A researcher has revealed what appears to be a deliberate attempt to create vulnerable Bitcoin keys. Blockchain has issued a statement saying one such address that lost funds, while linked to a customer account, was not generated by the company.
Mysterious but Not Ours, Says Blockchain
The researcher, who chose to remain anonymous, posted their findings on Pastebin. The vulnerability had affected one real-life user called “fitwear” who reported 9 BTC missing from a Blockchain wallet address. (Those “stolen” coins had been part of the researcher’s work and were later returned.)
Whether the keys were generated by mistake, for research purposes or something more mysterious, though, is a mystery.
Blockchain said its security team had analyzed the code and reported it wasn’t used on any of their generation systems. The only addresses potentially affected had been imported, or “swept” into Blockchain wallets from other sources. Fitwear, however, denied this was the case.
What Makes a Bitcoin Key Easy to Guess?
It’s possible to generate Bitcoin key pairs from any string of text, by running a SHA-256 cryptographic hash function on it. The problem? If you can guess that initial text, then you also have the private keys.
This means anyone who generated Bitcoin keys from a common word, or easily-guessed phrase, has probably lost their money by now. Hackers and researchers (both black- and white-hat) have run that SHA-256 function on nearly everything they could imagine, in the hope of finding “buried treasure”.
We’ve known for many years that generating keys from easily-guessed text strings is a bad idea (the researcher notes the brainwallet.org example). But what if you go further, looking for less-obvious “seeds”?
Interestingly, they discovered actual bitcoin addresses generated in the following ways:
- from transaction block hashes (perhaps someone thought remembering only the corresponding six-digit block height number was a good mnemonic;
- by running SHA-256 hashes multiple times on common words;
- from the merkle root used as a private key.
Those tricks might be more apparent to someone who knows Bitcoin well, but may alarm tech-savvy newcomers who think they’ve found innovative ways to remember BTC keys in their heads. Remember the rule: if you can think of a neat trick, someone else can think of it too. Only randomly-generated strings are secure.
Things Get More Interesting Using Transaction Data
However it was the final experiment that produced the most worrisome results. The researcher performed SHA-256 functions on ordinary Bitcoin public keys (i.e.: the ones that usually start with a 1 or 3).
Generating a new private key from an existing public one isn’t a radical idea in itself. But it seemed to be happening on a regular basis. Moreover, coins sent to those addresses over long periods of time (and still ongoing) always seemed to move out of them within minutes — as if something was waiting for them to arrive there.
What was going on?
Mistake, Bug, Theft or Something Weirder?
Thinking it was either a weird coding error or clever scam, the researcher created a bot to search for transactions sent to addresses generated in this matter.
Within 48 hours on June 19th, they found an address with 9.5 BTC — which departed within 15 minutes. You can see the address and its mysterious transactions here.
Going deeper, they also found (almost by accident) that other keys were being generated by transaction IDs — and that the suspect address generating code was using recent transaction IDs to seed new deliberately-vulnerable or “toxic” receiving addresses.
This happened regularly — someone was (and is still) creating addresses with existing previous (and related) blockchain information, receiving BTC and then sweeping the balances. Did a bad actor, at some point, insert this code into a company’s wallet-generating software in order to steal its BTC for years into the future? Or was there still a possibility it happened for some other reason, like a coding error or even a joke?
Various responders weighed in with theories, including that change addresses and use of old software libraries may be to blame.
After reading through that doc, it sounds like maybe some bit of code decided "hmm, that's not a well formatted WIF private key, it must be a brainwallet" without very clearly explaining what was going on. https://t.co/V9ep76aHBs will do this with loud warnings.
— Ryan Castellucci (@ryancdotorg) November 30, 2017
The anonymous researcher provided a full list of “toxic” addresses that had had bitcoin amounts pass through at some stage — but warned there may be many more still waiting to be generated and used. They concluded:
“As long as humans are involved in the services that surround it (mining pools, exchanges, online/mobile wallets) there is always a chance for fraud or error. The bitcoin network itself may be ‘trustless’, but anything humans touch around its peripheries is certainly not.”
Of course, the Bitcoin network itself was also created by humans at one point. But so far, no-one has discovered a fatal flaw with it. So far.
Do you have any theories on what’s going on here? If so, please share them in the comments.
Images via YouTube, Pixabay