Skip to content

chrsow/quantum-era-eth-exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.env.template
.env.template
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
exploit.js
exploit.js
 
 
hardhat.config.js
hardhat.config.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Quantum Era Ethreum Exploit

In the future Quantum era, threat actors with access to quantum computers will be able to leverage Shor’s algorithm to break the cryptographic security of Ethereum private keys. This PoC demonstrates the classical computing part of the exploit, showing how a hacker might steal ETH once they can run Shor’s algorithm on a sufficiently advanced quantum computer.

Curious to see how a hacker might steal ETH (or native tokens on other blockchains) in the quantum computing era?

How It Works

The exploit requires the victim to make at least one on-chain transaction. This transaction information will be used to recover the victim's public key, which is crucial information for the attack. Once the public key is available, a threat actor with access to a quantum computer can run Shor’s algorithm to derive the corresponding private key, thus gaining access to the victim’s ETH.

For the sake of this PoC, we use a mock (fake) implementation of Shor’s algorithm to demonstrate the steps a hacker would take to steal the victim’s ETH. This PoC simulates the process and shows how the classical computer parts are quite feasible to implement.

Future Considerations

As you can see, it's quite doable to implement the classical computer parts. The feasibility of this exploit in the future will heavily depend on the advancement of quantum computing technology, particularly the implementation and use of Shor’s algorithm, Quantum Fourier Transform, and Quantum Circuits.

Installation

git clone https://github.com/chrsow/quantum-era-eth-exploit
cd quantum-era-eth-exploit
npm i

Usage

  1. Rename .env.template to .env, then put an API key from Alchemy in ALCHEMY_API_KEY.

  2. Run the following command.

npx hardhat run exploit.js

We will get the output indicating that all of the victim ETH is stole.

$ npx hardhat run exploit.js

1. get a transaction from the victim's transactions
[+] found a victim's transaction hash 0xc1dd3a8b56b0b49ce6e511cb8875482038557984a0d2ca727209cfcad315bc54
2. get the signature (r, s, v) from the selected transaction
[+] signature found from the transaction
[+] r: 79842806278560051019701968263369620152402756128761836950906009561258271306058
[+] s: 1365958399759126961338121078854900559349818959641386937594564035416163218255
[+] v: 27
3. use Shor algorithm to find the private key from the given signature
[*] recover victim's public key
[+] victim's public key: 0xd01115d548e7561b15c38f004d734633687cf4419620095bc5b0f47070afe85aa9f34ffdc815e0d7a8b64537e17bd81579238c5dd9a86d526b051b13f4062327
[*] recover victim's private key by using Shor's algorithm
[+] victim' private key: 0x000000000000000000000000000000000000000000000000000000000000000c
4. Use the recovered victim's private key to sign a transcation sending all of the victim's ETH to us
[+] before
[+]    victim's balance: 1000000000000000000000000
[+]    hacker's balance: 0
[+] after
[+]    victim's balance: 0
[+]    hacker's balance: 1000000000000000000000000

About

A PoC for future ETH exploit with quantum computer.

Topics

quantum ethereum blockchain quantum-computing

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages