Let’s talk a little about wallets in cryptocurrencies. By “cryptocurrency”, I, in the first place, will have in mind Bitcoin. In other cryptocurrencies the situation is similar and if you are interested in details, you can check this out yourself.
Despite the ongoing hype around cryptocurrency and blockchain as technology, in my opinion, very few people are talking about the security of these solutions. Everyone is concentrating on the various advantages that blockchain technology provides, discussing the mining and jumping courses of cryptocurrency, while it is security that is critical, especially when it comes to money or distributed property registries. All information for the article is taken from open sources, such as https://bitcoin.org, https://en.bitcoin.it/wiki, https://bitcointalk.org, https://github.com and others.
Below is a shallow review of the cryptocurrency wallets and their security. The more I immersed myself in this topic while writing the article, the more I was surprised that there are so few hackers and withdrawals from users of the same Bitcoin. But first things first.
What is a wallet in cryptocurrency?
Let me examine a little terminology. Under wallets in cryptocurrency understand at the same time:
- Set of keys for access to money;
- Programs that manage these keys and allow you to conduct transactions on the cryptocurrency network.
In order not to be confused, when we talk about a set of keys, I will use the term “private key”. Although we all understand that in the key pair there is also an open pair, and also that the pairs themselves can be several.
We will talk about the wallet exactly as a means of managing, storing and conducting transactions. Without a wallet, you can not receive, save or spend your bitcoins or funds in another cryptocurrency. The wallet is your personal interface to a cryptocurrency network, similar to a bank account for a currency.
In fact, the security of storing your funds in the cryptocurrency depends very much on the wallet that you use. And the security of the wallet itself is largely based on the security of operations with private keys.
All wallets are divided into “hot” and “cold”. “Hot” is called a cryptocurrency wallet, funds from which you can spend at any time. The “cold” wallet acts in the opposite way. It is not intended for the regular sending of cryptocurrency, but nevertheless, the funds for it can be obtained at any time. The simplest “cold” wallet is a sheet of paper on which the private key from your wallet is recorded.
A “hot” Bitcoin wallet is an application, a website, or a device that manages your private keys. The most popular are, of course, applications, both mobile and desktop, as well as websites. Let’s take a closer look at each of these species and see what threats the use of this or that wallet hides.
Since there are a lot of wallets, I decided to study only those that are presented on the site https://bitcoin.org/. As software wallets for a personal computer there are:
Requirements for wallets
The first thing that we pay attention to is the recommendations of the site bitcoin.org regarding the security of using a particular wallet. When downloading you will show 6 requirements and information about what requirements each of these wallets are observed, and which are not. Most of these requirements are directly or indirectly associated with information security, and therefore with the security of your funds.
These requirements, as well as levels of compliance with these requirements.
Control over your money
- Full control. No one can freeze your account or lose your money. However, you must remember that the responsibility for security and backing up your private key is entirely up to you.
- Joint control. The wallet requires that each transaction be authorized by both you and the third party. Usually, you can restore full control over your funds using the original backup or a pre-signed transaction sent by e-mail.
- Hosting control. The wallet gives you access to your funds. However, it stores an encrypted copy of your private key. So your money can be stolen if you do not use a reliable password or if the service is compromised.
- Money is under the control of a third party. This means that you must trust this service, and hope that it will not lose your funds as a result of the incident on its side. At the moment, most online wallets do not insure deposits like a bank, and many services in the past have had security problems.
I do not know about you, but I do not like the last two levels of control at all. The story about a reliable password sounds very bad. And it’s not even that users have big problems with creating, entering and remembering really reliable passwords, but that key loggers are still there.
And if to be completely realistic, then hardly anyone reads these warnings. And if he does, then not everyone understands how much security problems there are.
- Complete. The wallet is a full node, which checks the validity and conducts operations on the network. When checking payments, trust in a third party is not required. Full nodes provide the highest level of security and are important for protecting the network. However, they need more disk space (over 145 GB), bandwidth and more time for initial synchronization.
- Simplified or decentralized. The wallet uses a random server from the server list. This means that you must trust these servers when checking payments. This is not as secure as using a wallet, which is a complete node.
- Centralized. The default wallet relies on a centralized server. So, you must 100% trust this third party in matters of concealment or forgery of payments
The use of full nodes by all network participants, in my opinion, is both one of the pillars and, at the same time, one of the main drawbacks of blockchain technology. Since the number of transactions in both relative and absolute values is constantly growing, the size of the wallet itself will also grow continuously. And to store several Tb of data for carrying out a couple of transactions per day, few people want.
Alternative solutions have obvious security problems. The list of servers, in the case of a decentralized check, should be well protected. And as if the next virus did not leave only one infected server on this list.
And I’m not even going to say anything about one hundred percent trust to a third party.
By the way, the supporters of cryptocurrencies like to pay attention in this case to the fact that the banking system is arranged in a similar way. This is certainly so. But banks are regulated by numerous standards, and if there is a new problem / vulnerability, then your funds will be protected by insurance. Therefore, cryptocurrency services still have a lot to grow.
- Full transparency. The source codes of the wallet are open, and the assembly procedure is fixed. Any developer in the world can audit the code and make sure that the executable code does not hide any secrets.
- Basic transparency. Developers have published the source code of the wallet. Any developer in the world can audit the code. However, you must trust the developers when installing or updating the software of your wallet.
- Remote application. The wallet is downloaded from the remote service. So when you use a wallet, you have to trust the developers in issues related to theft or loss of your funds as a result of the incident. Using an extension for a browser or mobile application can reduce these risks.
The source code is generally a painful issue. So let’s dwell on it in detail.
Most of all I like the phrase “Any developer in the world can audit the code”. Yeah, of course. First, the developer should know well the specific programming language on which the particular wallet is written. And this immediately cuts off a big chunk from “any developer in the world.”
Secondly, not every developer is at the same time an expert in information security or has the experience of writing secure code. I will give a banal example:
memset(password, 0, sizeof(password))
Open the articles from PVS-studio developers and remember what mistakes developers sometimes make. And even those developers who are well versed in security issues (for example, boring article about the verification of OpenSSL).
Therefore, a very limited number of developers can fully audit the entire wallet code. Most of which have a lot of interesting tasks, in addition to this audit. Even if one of them is interested in this task, it will be performed only for a certain commit in git. So, to assess the security of the code at a particular point in time is not easy.
What do guys mean from the Bitcoin site under a fixed build procedure could not be exactly understood. There are problems with the assembly. For example, how to understand that the assembly or update you get is collected from the correct source codes. Let’s be realistic – to collect a wallet from the source code will be only a few people. The best thing you can do is check the hash from a freshly installed installer with a hash that is listed on the official site. And I hope that the site has not been compromised and that it is the correct hash, and also to trust the developers and collectors of the wallet, as well as site administrators.
In order to completely close the question about the source code, I decided to look in the source code of Bitcoin Core itself, which, according to all the indicators that have already been described and those described further, takes a leading position. Examples of the code and the conclusions that I made by skimming through the source code, see below.
The transparency bonus
There is one more interesting aspect that I discovered quite by accident. Let’s say you decided to use the Bitcoin Armory wallet, which modestly positions itself as a BEST BITCOIN WALLET. In the description you will find – “Armory is the most secure and full featured solution available for users and institutions to generate and store Bitcoin private keys”. Typing in Google the name of the wallet, you’ll find that the wallet has 2 sites. The first https://www.bitcoinarmory.com – commercial with beautiful words, in the issuance of the stamp. The second https://btcarmory.com is more technical, the link with https://bitcoin.org/ will lead you to it.
So, on the technical site, on the main page in the news, you will find a warning:
Commercial site does not write such nonsense =) You do not have to worry about such stupid occasions.
Security of the environment
- Two-factor authentication. You can download your wallet in an insecure environment. However, the service requires two-factor authentication. So, to steal your funds you need access to several devices or accounts.
- Safe environment. The wallet works on a mobile device, where applications are usually isolated. This provides good protection against malware, although mobile devices are more likely to get lost or to be stolen. Encrypting your mobile device and backing up your wallet can reduce this risk.
- Vulnerable environment. The wallet can be downloaded to computers that are potentially vulnerable to malware. If you increase the security of your computer using a complex password, transfer most of your funds to offline storage or activate two-factor authentication, then your bitcoins will be more difficult to steal.
I like the terms in which these requirements are described. It seems that the developers decided to immediately hint that your money will be stolen. The only question is how much effort and time it will take.
Using reliable two-factor authentication can really help solve many problems with information security.
The key word here is “reliable”. And also correctly realized. And with this, not always everything works out well. For example, blockchain.info will offer you good old SMS as a second factor. No one is interested in the same NIST recommendations in Special Publication 800-63B:
[Out of band verification] using SMS is deprecated, and will no longer be allowed in the future.
More details about the correct two-factor authentication, we’ll talk in the next article, which will be considered in more detail hardware wallets for cryptocurrency.
On the security of computers and mobile devices we will not go into detail. It is enough to read any of the reports of Kaspersky Lab or other serious players in the security market to independently draw conclusions.
The next two points are not directly related to the safety of storing your funds. Therefore, I will not dwell on them in detail, but I will bring them here for the sake of completeness.
- Improved. The wallet makes it difficult to keep track of your balances and payments by rotating the used addresses. You should use a new bitcoin address every time you request a payment. The wallet does not transmit information about them to other nodes of the network when receiving or sending payments. The wallet allows you to configure and use Tor as a proxy to prevent cybercriminals or ISPs from linking your payments to your IP address.
- Basic. The wallet makes it difficult to keep track of your balances and payments by rotating the used addresses. You should use a new bitcoin address every time you request a payment. The wallet uses central servers that can link your payments together and remember your IP address. The wallet allows you to configure and use Tor as a proxy to prevent cybercriminals or ISPs from linking your payments to your IP address.
- Weak. The wallet allows anyone to follow your balance and payments, because it reuses the same addresses. Discloses limited information to other participants. Other network hosts can remember your IP address and subsequently link all payments that you received or sent. Tor is not supported.
Even if you use the cryptocurrency completely legally (although what is legal with respect to cryptocurrency is a big question), then you will not be hindered by additional privacy. And really to open the balance and expenses, so in general nobody will want. Your KO.
- Full control over the commission. The wallet will allow you to change the commission after sending funds using RBF or CPFP. This wallet also gives advice on the commission, depending on the current state of the network for carrying out the transaction on time and without overpayment.
- Dynamic commissions. The wallet gives advice on the commission depending on the current state of the network, which you can override. This means that the wallet will help you in choosing the right commission for carrying out the transaction on time without overpaying, but at the same time gives full control over the installation of the commission, if you want.
- Static commissions. The wallet does not give any suggestions on the commission, given the current state of the network. This means that your transactions may take longer if the commission is too low, or you can pay too high a commission.
Let’s sum up the results
All requirements are very reasonable. Moreover, this list could be further expanded to improve the level of security.
Having carefully studied all these requirements, you want to find a wallet that would satisfy them to the maximum. And here comes the most interesting. At https://bitcoin.org there is not a single wallet that would satisfy all the requirements.
At best, you can choose Bitcoin Core or Bitcoin Knots, for which there will be such a picture:
Or you will use Electrum, for which such a picture:
Using green creates a false impression of full satisfaction. This design was clearly chosen intentionally, which means that the creators of the portal decided to slightly manipulate an ordinary user. Not good it.
This could have already been completed, but several other important things should be said.
Working with private keys using Bitcoin Core as an example
Let’s go a little farther and see how the storage and working with private keys take place in the example of software clients. As we have already seen, malware can access the private keys of your wallet. The question is how easy or difficult it really is to do.
First of all, let’s see how Bitcoin Core does it. This process is well described in the Bitcoin wiki itself. As you saw in the screenshot above, this client is marked as one of the most advanced and satisfying to most requirements.
The private keys of your wallet are stored together with other information in the file wallet.dat in the format “bitkeys”. This file can be encrypted, or it may not be. By default, of course, nothing is encrypted. You are a competent user and you will find the button you need. Encrypted only information about private keys using the algorithm AES-256-CBC. In this case, the so-called master key is used as the encryption key – a random number. In this case, the master key itself is encrypted on the key received from the passphrase using SHA-512 and the OpenSSL function – EVP_BytesToKey. The number of rounds of encryption is determined by the speed of the computer on which the initial encryption takes place.
After that, your wallet is used by the client in the usual mode. This state is called “locked”. If at some point, you need to access the private wallet keys, then you need to enter the passphrase in the client GUI or use the walletpassphrase command in RPC. In this case, the private keys will be decrypted, and the wallet will go into the “unlocked” state. In the first case, he will be in this state exactly as much as necessary for the implementation of a particular operation. In the second case, the time through which the wallet returns to the locked state is determined by the second parameter in the RPC request!
The code looks like this:
int64_t nSleepTime = request.params.get_int64(); pwallet->nRelockTime = GetTime() + nSleepTime; RPCRunLater(strprintf(“lockwallet(%s)”, pwallet->GetName()), boost::bind(LockWallet, pwallet), nSleepTime);
It looks very nice. A regular wallet user is unlikely to launch a server, unless he misses the file. But an attacker …
With GUI and storage of the same passphrase in memory, too, everything is not very simple. The guys implemented a special class for storing such data – SecureString. Implemented in general, not bad, the rake using memset successfully bypassed. But here they keep it in memory longer than it should.
For example, our GUI does this (slightly corrected for clarity, curious to ask askpassphrasedialog.cpp: 154):
QMessageBox::critical(this, tr(“Wallet unlock failed”),
tr(“The passphrase entered for the wallet decryption was incorrect.”));
QDialog::accept(); // Success
In the beginning, we’ll do accept (), and only then our oldpass will exit the scope and clean up. It is clear that a more secure code will not turn out so beautiful, as less secure. But do we work with money here?
In my opinion, this perfectly confirms my concern about the open source of the wallet. The openness of source codes is not equal to security.
I will try to foresee the first comments and immediately answer them:
- Yes, you can make some set of rules for using crypto-wallets, which will significantly increase the level of security of your funds. The ease of use will certainly suffer greatly.
- Yes, there are customers who are much safer than others. The problem is that the rest also exist and are recommended by the official site.
The purpose of the article is to draw the community’s attention to the problems that need to be addressed, rather than to adjust someone against new technologies.
But since we start working with the new technology, we must do it technically and not forget about information security.