Bitcoin: How users betray the security secrets of their virtual purse

Software systems are prone to attacks if users do not use them properly. This also applies to so-called cryptocurrencies, experts say. For the cryptocurrency Bitcoin, two computer scientists at the CISPA Helmholtz Center are now providing scientific proof. Over several months, they searched publicly available information for disclosed security details. Their conclusion: Cybercriminals could have stolen virtual coins worth about 3.3 million US dollars with the help of the search hits. The two researchers are now presenting their approach at the international symposium RAID 2018 in Heraklion, the capital of Crete.

Michael Brengel conducts research at the CISPA Helmholtz Center i.G. and is working toward his doctoral degree at Saarland University. To find out if users of the cryptocurrency Bitcoin reveal secrets online, Brengel chose the platform “pastebin.com”. This is a website where you can easily make longer texts accessible to other people. The developer community uses it when they want to show source code to others but do not want to flood the respective forum or chat with thousands of program lines. Instead, programmers copy their code, “paste” it into a form on Pastebin.com and link to it via its URL. Unless otherwise arranged, these texts, called pastes, remain visible on the Pastebin website until they are replaced by new pastes.

From September 2017 to March 2018 these texts were analyzed by Brengel together with Professor Christian Rossow. They took advantage of the fact that private Bitcoin codes are always written in a special format. In just under two hours they had written a program that automatically examined the Pastebin texts for this format and saved hits. In this way, they found 21,464 private keys referenced to 42,936 accounts. “Not all accounts contained money, but even according to our conservative estimate, we could have stolen 22.40 bitcoins. At that time, they had a value of 178,000 US dollars,” Brengel explains.

Furthermore, the two computer scientists examined a kind of theft, for which, according to Brengel, some “basic understanding of computer science and mathematics” was necessary.

This attack targets digital signatures that secure transactions in Bitcoin. The security of the signature, in turn, is based among other things on a random value, in technical language called a “nonce”. The user chooses this himself. However, if he uses the same nonce more than once, he significantly weakens Bitcoin’s security algorithm. To test whether this is a relevant issue in practice, the researchers downloaded the transaction register, the so-called blockchain, from Bitcoin to their computers last January.

“When you are part of the Bitcoin network, you automatically have a copy of the transaction register,” says Brengel. They extracted around 647 million signatures from it and found that around 1068 nonces had been used at least twice. “Given that this should not happen, this number is enormously high,” Brengel assesses the result. Again, the researchers checked what the spoils would have been, had they robbed the associated accounts. The result: If an attacker had exploited the information revealed by the researchers about multiple nonces used, they could have stolen around 413 bitcoins. This number had, at that time, a value of about 3.3 million US dollars.

“Such sums of money, and the fact that cryptocurrencies – through their decentralized structure and almost anonymous nature – make prosecution more difficult, are attracting cybercriminals,” explains Professor Rossow. Should cryptocurrencies become even more popular in the future, the likelihood of such systematic raids would increase as well, he says.

The computer scientists will present their research results and measures against the attacks at the international conference “RAID 2018 – The 21st International Symposium on Research on Attacks, Intrusions and Defenses”. It will take place from September 10 to 12 in Heraklion, the capital of the Greek island of Crete.

More information:
“Identifying Key Leakage of Bitcoin Users”
https://christian-rossow.de/publications/btcsteal-raid2018.pdf

RAID 2018 – The 21st International Symposium on Research in Attacks, Intrusions and Defenses https://www.raid2018.org/

Questions can be directed to:
Michael Brengel
CISPA Helmholtz Center i.G.
Saarland Informatics Campus E9.1
E-mail: michael.brengel@cispa.saarland

Prof. Dr. Christian Rossow
CISPA Helmholtz Center i.G.
Saarland Informatics Campus E9.1
Tel.: +49 681 / 302-70797
E-mail: rossow@cispa.saarland

Editor
Gordon Bolduan
Competence Center Computer Science Saarland
Saarland Informatics Campus E1.7
Saarland University
Tel: +49 681 302-70741
E-mail: gbolduan@mmci.uni-saarland.de