins -- you have zero recourse.
Just like cash.
Just like cash.
The difference is most of us have moved on from cash and don’t want to move back; this is a regression.
I don't propose to move back to cash.
From a privacy standpoint classic dematerialized money (credit cards and such) are a major regression.
A good cryptomoney offers all dematerialization benefits, and enforces privacy even better than cash.
From a privacy standpoint classic dematerialized money (credit cards and such) are a major regression.
A good cryptomoney offers all dematerialization benefits, and enforces privacy even better than cash.
It doesn't. With credit cards we get (included at no additional cost) 30-day loans, chargebacks, various forms of insurance and rewards for spending. None of those exist with any kinds of cryptomoney. Privacy isn't really improved with most forms of cryptomoney as you have not anonymity but pseudonymity of fully public information. Once you identify anyone (as any merchant or transaction recipient can) you can immediately access their entire transaction history all the way back to day 1. Any reasonably advanced government agency can build tools to crawl and deanonymize network participants too.
>But also because crypto is totally unregulated -- and by the rules of the game, if you have the keys, you have the coins -- you have zero recourse.
I don't think that's true. If you could go to the cops with dead-to-rights evidence that someone stole your coins, pretty sure the cops could still charge them with larceny because the law still views cryptocurrency as a form of property. Plenty of people have been charged with crimes for stealing cryptocurrency -- the ex-secret service agent who stole from the custody of the Silk Road investigation comes to mind.
It's just that catching and prosecuting cybercriminals across jurisdictions is a _very_ hard problem that it might as well be that you have "no recourse" in 99.99% of cases.
I don't think that's true. If you could go to the cops with dead-to-rights evidence that someone stole your coins, pretty sure the cops could still charge them with larceny because the law still views cryptocurrency as a form of property. Plenty of people have been charged with crimes for stealing cryptocurrency -- the ex-secret service agent who stole from the custody of the Silk Road investigation comes to mind.
It's just that catching and prosecuting cybercriminals across jurisdictions is a _very_ hard problem that it might as well be that you have "no recourse" in 99.99% of cases.
> But also because crypto is totally unregulated -- and by the rules of the game, if you have the keys, you have the coins
Nothing could stop you from opening a business that would offer insurance in case of key theft. Most banks offer around $100k (depends on the country) in case they go bankrupt or robbed which is very little if you have life time savings in them that are way more than $100k. Big banks have an advantage though in that if they ever go bankrupt they tend to be bailed out by the government which is hard to replicate as a business (you still end up paying for it through inflation so you don't technically get your money back when your bank goes bankrupt as the total value of your money goes down).
Nothing could stop you from opening a business that would offer insurance in case of key theft. Most banks offer around $100k (depends on the country) in case they go bankrupt or robbed which is very little if you have life time savings in them that are way more than $100k. Big banks have an advantage though in that if they ever go bankrupt they tend to be bailed out by the government which is hard to replicate as a business (you still end up paying for it through inflation so you don't technically get your money back when your bank goes bankrupt as the total value of your money goes down).
> Nothing could stop you from opening a business that would offer insurance in case of key theft.
There is no way to prove a key was stolen and no way to prove the theft was not a fraud. Insurance is backed up with jail time for insurance fraud and is STILL rife with fraud (especially automotive insurance).
Blockchain theft insurance is not a business that would survive long.
There is no way to prove a key was stolen and no way to prove the theft was not a fraud. Insurance is backed up with jail time for insurance fraud and is STILL rife with fraud (especially automotive insurance).
Blockchain theft insurance is not a business that would survive long.
One aspect that would be interesting is: I would expect that after an insurance payout the stolen coin would be legally the property of the insurance company. The stolen coin would accumulate on the books of the insurance company, which could then pay a premium to a recovery agency to get it back.
Of course the anonymity factor would make it all difficult, but on the other hand you can't ever truly abscond with the cash. If they could trace the movement through the ledger to a legitimate business entity that respects the same country's laws, they might be partially recoverable.
At a small scale it would be a waste of time, but on a large enough scale it might work.
Of course the anonymity factor would make it all difficult, but on the other hand you can't ever truly abscond with the cash. If they could trace the movement through the ledger to a legitimate business entity that respects the same country's laws, they might be partially recoverable.
At a small scale it would be a waste of time, but on a large enough scale it might work.
> Blockchain theft insurance is not a business that would survive long.
Why not? If they only garanty $100k and everytime you lose your key you get to pay more like car insurance. Making it more expensive to fraud with time. Not to mention all the fraud detection mechanisms that could be put in place and jail time could still apply if you're caught frauding.
Why not? If they only garanty $100k and everytime you lose your key you get to pay more like car insurance. Making it more expensive to fraud with time. Not to mention all the fraud detection mechanisms that could be put in place and jail time could still apply if you're caught frauding.
> Nothing could stop you from opening a business that would offer insurance in case of key theft.
I don't think insurance models work for this. How can the insurance company verify that the key wasn't stupid simple? It seems very hard to determine prices and premiums if can't assess the 'risk' - knowing that all 'risk' comes from the potential of user-error and nothing else
Also, there's the issue that in our financial system its very difficult for the common person to transfer all of their money to another account they own and call it theft. If I'm not mistaken that is a possibility with every single cryptocurrency, right?
I don't think insurance models work for this. How can the insurance company verify that the key wasn't stupid simple? It seems very hard to determine prices and premiums if can't assess the 'risk' - knowing that all 'risk' comes from the potential of user-error and nothing else
Also, there's the issue that in our financial system its very difficult for the common person to transfer all of their money to another account they own and call it theft. If I'm not mistaken that is a possibility with every single cryptocurrency, right?
I would expect that to get a reasonable premium, you would have to agree to follow certain best practices that would reduce the risk profile. Implementation would of course be hard.
You could be forced to use something like coinbase where they store your private keys. Actually coinbase already provides some kind of insurance in case they get hacked.
> "Don't you feel bad for him?" Bednarek asks with a laugh. "You have a thief here that amassed this fortune and then lost it all when the market crashed."
Well, 15% of $54M is still $8M.