Ethereumwallet.com - A Case Study
Imagine, for a minute, that you signed up with an online, non-custodial, crypto wallet service. You heard good things and you thought you’d give it a shot. It’s 2017 after all and you have a few thousand dollars to experiment with. Flash forward a few months and you realize that you missed an email saying that the service you signed up with is being discontinued, and is advising that you move your funds to another wallet. You think for a moment about how all good things come to an end, but it was very considerate of them to let you know. So, you try to log in…
~ERROR~
After several minutes it dawns on you that the worst has happened. You’re locked out.
“Well, it wasn't millions, and it was just an experiment. Now I know.”
Years pass and every now and again you think about that crypto ballooning in value, locked up in a wallet with a password that doesn’t match the one you gave it.
Sadly, this story is true.
On December 19th of 2017, ethereumwallet.com sent an email to all their customers explaining that they were “discontinuing” the service and advising customers to remove their funds. Customers who did not act on this email were unable to withdraw their funds.
The current funds held by locked out customers could be massive. As we know, the legacy wallets for the earliest adopters at one point contained assets now worth $20 Million USD by our current calculations. So we assume that the number is far higher as the website became more popular. This is undeniably terrible for these customers.
Luckily, there is a light at the end of the blockchain.
But first, a little background. How did this all go down?
The Service - Ethereumwallet.com
Ethereumwallet.com was a Non-Custodial online wallet service written in Javascript, based on Kryptokit. This service operated from 2015-2017 (here is a post announcing the service on the subreddit r/ethereum). In the words of Anthony, co-founder of Ethereum, and CEO of Kryptokit & Decentral:
“How Ethereum Wallet Works
When you first use the wallet, you generate a random private key by moving your mouse around the page. Optionally, you may add a password during wallet creation.
Alternatively, instead of creating a new wallet you can import a wallet backup (.json)
The page will create a unique and secret URL that you must bookmark in order to be able to access your wallet later.
If you lose your URL or forget your password (if using that option), there is no way to recover your funds.”
https://www.reddit.com/r/ethereum/comments/3vje6k/ethereumwalletcom_update/
This is important to note. The private key is used for ownership of a blockchain address. Knowledge of the private key is sufficient to access the funds stored in the corresponding wallet. Similar to a credit card, you don’t need the physical card if you have the card number, exp. Date, and CVV memorized in order to use the card.
So, what happened?
You read it at the top. Anyone who missed that email notifying customers that they needed to move their funds got locked out. Who hasn’t missed an email before? Now, imagine missing an email that caused you to lose access to a substantial amount of cryptocurrency.
This has happened to countless customers of ethereumwallet.com. Customer X was one of these customers. When X realized he was locked out, he did the right thing. He contacted Unciphered. We researched ethereumwallet.com, the options for asset recovery, and discovered a fatal flaw.
Let’s get into it!
The Flaw (it gets technical)
There were 4 iterations of ethereumwallet.com’s wallet service. The initial wallets generated with the service, called “legacy wallets,” were discovered to have a number of issues.
Legacy wallets were generated using a fast_sha256 package that expected input to be passed as a buffer but a string was used. This had a major impact on the expected keyspace of ~2^179. 98% of the keys now resided in a space no larger than 2^33.
Additionally, improper use of Javascript buffers caused early versions of their code to force encode an scrypt salt as UTF-8, causing bytes above 0x7f to be replaced by the three byte replacement characters (in the case of UTF-8 this is “efedbf”). This greatly reduced the entropy of the salt.
These flaws allow the recovery of private keys from the “unique and secret URL” provided to customers to access their wallet. Additionally, it allows for the recovery of many of the legacy private keys.
Here at Unciphered, we were able to recover 142 private keys that were previously funded. Around 15,000 ETH (about $20 Million Dollars as of 9/26/22) transited through these addresses. We should NEVER be able to generate someone else's key. This is a complete failure by this vendor. This means it is possible to steal other people's money.
Let me say that again.
If this exploit were discovered by bad actors, that money would be GONE! We, however, want to reunite the contents of these wallets to their rightful owners.
Back to Customer X
Despite the fact that ethereumwallet.com is no longer online and the infrastructure that backed the site no longer exists, here at Unciphered we were able to recover and return X’s Ethereum to him. X has his crypto, and other customers in similar situations could too.
What We Can Do
We want to reunite every single locked out customer of ethereumwallet.com with their crypto. As you can see from the reddit post below, there are others in the same position as Customer X.
If you are reading this and you are one of these countless customers that has been locked out, or if you are locked out of a different wallet, please get in touch with us HERE.
Lockouts are Endemic, Unciphered is the Cure
We are finding similar problems in other wallets, which we will disclose when we can. But, given the inherent risk of public disclosure with regard to cryptocurrency vulnerabilities, we will continue to prioritize reuniting customers with their crypto in the safest ways possible. This means that we will be very careful about which methods of cracking wallets we choose to disclose. This is not just a problem with one service or one type of wallet, this is a growing issue facing the industry.
“Eventually, on a long enough time horizon, every crypto wallet becomes vulnerable.” ~@WeldPond