Wallets and Their Attack Vectors
The term “wallet” is already confusing. Because your ada aren’t in your wallet on your PC. No, better think wallets would be like web browsers and your ada are somewhat like websites that you can control with the knowledge of corresponding addresses. (private keys)
I think this comes much closer to reality. Then, it’s no wonder that you can install a wallet with the same seed words on several PCs and all display the same content, because they simply query the blockchain.
There are basically 3 types of wallets: software, paper and hardware wallets. I would also like to discuss web wallets, which are, to be precise, also software wallets.
All wallets have their own attack vectors, but they have one thing in common: if someone manages to get your seed words, it’s over. Your ada will be gone. Forever.
Occasionally you will find two additional terms: cold wallet and hot wallet, which I would like to mention briefly.
A cold wallet is not connected to the internet, like a paper wallet. Daedalus can create such paper wallets.
Hardware wallets are special types of cold wallets. Most of the time they are offline, but are connected to a computer from time to time. The secure chip on which your private key is stored, is separate from the rest of the system and always “offline”.
A proven approach is to secure a small portion of your ada in a hot wallet and most of your ada in a cold wallet. You can stake your ada from any kind of wallet, by the way. Even from a paper wallet.
Software wallets, such as Daedalus or Yoroi, are the most common type. When the wallet is created, a private key is generated and encrypted using the spending password in a wallet file on the computer or smartphone.
Some people might think the spending password would additionally protect the seed words. However, this is not the case. Whoever has the seed words, does not need a spending password. It is only there to encrypt your private key on the hard disk, in case it gets stolen. For this reason, you must also enter the spending password when you send ada, delegate to a pool, or vote. The wallet has to access the private key at this moment and it can only do so, if you enter the password.
If you ever forget your spending password, you can simply delete the wallet and reinstall everything with the seed words.
Software wallets are usually attacked with malware:
Theft of Wallet File
The encrypted file can be stolen by a malicious program or by someone, who has access to the computer. In addition, an attacker must receive the spending password.
The password could be logged immediately by the malicious program. A bad password could also be “guessed” by computers if it is either very short or appears in a dictionary. (Bruteforce)
Another attack vector is, to deploy a fake wallet on the victims PC or smartphone. As soon as the user installs the wallet and enters his seed words, the fake wallet sends all ada to an address stored by the attacker.
Such false wallets appear both on the desktop and in the app stores. They copy the look of other wallets and even the name of the developer. Developer names are unique in the store, but a clever choice of characters could for example confuse “ADAtainment” with “ADAtalnment”.
Therefore you should always download wallets and updates from reliable sources and check the downloaded file with a hash afterwards.
Malicious programs that change the clipboard, so-called clipboard hijackers, work like this: they constantly monitor the clipboard and as soon as you copy an address, it is silently and secretly replaced with the attacker’s address. If you don’t check the address again after pasting, you’re out of luck.
“Good” malware programs have a large pool of alternative addresses and select one that is most similar to the replacement address. My tip: after inserting, check at least the first 10 and the last 10 characters of an address.
Web wallets are also software wallets, but I would like to treat them separately here, since you have to visit a website to use them. On the website you can either enter the seed words, load the private key via a file or connect with a hardware wallet.
Great web wallets, such as Ada Lite run almost completely “locally” in the browser and do not transfer critical data such as the private key. The biggest danger is not visiting the right website, but a malicious one. And there are plenty of ways how this could happen:
In order to display the information of a website, the computer must first receive the IP addresses from the readable address entered, such as adatainment.com. This is best imagined as a phone book. The address adatainment.com is the name and the IP address is the number. The computer must look in a phone book (DNS server) which number belongs to the name.
A very special part of this phonebook is the host file on the PC. There you can, for example, configure things to redirect or block pages. If someone with access to the PC or a malicious program manipulates this file, he could enter a different number for any website. As a result, when entering adatainment.com, you actually end up on a page prepared by the attacker. It can be 100% look like the real site but do malicious things.
For the sake of completeness, it should be mentioned here that changing the host file is not the only way to perform a DNS hijack. You could, among other things, also change the DNS server entry, which of course is more complex.
This attack is very easy to carry out. A malicious program or someone with access to the PC changes the website behind the bookmark. If you click on the bookmark, you will be taken to another page. Of course there is also another address in the address bar. Therefore, for such attacks addresses are often used which are very similar to each other, e.g. adatainment.com is replaced with adatalnment.com.
Phishing Mails / Messages
You can also be redirected to a fake website by phishing emails or messages with links to a “fancy new special version”, “very important update” or other tempting things.
The advantage of web wallets is, that you do not need any other software. You may be inclined to use web wallets from other PCs. Don’t. You never know what the security situation of this PC is. Possibly a program that logs everything is intentionally running or perhaps the PC is already unintentionally infected with malware.
Since you often need your private key or the seed words for a web wallet, users may be tempted to save them unencrypted in a text file on the PC. There, they can be stolen quickly.
As with software wallets, malicious programs that change the clipboard would also be a possible attack vector here.
Ada Lite is a good piece of software. Nevertheless, for the reasons mentioned, I would generally advise against web wallets. Simply because they are web pages and you end up on a wrong one way too quickly. If you use them, please only together with a hardware wallet. This way you can be sure that no critical data will be transferred.
Paper wallets, such as those created by Daedalus, are very safe in terms of ”can be hacked“. No one can hack a piece of paper, especially if it’s in a safe or a safe deposit box.
The big disadvantage is, that you can’t use your ada anymore. To your ada you would first have to import the paper wallet into Daedalus or Yoroi. As soon as a paper wallet is imported, it is no longer as secure as before, because the private key is then stored in a computer.
The principle: if you import a paper wallet, then it is no longer a cold wallet. It becomes a hot wallet and you should not use this paper wallet anymore.
Nobody can hack a piece of paper, but they can steal it. The purpose of a paper wallet is, not to store your seed words digitally. That’s why you shouldn’t save a paper wallet as a PDF, photograph it or take a screenshot of it. In some companies, all printouts are archived digitally, you should rather not printing out your paper wallet in the office.
Theft is certainly the number 1 attack vector. This includes photographing or copying the seed words.
Loss / Destruction
They can also be easily lost or destroyed by water and fire.
If you use a malicious program to create a paper wallet because you just searched Google for “Paper Wallet Generator”, you will experience the shock of your life, when you try to import the wallet again. Your ada will be gone. Forever.
By the way: just because you use a paper wallet generator “offline” does not mean that you are on the safe side. A malicious program could generate many seemingly correct addresses. But these are easily calculable by the programmer of the generator. This means that even if you use such a program on a PC, that has never been connected to the Internet before, your ada will be gone. Forever.
Paper wallets are awesome for the long-term storage of large quantities of ada, when you have a way to store them safely.
The nice thing about a hardware wallet is that, unlike a paper wallet, you can use it even though the private key is protected. It’s a bit like a mixture of software wallet and paper wallet.
In a hardware wallet, the private key is stored in a special chip. Through this chip the private key is isolated from the rest of the system and can’t be used directly. Once stored, it can only be used via an interface. This interface has no option to show the private key but you can sign for example transactions with it. This process is shown on the display of the hardware wallet and must be confirmed with a button on it.
You have to think of it as an armoured box with a slot at the top and bottom. At the top you throw in the desired transaction and at the bottom the signed transaction just fells out. Then it is sent to the network. This design makes the private key of a hardware wallet secure even if it is connected to a computer running some sort of malware. As long as the human being cannot be outwitted to confirm a transaction he does not want to make.
As the team of Wallet.Fail shows, hardware wallets are anything but bug-free and the attack vectors can be pretty creative. As with a paper wallet, you first need access to the device itself. It must therefore first be stolen or have already been manipulated in the supply chain / transport route to the customer.
This brings us to the classic attack vector for hardware wallets: the wallet comes already “pre-configured”, sometimes even with a nice package insert with 24 words already occupied for recovery and a small manual. If you use such a “pre-configured” wallet, you will soon be rid of your ada. Therefore these two principles must be observed:
always set up a hardware wallet yourself, making a note of the seed words yourself. After setting up, you should transfer a very small number of ada and test the recovery first.
Unlike a stolen paper wallet, a hardware wallet requires you to enter a pin. If this pin is entered 3 times incorrectly, the hardware wallet will be deleted automatically. Then, it can only be restored with the seed words.
The worst case of course, if through a vulnerability in the system, the private key or the seed words can be extracted from a stolen device. Shown at TREZOR-T at the 35th Chaos Communication Congress (35C3) in December 2018. (If you have some time you should watch the whole video. There are many more attack vectors explained and it is also very entertaining.)
Malicious programs that alter the clipboard would also be possible here. But, since the address is also shown on the display of the hardware wallet, this attack is easier to spot.
One way to attack a hardware wallet is to show the user something different (a different destination address or amount) than is actually sent to the hardware wallet. So the computer has been compromised in some way. This is exactly why hardware wallets have a display and you should always match the amount and the destination address. Only confirm the transaction if everything is fine. A hardware wallet is therefore also safe, if the computer has been compromised, as long as the human can not be outwitted.
Manipulating the display of the hardware wallet is not impossible, but much more complex than, for example, simply changing the clipboard of the computer or the display on the computer screen with a malicious program. The wallet has to be stolen and then put back again. Examples are shown on the website of Wallet.Fail.
Another interesting possibility to attack a hardware wallet appeared in March 2019. The ransom attack is based on the fact that a modified wallet (the PC has to be compromised already) generates a receiving address which belongs to your private key, but was chosen very randomly. To understand this, one has to know that wallets normally generate addresses from the private key via an index that starts at 0 and then increases by one: 0,1,2,3… small gaps like 4,5,15,16… are also possible.
The manipulated wallet chooses a random index in the billion range. The transaction to your address is confirmed normally in the blockchain, but does not appear in your wallet. They still belong to the private key but can only be found with the correct key index because no wallet software can detect or search such a large gap in the key index.
Some manufacturers like Ledger and TREZOR-T have already announced with firmware updates that the attack is “fixed”. But you have to understand that there is no way to fix it. For example, Ledger issues a warning if the key index is outside a very high range (over 50,000). For the attack itself, however, it is sufficient if the key index only jumps by a few thousand. The difference is: if such an attack happens, you can get back to your ada faster with a lower range. (Since one would have to try all possibilities)
Although a long list of attack vectors is listed here, you need direct access to the wallet or to the PC itself for all of them. With other wallets you would have already lost. If you know about the attack vectors, hardware wallets are pretty secure and offer great flexibility.
What speaks against a hardware wallet is, in any case, the price. For example, if you bought ada for 200 dollars, it is not worth spending between 60 and 120 dollars on a hardware wallet.