Advertisement

Smart Wallets on Blockchain—Attacks and Their Costs

  • Akshay Pillai
  • Vishal SaraswatEmail author
  • Arunkumar V. R.
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1122)

Abstract

Smart wallets are the future of e-payments and digital payments but to utilize them to their full potential, we need to secure them from malicious actors who have already started exploiting various vulnerabilities in the existing wallets. In this work, we study the existing attacks and vulnerabilities and present possible hypothetical attack scenarios which may get executed in future by these particular vulnerabilities. We have surveyed on different attacks with comparison of attack cost and benefits of the attacker and comparison of mitigation cost and damage cost of each attack. We focus on the different attacks and usecases on the blockchain smart wallets which would help developers to secure the smart wallets. We describe each attack with its mechanism, usecase, benefits and requirements of attacker for successful attack with the possible damage scenarios and consequences, comparison of attack cost and benefits, comparison of mitigation cost and damage cost, possible mitigation and some security measures for each attack.

Keywords

Blockchain Smart wallets Security Attacks Costs 

References

  1. 1.
    Aitzhan, N.Z., Svetinovic, D.: Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams. IEEE Trans. Dependable Secure Comput. 15(5), 840–852 (2016)CrossRefGoogle Scholar
  2. 2.
    BTCManager: Crypto dusting attack sends illegally obtained bitcoin to random cryptocurrency wallets, January 2019. https://btcmanager.com/crypto-dusting-attack-sends-illegally-obtained-bitcoin-to-random-cryptocurrency-wallets/
  3. 3.
    CipherTrace: Alert: Crypto dusting is a new type of blockchain spam that corrodes reputations and impacts cryptocurrency AML, December 2018. https://ciphertrace.com/crypto_dusting/
  4. 4.
    CryptoVest: \$4m iota stolen from wallets which used online seed generation websites, January 2018. https://cryptovest.com/news/4m-iota-stolen-from-wallets-which-used-online-seed-generation-websites/
  5. 5.
    Electrum: Password protect the JSONRPC interface, November 2017. https://github.com/spesmilo/electrum/issues/3374
  6. 6.
  7. 7.
    Forum, B.B.: All crypto assets stolen from Exodus, March 2018. https://bitcointalk.org/index.php?topic=3203818.0
  8. 8.
    Gavrichenkov, A.: Breaking HTTPS with BGP hijacking. In: Black Hat USA Briefings (2015)Google Scholar
  9. 9.
    GBHackers: Metamask - first copy-and-paste hijacking crypto malware found in Google Play, February 2019. https://gbhackers.com/clipper-hijacking-malware/
  10. 10.
    Grossman, J.: XSS Attacks: Cross-site Scripting Exploits and Defense. Syngress Media, Syngress (2007). https://books.google.co.in/books?id=dPhqDe0WHZ8C
  11. 11.
    Haacked: Anatomy of a subtle JSON vulnerability, November 2008. https://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx/
  12. 12.
    Holub, A., O’Connor, J.: COINHOARDER: tracking a Ukrainian bitcoin phishing ring DNS style. In: 2018 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–5. IEEE (2018)Google Scholar
  13. 13.
    Li, X., Jiang, P., Chen, T., Luo, X., Wen, Q.: A survey on the security of blockchain systems. Fut. Gener. Computer Syst. (2017) Google Scholar
  14. 14.
    MalwareBytes: Trojan. TrickBot (2019). https://blog.malwarebytes.com/detections/trojan-trickbot/
  15. 15.
    McAfee: Cryptojacking. In: Blockchain Threat Report, August 2018. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-blockchain-security-risks.pdf
  16. 16.
    MyEtherWallet: Official statement regarding dns spoofing of myetherwallet domain, April 2018. https://www.reddit.com/r/MyEtherWallet/comments/8eloo9/official_statement_regarding_dns_spoofing_of/
  17. 17.
    Naik, A.: Anatomy of a BGP hijack on amazon’s route 53 DNS service, April 2018. https://blog.thousandeyes.com/amazon-route-53-dns-and-bgp-hijack/
  18. 18.
    News18: Bitcoins worth rs 19 crore stolen from india’s coinsecure, company claims insider job, April 2018. https://www.news18.com/news/business/bitcoins-worth-rs-19-crore-stolen-from-indias-coinsecure-company-claims-insider-job-1717457.html
  19. 19.
    NewsBTC: Ethereum user reports loss of 7182 eth through mist wallet, May 2016. https://www.newsbtc.com/2016/05/13/ethereum-user-reports-loss-7182-eth-mist-wallet/
  20. 20.
    NewsBTC: New clipboard hijacker malware monitoring 2.3 million crypto addresses, July 2018. https://www.newsbtc.com/2018/07/02/new-clipboard-hijacker-malware-monitoring-2-3-million-crypto-addresses/
  21. 21.
    Noction: Bgp hijacking overview, April 2018. https://www.noction.com/blog/bgp-hijacking
  22. 22.
    Okta: 5 identity attacks that exploit your broken authentication (2018). https://www.okta.com/resources/whitepaper/5-identity-attacks-that-exploit-your-broken-authentication/
  23. 23.
    Project, T.O.W.A.S.: Cross-site request forgery (CSRF), June 2018. https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
  24. 24.
    Ramzan, Z.: Phishing attacks and countermeasures. In: Stavroulakis, P., Stamp, M. (eds.) Handbook of Information and Communication Security. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-04117-4_23CrossRefGoogle Scholar
  25. 25.
    ThreatPost: Trickbot malware goes after remote desktop credentials, February 2019. https://threatpost.com/trickbot-remote-desktop/141879/
  26. 26.
    Vice: Electrum bitcoin wallets were vulnerable to hackers for two years, January 2018. https://www.vice.com/en_us/article/ev55na/electrum-bitcoin-wallets-were-vulnerable-to-hackers-for-two-years-json-rpc

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Robert Bosch Engineering and Business Solutions Pvt. Ltd.BangaloreIndia

Personalised recommendations