“Here’s My Private Key, Try Stealing My Ether!” He Dared Reddit
An Attention Grabbing Marketing Stunt By blockd
Blockd is a blockchain hack intervention service that scans registered wallets in real-time and if an unexpected transfer occurs attempts to replace the transaction with a safety fallback of its own. On January 3rd, 2020 they invited Reddit users to try to steal 1 ETH by giving away the private key and address where the Ether was stored, demonstrating their technology in action.
Reddit held a surprise for me today in the form of a post on /r/CryptoCurrency containing the private key for an address holding 1 Ether inside of it, along with a message asking the community to try to steal it away to demonstrate the author’s novel security technology.
I immediately looked up the Etherscan link to see what had happened, as I hadn’t quite caught up to the gist of the post’s purpose and was curious to see how quickly the funds had managed to be “stolen.”
Sure enough, as the author of the thread predicted, someone generated a transaction to grab the funds, but then the blockd service generated a transaction that paid a higher gas fee, and the funds went to the fallback safety address instead.
In short: blockd has invented a real-time blockchain scanner that gives wallet owners a chance to monitor their addresses and intercept unexpected transaction attempts (in case their private keys are somehow compromised).
How Does it Work?
Blockd’s introduction explains the methodology which is fairly straight-forward:
- A user registers a blockchain address they want to monitor
- They create a pre-signed transaction (unexecuted and held in reserve) that contains a fallback safety address and the amount of gas fees they want to pay to ensure it overrides the gas fees being paid by a hacker.
- Their real-time blockchain monitoring system intercepts any low-fee transactions that are unexpected and replaces them (really it just broadcasts the higher fee pre-signed version) in the upcoming block
They don’t need to hold your private keys, and they just want a small cut in fees (despite offering free registration for now).
In this manner blockd acts as a security tool — another layer of protection that a user can opt-in to use — but by no means infallible.
Caveats
Obviously in the case of a hacked private key holding significant Ether the hacker might be willing to sacrifice astronomical amounts in gas fees to secure any non-zero gain.
For example: if the account held 5 ETH, and the blockd pre-signed safety transaction could only spend 0.1ETH in gas fees, then the attacker merely needs to try to overshoot by offering 0.11ETH.
The hacker wouldn’t know that amount needed, of course, but they could easily sacrifice 1, 2, 3, or even 4.9ETH and still come out ahead.
DDOS attacks against the real-time scanning servers employed by blockd are also a concern. By coordinating an attack in a 15 second window they could sneak an unblockable transaction through.
An Inventive Tech Solution
Still, blockd is one of those rare gems that fixes a problem using a solution that seems obvious in hindsight, but hadn’t been tried before. I’ll be eager to see how the service grows and adapts to the challenges of protecting itself and its users.
No matter what it has to be said that it was an amazing marketing gimmick to garner attention for their service!
Read the entire thread by blockd here: https://www.reddit.com/r/CryptoCurrency/comments/ejeonz/im_publicly_posting_my_ethereum_private_key/
