Automating attacks against the second largest cryptocurrency

Johannes Krupp, at the CISPA Helmholtz Center i.G., has developed a methodology that makes working with contracts in cryptocurrencies such as Bitcoin safer. Credits: Stephanie Bremerich / CISPA Helmholtz Center i.G.

Cryptocurrencies like Bitcoin are increasingly attracting millions of users, but also cybercriminals, as a successful attack means maximum profit with little risk. This also applies to “ether,” the most widely used cryptocurrency after Bitcoin. As a precautionary measure, researchers at the CISPA Helmholtz Center i.G. at Saarland University have developed a methodology for this cryptocurrency that not only finds security vulnerabilities, but also uses them to automatically develop attacks. The result: they found 815 security holes that allow 1564 attacks. The Saarbrucken computer scientists present their approach on Wednesday at the international USENIX Security Symposium in Baltimore, USA.

The US company “Ciphertrace” predicts that in 2018 thieves will steal a total of $1.5 billion in cryptocurrency from the respective online platforms. In order to counteract this criminal activity, Johannes Krupp and Professor Christian Rossow have developed a software named “teEther” at the CISPA Helmholtz Center i.G. at Saarland University. It allows legitimate users to automatically detect vulnerabilities before cybercriminals use these for digital theft. teEther is aimed at the Ethereum platform. Users pay there with the cryptocurrency ether. It is considered the most widely used cryptocurrency after Bitcoin; the Ethereum platform currently has a stock market value of about 32 billion euros. In terms of “smart contracts” Ethereum even exceeds Bitcoin. “Smart contracts are contracts that execute themselves, written down in code,” explains Johannes Krupp. They can be used, for example, for crowdfunding schemes in which the depositors get their contributions automatically refunded, if the desired total amount was not raised in the allotted time. As with other cryptocurrencies, these contracts are stored in a decentralized database, the blockchain, but at Ethereum, the smart contracts are much more complex and are therefore defined with a kind of programming language called Solidity. “This is where the evil begins. Solidity is relatively complex, so a user can make significant mistakes while programming in it,” says Krupp.

The teEther software he wrote in 4300 lines of Python code starts right here. The researchers applied teEther on more than 38,000 smart contracts they downloaded from the Ethereum blockchain on November 20, 2017. The software then classified 815 contracts as insecure and generated around 1560 attacks to exploit the vulnerabilities. “In this way our systematic analysis of the real Ethereum blockchain has shown that vulnerabilities in smart contracts are a bigger problem than was thought,” explains Christian Rossow.

One of the weaknesses of Ethereum is that the code of the smart contracts is executed in the so-called Ethereum Virtual Machine and uses relatively few instructions. “The attackable instructions can be counted on one hand. Therefore, we have essentially investigated which boundary conditions must be met, so that the unsafe instructions are accessed and abused during contract processing. After that, we looked at which contracts also fulfilled these boundary conditions,” says Krupp.To check whether the auto-generated attacks really would work without getting into a legal and ethical gray area, the scientists built their own Ethereum network with its own blockchain. In it, about 88 percent of their attacks were successful. “This shows that the safety of smart contracts should be taken seriously, especially as these attacks can be performed almost anonymously and by anyone. You just have to have an Ethereum account. That also is trivial,” says Rossow.

Their findings, documented in the paper “teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts,” are to be presented by Krupp and Rossow at the international USENIX Security Symposium, which will take place in Baltimore on August 15 this year. 180 days later, they will publish the source code of their software. “So contract owners have plenty of time to review and patch their own contracts before others re-program our software and scan contracts themselves,” says Rossow. He has no qualms about this and explains it as follows: “Our software is a step forward because it allows users to check their contracts for technical errors before they are released, which could, in the worst case, cause a tremendous financial loss. This makes more sense than security by obscurity. The latter has never worked.”

Further information:
https://christian-rossow.de/publications/teEther-usenix2018.pdf

Questions can be directed to:
Professor Christian Rossow
CISPA-Helmholtz-Center i.G.
Saarland Informatics Campus E9.1
Saarland University
Tel.: +49 681 / 302-70797
E-mail: rossow@cispa.saarland

Johannes Krupp
CISPA-Helmholtz-Center i.G.
Saarland Informatics Campus E9.1
Saarland University
Tel.: +49 681 / 302-70805
E-mail: johannes.krupp@cispa.saarland

Editor:
Gordon Bolduan
Competence Center Computer Science Saarland
Saarland Informatics Campus E1.7
Saarland University
Tel: +49 681 302-70741
E-mail: gbolduan@mmci.uni-saarland.de