Abstract
Smart wallets are the future of e-payments and digital payments but to utilize them to their full potential, we need to secure them from malicious actors who have already started exploiting various vulnerabilities in the existing wallets. In this work, we study the existing attacks and vulnerabilities and present possible hypothetical attack scenarios which may get executed in future by these particular vulnerabilities. We have surveyed on different attacks with comparison of attack cost and benefits of the attacker and comparison of mitigation cost and damage cost of each attack. We focus on the different attacks and usecases on the blockchain smart wallets which would help developers to secure the smart wallets. We describe each attack with its mechanism, usecase, benefits and requirements of attacker for successful attack with the possible damage scenarios and consequences, comparison of attack cost and benefits, comparison of mitigation cost and damage cost, possible mitigation and some security measures for each attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aitzhan, N.Z., Svetinovic, D.: Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams. IEEE Trans. Dependable Secure Comput. 15(5), 840–852 (2016)
BTCManager: Crypto dusting attack sends illegally obtained bitcoin to random cryptocurrency wallets, January 2019. https://btcmanager.com/crypto-dusting-attack-sends-illegally-obtained-bitcoin-to-random-cryptocurrency-wallets/
CipherTrace: Alert: Crypto dusting is a new type of blockchain spam that corrodes reputations and impacts cryptocurrency AML, December 2018. https://ciphertrace.com/crypto_dusting/
CryptoVest: \$4m iota stolen from wallets which used online seed generation websites, January 2018. https://cryptovest.com/news/4m-iota-stolen-from-wallets-which-used-online-seed-generation-websites/
Electrum: Password protect the JSONRPC interface, November 2017. https://github.com/spesmilo/electrum/issues/3374
F-Secure: Trojan:W32/Trickbot (2019). https://www.f-secure.com/v-descs/trojan_w32_trickbot.shtml
Forum, B.B.: All crypto assets stolen from Exodus, March 2018. https://bitcointalk.org/index.php?topic=3203818.0
Gavrichenkov, A.: Breaking HTTPS with BGP hijacking. In: Black Hat USA Briefings (2015)
GBHackers: Metamask - first copy-and-paste hijacking crypto malware found in Google Play, February 2019. https://gbhackers.com/clipper-hijacking-malware/
Grossman, J.: XSS Attacks: Cross-site Scripting Exploits and Defense. Syngress Media, Syngress (2007). https://books.google.co.in/books?id=dPhqDe0WHZ8C
Haacked: Anatomy of a subtle JSON vulnerability, November 2008. https://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx/
Holub, A., O’Connor, J.: COINHOARDER: tracking a Ukrainian bitcoin phishing ring DNS style. In: 2018 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–5. IEEE (2018)
Li, X., Jiang, P., Chen, T., Luo, X., Wen, Q.: A survey on the security of blockchain systems. Fut. Gener. Computer Syst. (2017)
MalwareBytes: Trojan. TrickBot (2019). https://blog.malwarebytes.com/detections/trojan-trickbot/
McAfee: Cryptojacking. In: Blockchain Threat Report, August 2018. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-blockchain-security-risks.pdf
MyEtherWallet: Official statement regarding dns spoofing of myetherwallet domain, April 2018. https://www.reddit.com/r/MyEtherWallet/comments/8eloo9/official_statement_regarding_dns_spoofing_of/
Naik, A.: Anatomy of a BGP hijack on amazon’s route 53 DNS service, April 2018. https://blog.thousandeyes.com/amazon-route-53-dns-and-bgp-hijack/
News18: Bitcoins worth rs 19 crore stolen from india’s coinsecure, company claims insider job, April 2018. https://www.news18.com/news/business/bitcoins-worth-rs-19-crore-stolen-from-indias-coinsecure-company-claims-insider-job-1717457.html
NewsBTC: Ethereum user reports loss of 7182 eth through mist wallet, May 2016. https://www.newsbtc.com/2016/05/13/ethereum-user-reports-loss-7182-eth-mist-wallet/
NewsBTC: New clipboard hijacker malware monitoring 2.3 million crypto addresses, July 2018. https://www.newsbtc.com/2018/07/02/new-clipboard-hijacker-malware-monitoring-2-3-million-crypto-addresses/
Noction: Bgp hijacking overview, April 2018. https://www.noction.com/blog/bgp-hijacking
Okta: 5 identity attacks that exploit your broken authentication (2018). https://www.okta.com/resources/whitepaper/5-identity-attacks-that-exploit-your-broken-authentication/
Project, T.O.W.A.S.: Cross-site request forgery (CSRF), June 2018. https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
Ramzan, Z.: Phishing attacks and countermeasures. In: Stavroulakis, P., Stamp, M. (eds.) Handbook of Information and Communication Security. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-04117-4_23
ThreatPost: Trickbot malware goes after remote desktop credentials, February 2019. https://threatpost.com/trickbot-remote-desktop/141879/
Vice: Electrum bitcoin wallets were vulnerable to hackers for two years, January 2018. https://www.vice.com/en_us/article/ev55na/electrum-bitcoin-wallets-were-vulnerable-to-hackers-for-two-years-json-rpc
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Pillai, A., Saraswat, V., V. R., A. (2019). Smart Wallets on Blockchain—Attacks and Their Costs. In: Wang, G., El Saddik, A., Lai, X., Martinez Perez, G., Choo, KK. (eds) Smart City and Informatization. iSCI 2019. Communications in Computer and Information Science, vol 1122. Springer, Singapore. https://doi.org/10.1007/978-981-15-1301-5_51
Download citation
DOI: https://doi.org/10.1007/978-981-15-1301-5_51
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-1300-8
Online ISBN: 978-981-15-1301-5
eBook Packages: Computer ScienceComputer Science (R0)