Security Threats to Blockchain Networks — 6 — Wallet Attacks
Wallets are a logical target for cyber-attacks, along with the emerging institutions that hold custody of them on users’ behalf. While secured with technically unbreakable code, hackers have found numerous ways to gain illicit access to user wallets, whether by deception, theft, or ingenuity. In responding to this threat, the crypto-industry must consider whether to opt for traditional KYC-based measures or to seek crypto-native solutions to this perennial issue. If the industry fails to agree, it could lead to a two-tier system of ‘pure’ crypto institutions and players that embrace centralized and a certain necessary degree of bureaucracy.
The amount of cryptocurrency lost to scams went up by a factor of 10 from 2020 to 2021. As the crypto market has boomed, so has the value contained in crypto wallets and the interest of would-be scammers in finding ways around their security.
Compared with a physical wallet, the crypto wallet is a far more attractive target for thieves as it is capable of holding millions of dollars worth of tokens, and is accessible from anywhere in the world. Furthermore, if you know the public address of an individual, it is possible to view their transactions and holdings, making it easier to find targets.
It’s not surprising that wallet hacking is a growth industry, with several of the most prominent hacks of 2021 involving the targeted theft of funds from individual wallets held by exchanges, not to mention the many instances taking place daily on Discord servers and other forums.
Beyond kidnapping someone and getting them to reveal their private keys (which is by now an established method), there are many ways to hack a wallet from the comfort of your (parent’s) basement, ranging from old school to high-tech. We’re going to take a tour of the various methods in this article. But first, let’s review some terminology.
To custody or not to custody
There is a basic choice that all crypto investors face when considering how to store their assets. The option they select determines the kind of wallet risk they will be exposed to.
Using a ‘custodial’ wallet — handing your funds over to a crypto exchange for safekeeping — is similar to placing your money in a bank. Going down the non-custodial route — storing it in a private wallet to which you have sole access — is more like keeping your savings under the mattress.
In traditional finance, the choice is obvious. Keeping your money in a bank is more secure and if anything more convenient than keeping cash.
In the world of crypto, however, different rules apply.
First of all, the founding rationale of cryptocurrency is to avoid middlemen and 3rd party institutions, on the grounds that they are less secure. This is what is meant by the phrase, ‘Not your keys, not your crypto’. In other words, when you give another person access to your funds, you are essentially waiving ownership.
While no one thinks that they are ‘surrendering ownership’ of their money when they deposit their salary in a traditional checking account, 3rd party financial institutions in the crypto realm are (as we shall see) far riskier than their traditional counterparts.
The well-worn analogy of the Wild West is helpful — consider the security of a 19th-century bank on the American frontier as compared to a modern-day Chase branch in downtown Jersey City. There is no FDIC program that guarantees the safety of investor funds, and if a hack is carried out, users are at the mercy of the 3rd party and its own investors when it comes to restitution.
The private ‘under the mattress’ solution, on the other hand, has the advantage of being under the control of the owner. This in theory lowers the chance of theft resulting from 3rd party error, but places the entire responsibility on the owner’s shoulders. And in this scenario, there is zero chance of recovering lost funds if errors are made.
In general, the advice to investors is to retain as much control over their funds as possible, meaning that a non-custodial route is deemed the safest.
Types of wallet
Users who opt to self-custody must choose a storage option, and there are various levels of security, typically traded off against convenience. The fundamental choice here is between a ‘hot’ or ‘cold’ option.
‘Hot’ essentially means that the wallet is connected to the internet, and hence accessible by hackers with the skills to circumvent the security. Online wallets (user details stored on a server) and software wallets (user details stored on a local device) fall into this category.
‘Cold’ options include hardware wallets, which are specifically designed to sit outside the internet, connecting only for the purposes of withdrawing and depositing coins. Coldest of all is the ‘paper wallet’, whereby the private and public keys are physically printed out on paper or metal, and hence incapable of being accessed as they never ‘touch’ the internet at all.
‘Hot’ wallets are likely to be the most popular as cryptocurrency grows in popularity, given that users are accustomed to trust the institutions they deal with online. It is therefore likely that hot wallet thefts will be a major feature of the cybersecurity landscape for some years to come.
With our bases covered, let’s now turn to the attack methods.
Needless to say, there are standard approaches to stealing information and committing fraud online that can be re-purposed quite easily to target crypto-holding victims.
For example, malware has been developed to detect when a crypto address is copied to the clipboard and replace it with an address controlled by the hacker, thus diverting any payments to the new account. It is possible to be infected with malware simply by visiting certain websites.
Another highly relevant potential security breach is the SIM-swap strategy. It is common for crypto exchanges to verify users and transactions with a 2-factor authentication (2FA) process using an SMS to deliver a one-time password. Currently, it is relatively straightforward for a hacker to call a victim’s phone company and persuade them to transfer their phone number to a new SIM, thus giving the hacker control of the account.
However, these traditional approaches are — in theory at least — not what the crypto firms should be concerned about, as there is already an entire cybersecurity industry working on solving these problems (for example, app-based authentication methods such as YubiKey are already beginning to replace SMS).
Of more concern, and relevance to this article, are the attacks that are specific to the crypto medium.
Seizure of Private Keys
The downside of eliminating the ‘inefficiency’ of KYC and other traditional processes is that committing theft also becomes much more efficient! Obtaining a user’s private keys is tantamount to gaining ownership of a wallet’s contents. “Got your keys, got your crypto.”
While obtaining these keys is possible on a one-to-one basis, it’s more efficient to go to a centralized location where multiple sets of keys are conveniently stored. Centralized exchanges (as opposed to DEXes which enable direct peer-to-peer trading) have traditionally aggregated user data behind standard security systems and hence been vulnerable to private key theft.
The list of incidents in this category is a lengthy one, and contains some of the biggest names in crypto. Binance lost $41m in Bitcoin in 2019 when hackers breached a hot wallet, forcing the company to suspend withdrawals, set up an insurance fund for future restitution, and overhaul its security procedures. Other hacks have been larger in scale, involving hundred of millions of dollars stolen in a single attack (notably the Japanese exchange Coincheck, which lost $543 million in a hot wallet breach in 2018).
Ultimately, the safety of keys stored by centralized exchanges is only as reliable as the security systems they establish. As new names are added to the list of hacked exchanges every year, methods to improve the safety of user data (for example, by using decentralized storage methods) should improve. Given the unending nature of the battle between security systems and cyber attackers, private key theft is likely to remain a fixture of the landscape.
Rather than try to break or bypass a wallet’s security, an alternative approach is to induce customers to install a back door in their system that hackers can access without having to break in. In other words, by creating fake crypto wallets.
To pull this off, many hackers trick users — for example by using Google Ads — into visiting sites that closely resemble those of genuine wallets (e.g. Metamask), where they either enter confidential details or are directed to deposit funds to an account owned by the hacker.
A high-profile version of this scam took place in 2018, with the Electrum bitcoin wallet. The hackers succeeded in replacing the legitimate download of the Electrum wallet with their own version, and stole 770 in BTC from users who installed the fake wallet. Interestingly, the Electrum engineers were forced to exploit the same vulnerability the hackers had used to supplant the original wallet, in order to replace the fake wallet with a patched version, leaving the attackers with no options but to launch a series of purely disruptive distributed denial of service (DDoS) attacks.
While this strategy is easier to pull off with customers who are looking to set up a hot wallet, it is also possible to achieve with cold storage wallets.
In one version of this strategy, attackers contact the owner of an existing hardware wallet and persuade him or her into accepting an ‘upgraded’ replacement. Once the replacement arrives, the user is instructed to connect the device to the internet and enter their recovery passwords. These are then transmitted to the attacker, who now controls the contents of the wallet and can remove them.
An even bolder version of the scheme involves the hackers actually intercepting the legitimate wallet en route to the customer, and tampering with the security to introduce vulnerability. This is obviously hard to achieve at scale, and wallet manufacturers are taking steps to make tampering easier to detect.
While rare, it is possible for hackers to actually crack the code that protects user funds held within crypto wallets. This is true even in the case of cold wallets, which like any technology, are not immune to errors and exploitable bugs.
The story of the successful hacking of the hardware-based Trezor wallet is an interesting example. The ‘hackers’ in this case were the original owners of the wallet who had lost access to it after misplacing the password. After months of fruitless attempts to locate a developer who could help them, they finally succeeded in identifying a flaw in the software that enabled them to extract the key and PIN, by accessing a copy that was temporarily stored in the device’s RAM (an exploit quickly addressed by Trezor once it became public).
Other ingenious hacks for identifying user passwords include the so-called ‘Dictionary attack’, whereby the hacker converts common passwords (e.g. password1234) into cryptographic hashes and searches for wallets that use the same combination.
The ultimate frontier, however, is the ability to develop a decryption strategy that deconstructs the ‘weak randomness’ of algorithms such as ECDSA (used in Bitcoin) that generate the supposedly unbreakable private keys. If a replacement is not found before this frontier is crossed, protocols using vulnerable algorithms could be forced to evolve or go under.
It should be clear by now that no one can rest easy when it comes to crypto assets, and every path has its potential blunders. As the value of cryptocurrency and its adoption skyrockets, hackers will be devising schemes to get access to user wallets, beginning with the wealthiest and least vigilant firms and individuals.
Vigilance in many cases boils down to common sense, such as asking if the company one is dealing with has a good track record, an established employee base, reputable founders, and a cybersecurity department.
If going the non-custodial route, extreme paranoia bordering on satire would appear to be the only viable strategy. Double-checking send addresses, using unique passwords and multi-sig functionality, and printing out all private key information to protect against screen-grabs, should be the standard MO.
So far, so obvious. However, the crypto industry faces a unique problem in addressing the challenge of security. The traditional world typically tackles security issues by placing bureaucratic hurdles that revolve around user verification. This is indeed what many exchanges are contemplating, if not already implementing, in response to the demonstrably real risk of losing vast swathes of user funds.
This approach, however, violates the dearly-held philosophy of crypto, which holds up anonymity and the absence of bureaucratic institutions as inviolable founding principles. The whole point of exiting traditional finance is to enter a world without burdens such as KYC. In order to maintain these principles, crypto must find ways to fight fire with fire.
This tension may ultimately lead to a schism between organizations who opt for the traditional route — centralized firms, regulated by governments, with standard user verification processes (Coinbase is a good example) — and the ‘purists’ who accept a certain amount of chaos in return for greater freedom and anonymity.
To end on a positive note, it should be remembered that criminals are also vulnerable to cyber-attacks. The FBI appears to have used hacking methods to recover a large amount of the funds paid by victims to a ransomware crew operating out of Russia.
Wallet hacking, it would appear, is a technique that cuts both ways.
For an overview of blockchain threats see Security Threats to Blockchain Networks — A Holistic Overview
Originally published at https://crypto.security on July 18, 2022.