2018 Global Cryptocurrency Wallet Security White Paper

Foreword

2017 was a landmark year for the cryptocurrency industry—the value of Bitcoin alone increased 1,300%—leading many people to finally recognize cryptocurrency as a true sea change for the financial industry. But at the same time, cryptocurrency remains an extremely controversial topic, with many experts still criticizing it as just another bubble waiting to pop.

The sudden rise in Bitcoin has triggered substantial interest in the future prospects of the cryptocurrency market, and 2018 will prove to be an important year for the industry. Security is the most critical aspect of the cryptocurrency industry, and will ultimately determine the sustainability of its development and adoption. As such, the creation of secure and reliable cryptocurrency wallets for the safe storage of crypto-assets is extremely important.

By leveraging our long-term experience in the security software industry, combined with extensive analysis of current blockchain technologies and products, Cheetah Mobile Blockchain Research Lab and Cheetah Lab, have jointly published the 2018 Global Cryptocurrency Wallet Security White Paper, which carefully explores the security risks currently facing the cryptocurrency wallet industry, puts forward security recommendations for wallet users, and outlines the security standards to which all safe cryptocurrency wallets should adhere.

Part 1: The Purpose of Cryptocurrency Wallets

What are cryptocurrency wallets?

Cryptocurrency is a type of digital currency based on blockchain technology, while cryptocurrency wallets are software programs specifically designed for managing these digital assets.

Cryptocurrency wallets offer a variety of basic functions, including the ability for users to create addresses to receive digital assets, transfer digital assets, and check their balance and transaction histories.

Digital wallets allow users to set up one or more addresses based on cryptographic principles, with each address corresponding to a pair of keys consisting of a private key and a public key.

Public keys are generated from private keys through a fixed calculation. They possess one-to-one correspondence with private keys in that they are mathematically linked. Public keys can only be decrypted by the corresponding private key that is known only to the recipient, thereby giving the recipient control of the assets within a wallet's corresponding address.

Private keys are the only way to ensure control over one's digital assets, so the protection of private keys is the most important function of a cryptocurrency wallet. The methods in which a digital wallet generates and stores private keys determines whether or not your digital assets are safe.

When people talk about protecting their digital assets, they are really talking about protecting their private keys. A wallet can only be considered safe if it can securely manage private keys.

Mnemonic phrases are another way of displaying private keys. These phrases, consisting of a random list of words, are easier to remember than long and complicated private keys, and can be written down on a piece of paper as extra backup. The secure management of mnemonic phrases is also a critical function of blockchain wallets.

How are cryptocurrency wallets categorized?

What are the features of cryptocurrency wallets?

Cryptocurrency wallets are tools for managing and storing private keys, which give users control over the digital assets stored at corresponding addresses. The basic features of cryptocurrency wallets are as follows:

1. Private key generation and management
2. Mnemonic phrase generation and management
3. Wallet address generation
4. Uploading private keys and mnemonic phrases generated by other wallets
5. Digital asset transfers

Part 2: The Potential Safety Risks of Cryptocurrency Wallets

The primary security threats to cryptocurrency wallets involve either user behavior or the security features of each individual wallet.

Unsafe User Behavior

1. The dangers of entrusting private keys to cryptocurrency exchanges
   Many people allow their private keys to be stored on the servers of different service providers. All cryptocurrency exchanges store users' private keys in this way. If users want to manage their assets on these types of platforms, they are forced to perform the following actions: 1) Register on the service provider's website; 2) Log onto the service provider's website using their account information; and 3) Perform actions within the website. Just by completing these few actions, users have exposed themselves to at least four potential security threats.

Service providers can be hacked
Every year numerous exchanges are successfully hacked, leading to the loss of assets. Because cryptocurrency assets are anonymous and can't be traced, once digital assets are lost or stolen, they can never be recovered.

Account names and passwords can be compromised
It is very common for people to use the same name and password to register with multiple websites. If hackers are able to figure out your login information on any one of these websites, they can use this information to access your account on a cryptocurrency exchange, after which they can easily steal your digital assets.

Internet browser threats.
Hackers can exploit security loopholes within browsers, as well as browser plugins to access users' account information.

Network traffic threats
Network traffic is frequently targeted by man-in-the-middle (MITM) attacks and HTTPS certificate hijacking.

1. The dangers of SPV wallets
   A simplified payment verification (SPV) wallet refers to a wallet application that doesn't download the entire blockchain, but instead connects to a trusted node for verification in order to implement a transaction. All wallets found on mobile devices can be considered SPV wallets.

With SPV wallets, private keys are generated in one of two ways: on a cloud server or by the mobile client itself. Cloud-generated private keys are stored on the servers of the service provider, so if hackers are able to successfully access the server, your digital assets are at great risk of being stolen. As for the second type of SPV wallet, the security of the device on which your wallet is stored becomes increasingly important. This will be discussed in greater detail later.

1. Keyboard input risks
   Generally speaking, to complete digital transactions, a user must enter a personal identification number (PIN) to verify their identity. Therefore, the ability to avoid keystroke logging, or the action of recording the keys struck on a computer or mobile device, is critical for maintaining the security of any finance-related software, including cryptocurrency wallets. By utilizing encrypted safe keyboard technology, digital wallets can greatly increase user safety when entering in their PINs.

Technical Security Risks
Secure cryptocurrency wallets must be equipped with comprehensive security measures that have undergone rigorous security testing in order to avoid the loss or theft of private keys and mnemonic phrases. Cheetah Mobile Blockchain Research Lab believes that cryptocurrency wallets must protect users in five key areas to truly be considered secure:

1. Operational environment risks
   Cryptocurrency wallet files—private keys/mnemonic phrases—are stored on a terminal device. It doesn't matter whether it is a PC or a mobile phone, if your terminal device is hacked, it represents a major risk to your private keys and mnemonic phrases. A safe digital wallet needs to protect your private keys from being stolen, regardless of the operational environment. Operational security risks include virus software, operating system vulnerabilities and hardware backdoors.

Virus software
One difference between cryptocurrency wallets and traditional banking or payment software is that with cryptocurrency wallets, users have no way of reporting lost or stolen assets. Cryptocurrency wallets don't even allow you to freeze your account once you notice your assets are disappearing. Once a hacker gets a hold of your assets, they are gone forever. Although they can't help recover lost assets, safe digital wallets are able to avoid this situation in the first place by scanning your PC/phone for viruses and other potential threats.

Operating system vulnerabilities
By exploiting vulnerabilities, hackers have the ability to easily bypass an operating system's security barriers and sandbox mechanisms, and gain the ability to visit users' digital wallet private keys. Whether it is Android, iOS, Windows or Linux, every year a huge number of security vulnerabilities are exposed, including local kernel vulnerabilities. By exploiting these vulnerabilities, hackers can easily break through the security barriers of operation systems, and gain access to users' digital wallet private keys.
Currently the security capabilities of most cryptocurrency wallets rely completely on the security barriers of operating systems. Many still rely on static passwords, even plain text passwords, for the storage and management of private keys. They also rely on operating system security barriers to restrict visits from other apps. Due to the lack of safeguards against operating system loopholes, if users of these wallets install apps that contain local kernel vulnerabilities, their digital assets will be seriously susceptible to attack.

Hardware loopholes
By leveraging the structural design vulnerabilities of CPUs, hackers are able to read users' private keys and mnemonic phrases through cached content that remains after a CPU processes confidential information. Recent examples of this include Meltdown and Spectre.

1. Network traffic security risks
   Network traffic security is primarily reflected by the ability to resist MITM attacks. MITM refers to attackers establishing independent connections between the two interacting terminals and intercepting the data being exchanged. The two terminals think they are communicating via a secure connection, but in fact the entire conversation is being tracked by hackers.

Even though most digital wallets communicate via HTTPS protocol and server-side operations, MITM attackers are still able to install digital certificates on users' PC/phones to gain access to HTTPS protocol content. Safe cryptocurrency wallets must be able to scan the validity of all digital certificates on the PC/phone, while inspecting network proxy settings. They must also be able to ensure the fundamental security of the network traffic environment.

Another important standard by which to evaluate the secureness of a digital wallet app is whether or not bi-directional detection methods were used to verify communications on the network traffic level during the development stage.

1. File storage security risks
   The way in which PC/phone devices store a digital wallet's private keys is very important, and must be considered carefully. Access permissions for the private key file storage directory, private key storage formats, and encryption algorithms must all be designed up to rigorous standards.

After analyzing many of the mainstream digital wallets, we have discovered that even the most popular wallets are relatively relaxed regarding private key storage. They either utilize plain text storage, or if they use encrypted storage, the secret key for decryption is hard coded into the source code without any security safeguards.

1. In-app security risks
   In-app security risks are primarily found within an app's install package. Whether or not app install packages contain anti-tampering features is extremely important. Additionally, memory security during app usage, reverse debugging capabilities, the life cycle management of private keys, the secureness of the debugging log and the security of the development process all must be designed to standard.

2. Data backup security risks
   If mobile apps are able to be backed up, then hackers can use machines with strong computational power to enact brute force attacks against private keys and mnemonic phrases. For example, if an app enables android:allowBackup as its default setting, then the app's data files are backed up using the operating system's backup mechanisms, which means a digital wallet's private keys are also being backed up to an external medium. This creates another way for hackers to get around the operating system's security barriers.

Part 3: How to respond to cryptocurrency wallet security risks

Cheetah Mobile Blockchain Research Lab proposes the following steps that developers and users can take to avoid security risks:

If a cryptocurrency app developer discovers a security flaw within their app, they can reference the standards found in this white paper to rectify the flaw, and then release an update for users. Users must then upgrade to the latest version of the app, create a new encrypted wallet address, transfer their old digital assets to the new address, and then cancel the old address.
For users who are currently using cryptocurrency wallets that contain security vulnerabilities, they should switch to a safer wallet immediately until the app developer fixes the problem with an update. They should then create an entirely new wallet address, transfer their digital assets from their old wallet to the new address, and cancel the old address.

Part 4: Security standards of cryptocurrency wallets

Security is the primary function of a cryptocurrency wallet. Cheetah Mobile Blockchain Research Lab and Cheetah Lab both believe that a safe cryptocurrency wallet should protect users' private keys and mnemonic phrases at all times and under any circumstance. Based on this principle, cryptocurrency wallets should be designed with the following security systems: basic security system; private key management security system; development process security system; and user behavior security system.

Cheetah Mobile's SafeWallet cryptocurrency wallet was designed and developed based on the above table in order to address all of the security risks outlined in this paper.

Cheetah Mobile Blockchain Research Lab and Cheetah Lab hope that by publishing this cryptocurrency wallet security white paper, users can more clearly understand the security issues surrounding cryptocurrency wallets and increase their vigilance against security threats. Also, by outlining the security standards for cryptocurrency wallets, we can help advance the security capabilities of the cryptocurrency wallet industry as a whole and jointly safeguard users' digital assets.

Cheetah Mobile Blockchain Research Lab official website: https://www.cmcmbc.com