Beatcoin: Leaking private keys from air-gapped cryptocurrency wallets

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Cryptocurrency wallets store the wallet's private key(s), and hence, are a lucrative target for attackers. With possession of the private key, an attacker virtually owns all of the currency in the compromised wallet. Managing cryptocurrency wallets offline, in isolated ('air-gapped') computers, has been suggested in order to secure the private keys from theft. Such air-gapped wallets are often referred to as 'cold wallets.' In this paper we show how private keys can be exfiltrated from air-gapped wallets. In the adversarial attack model, the attacker infiltrates the offline wallet, infecting it with malicious code. The malware can be preinstalled or pushed in during the initial installation of the wallet, or it can infect the system when removable media (e.g., USB flash drive) is inserted into the wallet's computer in order to sign a transaction. These attack vectors have repeatedly been proven feasible in the last decade (e.g., [1], [2], [3], [4], [5], [6], [7], [8], [9], [10]). Having obtained a foothold in the wallet, an attacker can utilize various air-gap covert channel techniques (bridgeware [11]) to jump the airgap and exfiltrate the wallet's private keys. We evaluate various exfiltration techniques, including physical, electromagnetic, electric, magnetic, acoustic, optical, and thermal techniques. This research shows that although cold wallets provide a high degree of isolation, it's not beyond the capability of motivated attackers to compromise such wallets and steal private keys from them. We demonstrate how a 256-bit private key (e.g., Bitcoin's private keys) can be exfiltrated from an offline, air-gapped wallet of a fictional character named Satoshi within a matter of seconds.

Original languageEnglish
Title of host publicationProceedings - IEEE 2018 International Congress on Cybermatics
Subtitle of host publication2018 IEEE Conferences on Internet of Things, Green Computing and Communications, Cyber, Physical and Social Computing, Smart Data, Blockchain, Computer and Information Technology, iThings/GreenCom/CPSCom/SmartData/Blockchain/CIT 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1308-1316
Number of pages9
ISBN (Electronic)9781538679753
DOIs
StatePublished - 1 Jul 2018
Event11th IEEE International Congress on Conferences on Internet of Things, 14th IEEE International Conference on Green Computing and Communications, 11th IEEE International Conference on Cyber, Physical and Social Computing, 4th IEEE International Conference on Smart Data, 1st IEEE International Conference on Blockchain and 18th IEEE International Conference on Computer and Information Technology, iThings/GreenCom/CPSCom/SmartData/Blockchain/CIT 2018 - Halifax, Canada
Duration: 30 Jul 20183 Aug 2018

Publication series

NameProceedings - IEEE 2018 International Congress on Cybermatics: 2018 IEEE Conferences on Internet of Things, Green Computing and Communications, Cyber, Physical and Social Computing, Smart Data, Blockchain, Computer and Information Technology, iThings/GreenCom/CPSCom/SmartData/Blockchain/CIT 2018

Conference

Conference11th IEEE International Congress on Conferences on Internet of Things, 14th IEEE International Conference on Green Computing and Communications, 11th IEEE International Conference on Cyber, Physical and Social Computing, 4th IEEE International Conference on Smart Data, 1st IEEE International Conference on Blockchain and 18th IEEE International Conference on Computer and Information Technology, iThings/GreenCom/CPSCom/SmartData/Blockchain/CIT 2018
Country/TerritoryCanada
CityHalifax
Period30/07/183/08/18

Fingerprint

Dive into the research topics of 'Beatcoin: Leaking private keys from air-gapped cryptocurrency wallets'. Together they form a unique fingerprint.

Cite this