Bitcoin, Blockchain Technology, and Cryptocurrencies

The blockchain based cryptocurrency known as Bitcoin was theorized in a whitepaper published October 28, 2008, by Satoshi Nakamoto (pseudonym) (Nakamoto, 2008). The paper, titled, “Bitcoin: A Peer-to-Peer Electronic Cash System,” laid out a digital currency creation/exchange structure that employs a decentralized ledger that would later run on the author’s open-source application (Nakamoto, 2008). The main innovation of this technology is found within the security benefits provided by the proof-of-work consensus mechanism that requires solving a mathematic trap-door compression function to verify transactions/blocks added to the blockchain. On January 3, 2009, the genesis block, a term for the first block in any given blockchain, was created using Satoshi’s Bitcoin v0.1 software that actualized the concepts in the Bitcoin whitepaper (Bitcoin Core, 2021)

SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets

The rapid growth of decentralized digital currencies, enabled by blockchain technology, has ushered in a new era of peer-to-peer transactions, revolutionizing the global economy. Cryptocurrency wallets, serving as crucial endpoints for these transactions, have become increasingly prevalent. However, the escalating value and usage of these wallets also expose them to significant security risks and challenges. This research aims to comprehensively explore the security aspects of cryptocurrency wallets. It provides a taxonomy of wallet types, analyzes their design and implementation, identifies common vulnerabilities and attacks, and discusses defense mechanisms and mitigation strategies. The taxonomy covers custodial, non-custodial, hot, and cold wallets, highlighting their unique characteristics and associated security considerations. The security analysis scrutinizes the theoretical and practical aspects of wallet design, while assessing the efficacy of existing security measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are examined to understand their causes and consequences. Furthermore, the paper surveys defense mechanisms, transaction monitoring, evaluating their effectiveness in mitigating threats

The Influence of Cryptocurrencies on Enterprise Risk Management – an Empirical Evidence by the Example of Bitcoin

This thesis analyzes the influence of cryptocurrencies in the context of risk management by considering the emerging risk factors of Bitcoin as a payment method. By means of an empirical analysis through an online survey, the current operational dealing of incoming Bitcoin funds, the risk awareness of the potential threats, and the corresponding control activities implemented by companies accepting Bitcoin payments have been examined. The results reveal that the risks of this new technology-based payment method have not been extensively evaluated and that there exists a partially significant lack of know-how. Therefore, the risks are either not at all or improperly addressed by a majority of the organizations. However, the exchange rate risk and the cyber risk, which is a strongly linked to the administration of cryptocurrencies, represent the most significant related risk factors associated with cryptocurrencies in recent times. To ensure an appropriate operational dealing with cryptocurrencies, the author presents a risk control matrix based on the results of the analysis and discusses control activities to mitigate these emerging threats. Finally, a holistic Cryptocurrency IC Framework (following the COSO 2013 IC Framework) is presented, with the objective of effectively and efficiently developing and maintaining systems of internal control with regard to cryptocurrencies.    Keywords: Blockchain; digital assets; Bitcoin; cryptocurrency; IC framework; enterprise risk management

SmartOTPs: An Air-Gapped 2-Factor Authentication for Smart-Contract Wallets

With the recent rise of cryptocurrencies' popularity, the security and management of crypto-tokens have become critical. We have witnessed many attacks on users and providers, which have resulted in significant financial losses. To remedy these issues, several wallet solutions have been proposed. However, these solutions often lack either essential security features, usability, or do not allow users to customize their spending rules. In this paper, we propose SmartOTPs, a smart-contract wallet framework that gives a flexible, usable, and secure way of managing crypto-tokens in a self-sovereign fashion. The proposed framework consists of four components (i.e., an authenticator, a client, a hardware wallet, and a smart contract), and it provides 2-factor authentication (2FA) performed in two stages of interaction with the blockchain. To the best of our knowledge, our framework is the first one that utilizes one-time passwords (OTPs) in the setting of the public blockchain. In SmartOTPs, the OTPs are aggregated by a Merkle tree and hash chains whereby for each authentication only a short OTP (e.g., 16B-long) is transferred from the authenticator to the client. Such a novel setting enables us to make a fully air-gapped authenticator by utilizing small QR codes or a few mnemonic words, while additionally offering resilience against quantum cryptanalysis. We have made a proof-of-concept based on the Ethereum platform. Our cost analysis shows that the average cost of a transfer operation is comparable to existing 2FA solutions using smart contracts with multi-signatures

Improving Security of Crypto Wallets in Blockchain Technologies

A big challenge in blockchain and cryptocurrency is securing the private key from potential hackers. Nobody can rollback a transaction made with a stolen key once the network confirms it. The technical solution to protect private keys is the cryptocurrency wallet, software, hardware, or a combination to manage the keys. In this dissertation, we try to investigate the significant challenges in existing cryptocurrency wallets and propose innovative solutions. Firstly, almost all cryptocurrency wallets suffer from the lack of a secure and convenient backup and recovery process. We offer a new cryptographic scheme to securely back up a hardware wallet relying on the side-channel human visual verification on the hardware wallet. Another practical mechanism to protect the funds is splitting the money between two wallets with small and large amounts. We propose a new scheme to create hierarchical wallets that we call deterministic sub-wallet to achieve this goal. The user can send funds from the wallet with a large amount to a smaller one in a secure way. We propose a multilayered architecture for cryptocurrency wallets based on a Defense-in-Depth strategy to protect private keys with a balance between convenience and security. The user protects the private keys in three restricted layers with different protection mechanisms. Finally, we try to solve another challenge in cryptocurrencies, which is losing access to private keys by its user, resulting in inaccessible coins. We propose a new mechanism called lean recovery transaction to tackle this problem. We make a change in wallet key management to generate a recovery transaction when needed. We implement a proof-of-concept for all of our proposals on a resource-constraint hardware wallet with a secure element, an embedded display, and one physical button. Furthermore, we evaluate the performance of our implementation and analyze the security of our proposed mechanisms