Research reveals that attackers exploited a vulnerability that allowed them to drain $103,000 out of password-protected Bitcoin wallets.
Security researcher Ryan Castellucci
on the vulnerability at DEF CON, one of Tripwire's top 10 conferences in information security
The flaw affects only "brain wallets," or Bitcoin accounts that are protected by a password instead of a 64-character private key. Those wallets, Castellucci discovered, use no cryptographic salt and pass plaintext passwords just once though a single hash function (SHA256 function).
The researcher concluded that attackers could theoretically leverage this weakness in conjunction with the fact that a copy of the insecure passwords are stored in the Bitcoin blockchain to compromise users' brain wallets.
As it turns out, malicious hackers were way ahead of him.
A new research paper
co-authored by Castellucci reveals that over a six-year period, attackers exploited the brain wallet vulnerability in order to siphon $103,000 from 884 brain wallet accounts.
To illustrate how the brain wallets were likely cracked, the team compiled 300 million password candidates from over 20 lists, including Urban Dictionary and several online compromises. These passwords were fed through the SHA256 hash function to generate a list of possible private keys. The researchers then used an operation to trace the private keys to each corresponding public key, which could be verified against the Bitcoin blockchain.
This method of compromise turned out to be quite effective--and quick:
"Our results reveal the existence of an active attacker community that rapidly steals funds from vulnerable brain wallets in nearly all cases we identify," the paper authors wrote. "In total, approximately $100K worth of bitcoin has been loaded into brain wallets, with the ten most valuable wallets accounting for over three-quarters of the total value. Many brain wallets are drained within minutes, and while those storing larger values are emptied faster, nearly all wallets are drained within 24 hours."
Castellucci and his fellow researchers are scheduled to present the paper at next month's Financial Cryptography and Data Security conference
In the meantime, you can review the team's findings here