Last summer, Adrian Bednarek was mulling over ways to steal the cryptocurrency Ethereum. He's a security consultant; at the time, he was working for a client in the theft-plagued cryptocurrency industry. Bednarek had been drawn to Ethereum, in particular, because of its notorious complexity and the potential security vulnerabilities those moving parts might create. But he started instead with the simplest of questions: What if an Ethereum owner stored their digital money with a private key—the unguessable, 78-digit string of numbers that protects the currency stashed at a certain address—that had a value of 1?

To Bednarek's surprise, he found that dead-simple key had in fact once held currency, according to the blockchain that records all Ethereum transactions. But the cash had already been taken out of the Ethereum wallet that used it—almost certainly by a thief who had thought to guess a private key of 1 long before Bednarek had. After all, as with Bitcoin and other cryptocurrencies, if anyone knows an Ethereum private key, they can use it to derive the associated public address that the key unlocks. The private key then allows them to transfer the money at that address as though they were its rightful owner.

That initial discovery piqued Bednarek's curiosity. So he tried a few more consecutive keys: 2, 3, 4, and then a couple dozen more, all of which had been similarly emptied. So he and his colleagues at the security consultancy Independent Security Evaluators wrote some code, fired up some cloud servers, and tried a few dozen billion more.

"You have a thief here that amassed this fortune and then lost it all when the market crashed. Adrian Bednarek, Independent Security Evaluators

In the process, and as detailed in a paper they published Tuesday, the researchers not only found that cryptocurrency users have in the last few years stored their crypto treasure with hundreds of easily guessable private keys, but also uncovered what they call a "blockchain bandit." A single Ethereum account seems to have siphoned off a fortune of 45,000 ether—worth at one point more than $50 million—using those same key-guessing tricks.

"He was doing the same things we were doing, but he went above and beyond," Bednarek says. "Whoever this guy or these guys are, they're spending a lot of computing time sniffing for new wallets, watching every transaction, and seeing if they have the key to them."

Combing a Gazillion Beaches

To explain how that blockchain banditry works, it helps to understand that the the odds of guessing a randomly generated Ethereum private key is 1 in 115 quattuorvigintillion. (Or, as a fraction: 1/2256.) That denominator is very roughly around the number of atoms in the universe. Bednarek compares the task of identifying a random Ethereum key to choosing a grain of sand on a beach, and later asking a friend to find that same grain among a "billion gazillion" beaches.

But as he looked at the Ethereum blockchain, Bednarek could see evidence that some people had stored ether at vastly simpler, more easily guessable keys. The mistake was probably the result, he says, of Ethereum wallets that cut off keys at just a fraction of their intended length due to coding errors, or let inexperienced users choose their own keys, or even that included malicious code, corrupting the randomization process to make keys easy to guess for the wallet's developer.

Bednarek and his ISE colleagues eventually scanned 34 billion blockchain addresses for those sorts of weak keys. They called the process ethercombing, like beachcombing but for more guessable grains of sand among Ethereum's vast entropy. They ultimately found 732 guessable keys that at one point held ether but had since been emptied. Though some of those transfers were no doubt legitimate, Bednarek guesses that 732 is still only a small fraction of the total number of weak keys from which ether has been stolen since the currency launched in 2015.

Amidst those emptied addresses, meanwhile, Bednarek was intrigued to see 12 that seemed to have been emptied by the same bandit. They had been transferred into an account that now held a remarkable horde of 45,000 ether. At today's exchange rates, that's worth $7.7 million.

Ether Comb, Ether Go

Bednarek tried putting a dollar's worth of ether into a weak key address that the thief had previously emptied. Within seconds, it was snatched up and transferred to the bandit's account. Bednarek then tried putting a dollar into a new, previously unused weak key address. It, too, was emptied in seconds, this time transferred into an account that held just a few thousand dollars worth of ether. But Bednarek could see in the pending transactions on the Ethereum blockchain that the more successful ether bandit had attempted to grab it as well. Someone had beaten him to it by mere milliseconds. The thieves seemed to have a vast, pre-generated list of keys, and were scanning them with inhuman, automated speed.