47 research outputs found
Automated Verification of Electrum Wallet
International audienceWe introduce a formal modeling in ASLan++ of the two-factor authentication protocol used by the Electrum Bitcoin wallet. This allows us to perform an automatic analysis of the wallet and show that it is secure for standard scenarios in Dolev Yao model [Dolev 1981]. The result could be derived thanks to some advanced features of the protocol analyzer such as the possibility to specify i) new intruder deduction rules with clauses and ii) non-deducibility constraints
Evaluating Security in Cryptocurrency Wallets
The number of users who are interested in trading Cryptocurrency is tremendously increasing, however, some users of cryptocurrency wallets do not know how to protect themselves or how to use a wallet with high protection. The objective of this paper is to propose a framework to enable users to evaluate the security and privacy of cryptocurrencies wallets. This framework will provide users with a list of attributes that define the degree of user protection in cryptocurrency wallets. This work aims to improve security and privacy in cryptocurrency wallets and enable users of these platforms to interact safely
If I Had a Million Cryptos: Cryptowallet Application Analysis and A Trojan Proof-of-Concept
Cryptocurrencies have gained wide adoption by enthusiasts and investors. In this work, we examine seven different Android cryptowallet applications for forensic artifacts, but we also assess their security against tampering and reverse engineering. Some of the biggest benefits of cryptocurrency is its security and relative anonymity. For this reason it is vital that wallet applications share the same properties. Our work, however, indicates that this is not the case. Five of the seven applications we tested do not implement basic security measures against reverse engineering. Three of the applications stored sensitive information, like wallet private keys, insecurely and one was able to be decrypted with some effort. One of the applications did not require root access to retrieve the data. We were also able to implement a proof-of-concept trojan which exemplifies how a malicious actor may exploit the lack of security in these applications and exfiltrate user data and cryptocurrency
SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets
The rapid growth of decentralized digital currencies, enabled by blockchain
technology, has ushered in a new era of peer-to-peer transactions,
revolutionizing the global economy. Cryptocurrency wallets, serving as crucial
endpoints for these transactions, have become increasingly prevalent. However,
the escalating value and usage of these wallets also expose them to significant
security risks and challenges. This research aims to comprehensively explore
the security aspects of cryptocurrency wallets. It provides a taxonomy of
wallet types, analyzes their design and implementation, identifies common
vulnerabilities and attacks, and discusses defense mechanisms and mitigation
strategies. The taxonomy covers custodial, non-custodial, hot, and cold
wallets, highlighting their unique characteristics and associated security
considerations. The security analysis scrutinizes the theoretical and practical
aspects of wallet design, while assessing the efficacy of existing security
measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are
examined to understand their causes and consequences. Furthermore, the paper
surveys defense mechanisms, transaction monitoring, evaluating their
effectiveness in mitigating threats
The Cryptoeconomy: October 2014
https://digitalcommons.nyls.edu/center_for_business_and_financial_law_projects/1008/thumbnail.jp
The Cryptoeconomy: October 2014
https://digitalcommons.nyls.edu/center_for_business_and_financial_law_projects/1008/thumbnail.jp