In the news a few days ago, the revelation that Luke Dashjr, a core Bitcoin developer, had his wallet compromised, and lost 200 BTC. A small fortune, and something of a shock. I’m guessing that someone with that expertise would not have left his private key lying around, so as a cryptocurrency non-enthusiast I’m left curious as to how the attackers might have done it. So I phoned a few friends who do walk those paths for an explanation, and the result was a fascinating conversation or two. The most probable answer is still that someone broke into his computer and copied the keys — straight-up computer theft. But there’s another possible avenue that doesn’t involve stealing anything, and is surprisingly simple.
Are You A Gambler, Or An Engineer?
I’m guessing that most Hackaday readers will know something about how a blockchain works, and also how public-key cryptography works. Public-key cryptography is key to the security of a cryptocurrency like Bitcoin, with the key that unlocks all your wealth for you being your private key and the key which allows transactions to be made with you by other people being your public key.
If you want to send some cryptocurrency to someone else, you encrypt the transaction using their public key which is as its name suggests, public, and your private key which is known only to you. Thus it’s important that your private key is kept really private, because if someone finds it they control your stash of cryptocurrency. So to steal all those bitcoins someone had his private key, an eventuality that should never have happened. We can safely assume that his protection of the key was as good as it gets, so further assuming that nobody physically stole his hardware wallet or whatever he kept it on, his key was compromised by other means.
The true security of public-key cryptography lies in it being extremely difficult to guess an individual’s private key. A brute-force algorithm to guess Luke Dashjr’s private key would require unimaginable computing power over a geological-level timespan, thus it’s also safe to assume that nobody set their computer to guessing his key alone. At this point, it’s helpful to stop thinking like an engineer, and start thinking like a gambler. An engineer calculates the time required to brute force Luke Dashjr’s private key, but a gambler throws the dice and sees if the throw generates any money.
Thinking from a gambler’s perspective, what are the dice, and how likely is a throw to win? If you roll the dice by guessing a private key at random and try it against Luke Dashjr’s stash of Bitcoin alone, then you’re in the same area as the engineer waiting geological time for your computer to crack it. But if you’re a gambler, you don’t care about Luke Dashjr or anyone else, you’re simply interested in the keys to any wallet with some Bitcoin in it. At this point the odds against you come down enormously, because instead of one chance with Luke Dashjr, you have a whole blockchain’s worth of possibilities for a match.
How To Steal 200 BTC By Brute Force
So here’s how it works. The blockchain contains the public keys of all its participants, everyone who has, or has had, Bitcoin. You collect that list, which is quite large, and hold onto it. Then you roll the dice, by generating a random private key. From that private key you generate the corresponding public key, and check whether it’s in the list of public keys on the blockchain. If it matches, you empty the wallet connected with it; if not, you repeat the process by generating another key. By not focusing on a particular individual account, you’ve reduced the time you’ll have to wait to crack any account from a geological aeon to a much more manageable figure. My friends suggested that it might be possible to find something in the order of months if they had enough resources.
As the title says then, it’s a surprisingly simple way to steal cryptocurrency. But simple doesn’t mean that the attack makes economic sense. Guessing key pairs requires significant resources and time, and you have to weigh this against the chances of finding a whale with boatloads of Bitcoin versus the chance of finding an account with a couple bucks left in it, which would sting after having invested millions into computer time. Doing this seriously is a gamble, and thankfully for the integrity of Bitcoin, probably a bad bet. But who knows? People do play the lottery.
If you want to roll the bones yourself, there is even a handy proof of concept in the form of keys.lol, the product of Sjors Ottjes, a Dutch web developer. This site displays a range of keys and queries the Bticoin and Ethereum blockchains to see if they match anything. You’ll soon see the scale of the task as you load random pages, and it’s safe to say that the chances of loading a page with a valid key on it are very small indeed.
If you hold Bitcoin, you should at least think about the brute force attack. But it doesn’t concern us — our wealth is held in unobtainable semiconductor devices stashed in a safety deposit box.
Header image: Ralf Roletschek, CC BY-SA 3.0.