Wintermute hack replicated on simple laptop in under 48 hours by exploiting Profanity flaw

admin September 30, 2022

0 3 minutes read

Blockchain technology provider Amber Group recreated the Wintermute hack within 48 hours using a basic laptop. The Amber Group reports that

“We precomputed the dataset using a Macbook M1 with 16 GB of RAM. 10 hours… We completed the implementation and were able to decrypt the private key at 0x0000000fe6a514a32abdcdfcc076c85243de899b within 48 hours. ”

The hack was attributed to vanity addresses created with the Profanity tool, which allows users to generate specific Ethereum addresses using specific characters. For Wintermute, the address contained 7 leading zeros. A vanity address allows you to easily identify your public address on the blockchain by using similar characters for your account.

Another impact of Ethereum addresses with some leading zeros is that less space is required to store information on the blockchain, thus reducing gas costs. However, removing the element of randomness from the cryptographic process used to generate addresses reduces security.

Initial analysis suggested that it would take only 50 days to generate all possible private keys for addresses starting with 7 leading zeros on 1,000 GPUs. However, Amber Group now claims he can do it in under 48 hours using one laptop.

Cipher explanation

blasphemy An address generation tool for the Ethereum ecosystem. The codebase can be easily downloaded from GitHub and has been available since 2017. However, the current codebase version contains warnings that recommend using the tool. creator of the tool, Jogseadded the following message to the readme.md file on September 15, 2022:

“We strongly advise against using this tool as-is. This repository will be further updated with additional information regarding this critical issue shortly.”

Additionally, core binaries have been removed to prevent users from compiling the codebase.

Profanity will generate Ethereum private and public keys using local “OpenCL powered by GPU power with simple algorithms” until it finds an address that matches the rules set by the user. For example, if a user wants to create his Ethereum address ending with “AAA”, it will continue to work until he generates an address with those characters as a suffix.

When an address is generated that does not match the conditions detailed in the ruleset, Profanity “adds 1 to the private key and derives new Ethereum addresses until it finds an address that matches the rules.”

Ethereum addresses are typically locally generated using elliptic curve cryptography. When generating an Ethereum address, there is no calculation to check if the private key has not previously been used for another address. However, this is due to the sheer number of possible Ethereum addresses.

This video explains the true magnitude 256bit encryption Used in Ethereum cryptography. can be easily compared in that there are almost There are 2^76 grains of sand in the world, but 2^160 possible Ethereum addresses.

However, if the arbitrary characters of the Ethereum address are predetermined, the calculations for generating the private key become very simple, dramatically reducing the number of possible addresses.

exploit

Amber Grouped explained that the flaw in the Profanity method is that it uses a 32-bit seed to generate the address.

“To generate a random private key, Profanity first uses a random device to generate a seed. Unfortunately, the seed is 32 bits and cannot be used directly as a private key.”

A 32-bit seed is supplied through a pseudo-random number generator (PRNG) that uses a deterministic function. This PRNG method provides an easy way to determine all valid public key seeds used within Profanity.

“because there are only 2^32 possible initial keypairs (d_0,0, Q_0,0), and since each round of iterations is reversible, it is possible to crack the private key from the public key generated by Profanity. ”

The method used by Amber Group is to obtain the public key of the address, pre-compute the potentially inappropriate public key, compute the public key using OpenCL, and compare the computed public keys. , to reconstruct the private key if a match was found.

Due to the simplicity of this method, Amber Group recommends that “if your address was generated by Profanity, your funds are not safe”.

CryptoSlate reached out to Amber Group for further comment, but the group declined to comment further on the incident or impact of the profanity exploit.