Skip to main content

Smart Wallets on Blockchain—Attacks and Their Costs

  • Conference paper
  • First Online:
Smart City and Informatization (iSCI 2019)

Abstract

Smart wallets are the future of e-payments and digital payments but to utilize them to their full potential, we need to secure them from malicious actors who have already started exploiting various vulnerabilities in the existing wallets. In this work, we study the existing attacks and vulnerabilities and present possible hypothetical attack scenarios which may get executed in future by these particular vulnerabilities. We have surveyed on different attacks with comparison of attack cost and benefits of the attacker and comparison of mitigation cost and damage cost of each attack. We focus on the different attacks and usecases on the blockchain smart wallets which would help developers to secure the smart wallets. We describe each attack with its mechanism, usecase, benefits and requirements of attacker for successful attack with the possible damage scenarios and consequences, comparison of attack cost and benefits, comparison of mitigation cost and damage cost, possible mitigation and some security measures for each attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Aitzhan, N.Z., Svetinovic, D.: Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams. IEEE Trans. Dependable Secure Comput. 15(5), 840–852 (2016)

    Article  Google Scholar 

  2. BTCManager: Crypto dusting attack sends illegally obtained bitcoin to random cryptocurrency wallets, January 2019. https://btcmanager.com/crypto-dusting-attack-sends-illegally-obtained-bitcoin-to-random-cryptocurrency-wallets/

  3. CipherTrace: Alert: Crypto dusting is a new type of blockchain spam that corrodes reputations and impacts cryptocurrency AML, December 2018. https://ciphertrace.com/crypto_dusting/

  4. CryptoVest: \$4m iota stolen from wallets which used online seed generation websites, January 2018. https://cryptovest.com/news/4m-iota-stolen-from-wallets-which-used-online-seed-generation-websites/

  5. Electrum: Password protect the JSONRPC interface, November 2017. https://github.com/spesmilo/electrum/issues/3374

  6. F-Secure: Trojan:W32/Trickbot (2019). https://www.f-secure.com/v-descs/trojan_w32_trickbot.shtml

  7. Forum, B.B.: All crypto assets stolen from Exodus, March 2018. https://bitcointalk.org/index.php?topic=3203818.0

  8. Gavrichenkov, A.: Breaking HTTPS with BGP hijacking. In: Black Hat USA Briefings (2015)

    Google Scholar 

  9. GBHackers: Metamask - first copy-and-paste hijacking crypto malware found in Google Play, February 2019. https://gbhackers.com/clipper-hijacking-malware/

  10. Grossman, J.: XSS Attacks: Cross-site Scripting Exploits and Defense. Syngress Media, Syngress (2007). https://books.google.co.in/books?id=dPhqDe0WHZ8C

  11. Haacked: Anatomy of a subtle JSON vulnerability, November 2008. https://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx/

  12. Holub, A., O’Connor, J.: COINHOARDER: tracking a Ukrainian bitcoin phishing ring DNS style. In: 2018 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–5. IEEE (2018)

    Google Scholar 

  13. Li, X., Jiang, P., Chen, T., Luo, X., Wen, Q.: A survey on the security of blockchain systems. Fut. Gener. Computer Syst. (2017)

    Google Scholar 

  14. MalwareBytes: Trojan. TrickBot (2019). https://blog.malwarebytes.com/detections/trojan-trickbot/

  15. McAfee: Cryptojacking. In: Blockchain Threat Report, August 2018. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-blockchain-security-risks.pdf

  16. MyEtherWallet: Official statement regarding dns spoofing of myetherwallet domain, April 2018. https://www.reddit.com/r/MyEtherWallet/comments/8eloo9/official_statement_regarding_dns_spoofing_of/

  17. Naik, A.: Anatomy of a BGP hijack on amazon’s route 53 DNS service, April 2018. https://blog.thousandeyes.com/amazon-route-53-dns-and-bgp-hijack/

  18. News18: Bitcoins worth rs 19 crore stolen from india’s coinsecure, company claims insider job, April 2018. https://www.news18.com/news/business/bitcoins-worth-rs-19-crore-stolen-from-indias-coinsecure-company-claims-insider-job-1717457.html

  19. NewsBTC: Ethereum user reports loss of 7182 eth through mist wallet, May 2016. https://www.newsbtc.com/2016/05/13/ethereum-user-reports-loss-7182-eth-mist-wallet/

  20. NewsBTC: New clipboard hijacker malware monitoring 2.3 million crypto addresses, July 2018. https://www.newsbtc.com/2018/07/02/new-clipboard-hijacker-malware-monitoring-2-3-million-crypto-addresses/

  21. Noction: Bgp hijacking overview, April 2018. https://www.noction.com/blog/bgp-hijacking

  22. Okta: 5 identity attacks that exploit your broken authentication (2018). https://www.okta.com/resources/whitepaper/5-identity-attacks-that-exploit-your-broken-authentication/

  23. Project, T.O.W.A.S.: Cross-site request forgery (CSRF), June 2018. https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

  24. Ramzan, Z.: Phishing attacks and countermeasures. In: Stavroulakis, P., Stamp, M. (eds.) Handbook of Information and Communication Security. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-04117-4_23

    Chapter  Google Scholar 

  25. ThreatPost: Trickbot malware goes after remote desktop credentials, February 2019. https://threatpost.com/trickbot-remote-desktop/141879/

  26. Vice: Electrum bitcoin wallets were vulnerable to hackers for two years, January 2018. https://www.vice.com/en_us/article/ev55na/electrum-bitcoin-wallets-were-vulnerable-to-hackers-for-two-years-json-rpc

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Vishal Saraswat .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pillai, A., Saraswat, V., V. R., A. (2019). Smart Wallets on Blockchain—Attacks and Their Costs. In: Wang, G., El Saddik, A., Lai, X., Martinez Perez, G., Choo, KK. (eds) Smart City and Informatization. iSCI 2019. Communications in Computer and Information Science, vol 1122. Springer, Singapore. https://doi.org/10.1007/978-981-15-1301-5_51

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-1301-5_51

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-1300-8

  • Online ISBN: 978-981-15-1301-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics