Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
126 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

SoK: Cryptocurrency Wallets -- A Security Review and Classification based on Authentication Factors (2402.17659v1)

Published 27 Feb 2024 in cs.CR and cs.DC

Abstract: In this work, we review existing cryptocurrency wallet solutions with regard to authentication methods and factors from the user's point of view. In particular, we distinguish between authentication factors that are verified against the blockchain and the ones verified locally (or against a centralized party). With this in mind, we define notions for $k-factor$ authentication against the blockchain and $k-factor$ authentication against the authentication factors. Based on these notions, we propose a classification of authentication schemes. We extend our classification to accommodate the threshold signatures and signing transactions by centralized parties (such as exchanges or co-signing services). Finally, we apply our classification to existing wallet solutions, which we compare based on various security and key-management features.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (80)
  1. J.-P. Buntinx, “Brain wallets are not secure and ‘no one should use them,’ says study,” 2016. [Online]. Available: https://news.bitcoin.com/brain-wallets-not-secure-no-one-use-says-study/
  2. N. Courtois, G. Song, and R. Castellucci, “Speed optimizations in bitcoin key recovery attacks,” Tatra Mountains Mathematical Publications, vol. 67(1), pp. 55–68, 2016.
  3. Binance, “Binance Security Breach Update,” 2019. [Online]. Available: https://binance.zendesk.com/hc/en-us/articles/360028031711-Binance-Security-Breach-Update
  4. CoinDesk, “Crypto Exchange BitMart Hacked With Losses Estimated at $196M,” 2021. [Online]. Available: https://www.coindesk.com/business/2021/12/05/crypto-exchange-bitmart-hacked-with-losses-estimated-at-196-million/
  5. ——, “The aftermath of Axie Infinitys ’$650M Ronin Bridge hack,” 2022. [Online]. Available: https://cointelegraph.com/news/the-aftermath-of-axie-infinity-s-650m-ronin-bridge-hack
  6. ——, “CoinEx hack: Compromised private keys led to $70M theft,” 2023. [Online]. Available: https://cointelegraph.com/news/coinex-compromised-private-keys-behind-70-million-hack
  7. Kraken, “Kraken Identifies Critical Flaw in Trezor Hardware Wallets,” 2019. [Online]. Available: https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-wallets
  8. S. Eskandari, J. Clark, D. Barrera, and E. Stobert, “A first look at the usability of bitcoin key management,” preprint arXiv:1802.04351, 2018.
  9. S. Goldfeder, R. Gennaro, H. Kalodner, J. Bonneau, J. A. Kroll, E. W. Felten, and A. Narayanan, “Securing bitcoin wallets via a new dsa/ecdsa threshold signature scheme,” 2015.
  10. J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “Sok: Research perspectives and challenges for bitcoin and cryptocurrencies,” in S&P.   IEEE, 2015, pp. 104–121.
  11. Y. Erinle, Y. Kethepalli, Y. Feng, and J. Xu, “Sok: Design, vulnerabilities, and security measures of cryptocurrency wallets,” 2023.
  12. S. Houy, P. Schmid, and A. Bartel, “Security aspects of cryptocurrency wallets—a systematic literature review,” ACM Comput. Surv., vol. 56, no. 1, aug 2023. [Online]. Available: https://doi.org/10.1145/3596906
  13. S. Suratkar, M. Shirole, and S. Bhirud, “Cryptocurrency wallet: A review,” in 2020 4th international conference on computer, communication and signal processing (ICCCSP).   IEEE, 2020, pp. 1–7.
  14. K. Karantias, “Sok: A taxonomy of cryptocurrency wallets,” Cryptology ePrint Archive, Paper 2020/868, 2020, https://eprint.iacr.org/2020/868. [Online]. Available: https://eprint.iacr.org/2020/868
  15. “Cryptocurrency-stealing malware landscape,” Dell SecureWorks, 2015. [Online]. Available: http://www.opensource.im/cryptocurrency/cryptocurrency-stealing-malware-landscape-dell-secureworks.php
  16. A. Peyton, “Cyren sounds siren over bitcoin siphon scam,” FinTech Futures, 2017. [Online]. Available: https://www.bankingtech.com/2017/01/cyren-sounds-siren-over-bitcoin-siphon-scam/
  17. Kraken, “Kraken Identifies Critical Flaw in Trezor Hardware Wallets,” 2020. [Online]. Available: https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/
  18. ——, “Inside Kraken Security Labs: Flaw Found in Keepkey Crypto Hardware Wallet,” 2019. [Online]. Available: https://blog.kraken.com/post/3245/flaw-found-in-keepkey-crypto-hardware-wallet/
  19. Donjon Team, “Extracting seed from Ellipal wallet,” 2019. [Online]. Available: https://donjon.ledger.com/Ellipal-Security/
  20. Ledger, “Ledger Nano,” 2018. [Online]. Available: https://www.ledgerwallet.com/products/1-ledger-nano
  21. T. Bui, S. P. Rao, M. Antikainen, V. M. Bojan, and T. Aura, “Man-in-the-machine: exploiting ill-secured communication inside the computer,” in 27th USENIX Security Symposium (USENIX Security 18).   USENIX Association, 2018, pp. 1511–1525.
  22. coinbase, “Coinbase,” 2020. [Online]. Available: https://www.coinbase.com/
  23. Binance.com, “Binance,” 2020. [Online]. Available: https://www.binance.com/
  24. Polo Digital Assets, Ltd., “Poloniex,” 2020. [Online]. Available: https://poloniex.com/
  25. Payward, Inc, “Kraken,” 2020. [Online]. Available: https://www.kraken.com/
  26. Luno, “Luno wallet,” 2019. [Online]. Available: https://www.luno.com/wallet/
  27. Paxful, Inc., “Paxful,” 2020. [Online]. Available: https://paxful.com/wallet
  28. W. Zhao, “Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t),” 2018. [Online]. Available: https://www.coindesk.com/bithumb-exchanges-31-million-hack-know-dont-know/
  29. R. Abrams and N. Popper, “Trading Site Failure Stirs Ire and Hope for Bitcoin,” 2014. [Online]. Available: https://dealbook.nytimes.com/2014/02/25/trading-site-failure-stirs-ire-and-hope-for-bitcoin/
  30. Reuters, “Bitcoin Worth $72M Was Stolen in Bitfinex Exchange Hack in Hong Kong,” 2016. [Online]. Available: http://fortune.com/2016/08/03/bitcoin-stolen-bitfinex-hack-hong-kong/
  31. T. Moore and N. Christin, “Beware the middleman: Empirical analysis of bitcoin-exchange risk,” in International Conference on Financial Cryptography and Data Security.   Springer, 2013, pp. 25–33.
  32. M. Vasek and T. Moore, “There’s no free lunch, even using bitcoin: Tracking the popularity and profits of virtual currency scams,” in Financial Cryptography.   Springer, 2015, pp. 44–61.
  33. Mycelium LTD, “Mycelium wallet,” 2019. [Online]. Available: https://wallet.mycelium.com/
  34. CarbonWallet.com, “Multi Signature Online Cryptocurrency Wallet,” 2019. [Online]. Available: https://carbonwallet.com/
  35. Citowise Developments, “Citowise wallet,” 2019. [Online]. Available: https://citowise.com/wallet
  36. Coinomi Ltd, “Coinomi Wallet,” 2019. [Online]. Available: https://coinomi.com/
  37. Infinity Blockchain Labs Europe, “Infinito wallet,” 2019. [Online]. Available: https://www.infinitowallet.io/
  38. thirdweb, “Embedded Wallet,” 2024. [Online]. Available: https://thirdweb.com/dashboard/wallets/embedded
  39. Beam.eco, “Beam – Amazon Checkout,” 2024. [Online]. Available: https://beam.eco/shop
  40. Mycelium Holding LTD, “Mycelium Entropy,” 2019. [Online]. Available: https://mycelium.com/mycelium-entropy.html
  41. Zengo, “Zengo Wallet Security,” 2024. [Online]. Available: https://zengo.com/security
  42. Armory Technologies, Inc, “Bitcoin Armory,” 2016. [Online]. Available: https://www.bitcoinarmory.com
  43. Electrum Technologies GmbH, “Electrum Bitcoin wallet,” 2019. [Online]. Available: https://electrum.org/
  44. TrustedCoin, LLC, “TrustedCoin cosigning service,” 2019. [Online]. Available: https://trustedcoin.com
  45. Bitpay, “Bitpay Wallet (formerly Copay),” 2024. [Online]. Available: https://github.com/bitpay/wallet
  46. Unchained Capital, “TrezorMultisig2of3,” 2019. [Online]. Available: https://github.com/unchained-capital/ethereum-multisig
  47. P. Technologies, “Parity Wallet,” 2019. [Online]. Available: https://www.parity.io/
  48. ConsenSys, “Gnosis Wallet,” 2019. [Online]. Available: https://github.com/Gnosis/MultiSigWallet
  49. A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp. 612–613, 1979.
  50. Bitcoin Project, “Bitcoin Core,” 2019. [Online]. Available: https://bitcoin.org/en/download
  51. MyEtherWallet, Inc, “MyEtherWallet,” 2019. [Online]. Available: https://www.myetherwallet.com/
  52. Andrew Chow, “Bitcoin Hardware Wallet Interface,” 2024. [Online]. Available: https://github.com/bitcoin-core/HWI
  53. Bitcoin Wallet developers, “Bitcoin Wallet,” 2019. [Online]. Available: https://github.com/bitcoin-wallet/bitcoin-wallet
  54. G. Maxwell, “Deterministic wallets,” 2011. [Online]. Available: https://bitcointalk.org/index.php?topic=19137
  55. Pieter Wuille, “BIP 0032 – Hierarchical deterministic wallets,” 2012. [Online]. Available: https://en.bitcoin.it/wiki/BIP_0032
  56. MetaMask team, “MetaMask,” 2019. [Online]. Available: https://metamask.io/
  57. Daedalus Team, “Daedalus Wallet,” 2019. [Online]. Available: https://daedaluswallet.io/
  58. M. Vasek, J. Bonneau, R. Castellucci, C. Keith, and T. Moore, “The bitcoin brain drain: Examining the use and abuse of bitcoin brain wallets,” in Financial Cryptography and Data Security: 20th International Conference, FC 2016, Christ Church, Barbados, February 22–26, 2016, Revised Selected Papers 20.   Springer, 2017, pp. 609–618.
  59. Trezor, “Trezor,” 2019. [Online]. Available: https://trezor.io/
  60. Ledger, “Ledger Nano S,” 2019. [Online]. Available: https://www.ledger.com/products/ledger-nano-s
  61. KeepKey, “The Simple Cryptocurrency Hardware Wallet,” 2019. [Online]. Available: https://www.keepkey.com/
  62. BitLox, “BitLox wallet,” 2019. [Online]. Available: https://www.bitlox.com
  63. ELLIPAL, “ELLIPAL Hardware Wallet 2.0,” 2019. [Online]. Available: https://www.ellipal.com/
  64. CoolBitX, “The CoolWallet S,” 2019. [Online]. Available: https://coolwallet.io/
  65. SHIFT Cryptosecurity, “BitBox hardware wallet,” 2019. [Online]. Available: https://shiftcrypto.ch/
  66. P. MacKenzie and M. Reiter, “Two-party Generation of DSA Signatures,” in Annual International Cryptology Conference.   Springer, 2001, pp. 137–154.
  67. R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, “Secure distributed key generation for discrete-log based cryptosystems,” Journal of Cryptology, vol. 20, no. 1, pp. 51–83, 2007.
  68. G. R. Blakley et al., “Safeguarding cryptographic keys,” in Proceedings of the national computer conference, vol. 48, 1979, pp. 313–317.
  69. Parity Technologies, “The Multi-sig Hack: A Postmortem,” 2017. [Online]. Available: https://paritytech.io/the-multi-sig-hack-a-postmortem/
  70. ——, “A Postmortem on the Parity Multi-Sig Library Self-Destruct,” 2017. [Online]. Available: https://paritytech.io/a-postmortem-on-the-parity-multi-sig-library-self-destruct/
  71. Argent wallet, “Argent wallet,” 2024. [Online]. Available: https://www.argent.xyz/
  72. I. Homoliak, D. Breitenbacher, O. Hujnak, P. Hartel, A. Binder, and P. Szalachowski, “Smartotps: An air-gapped 2-factor authentication for smart-contract wallets,” in Proceedings of the 2nd ACM Conference on Advances in Financial Technologies, 2020, pp. 145–162.
  73. L. OKX, “Okx wallet,” 2017. [Online]. Available: https://www.okx.com/web3
  74. I. iFinex, “Bitfinex wallet,” 2013. [Online]. Available: https://www.bitfinex.com
  75. Bitcoin.com, “Bitcoin (BTC) Wallet,” 2024. [Online]. Available: https://wallet.bitcoin.com/bitcoin/
  76. Blockchain Luxembourg S.A., “Blockchain DeFi Wallet,” 2024. [Online]. Available: https://www.blockchain.com/en/wallet#keys
  77. Harmony, “Bitfinex wallet,” 2024. [Online]. Available: https://docs.harmony.one/home/general/ecosystem/wallets/1wallet
  78. M. Jones and D. Hardt, “The OAuth 2.0 Authorization Framework: Bearer Token Usage,” Internet Requests for Comments, RFC Editor, RFC 6750, October 2012. [Online]. Available: https://www.rfc-editor.org/rfc/rfc6750.html
  79. CoinJurnal, “Beam wallet brings Amazon and Shopify purchases to users,” 2024. [Online]. Available: https://coinjournal.net/news/beam-wallet-brings-amazon-and-shopify-purchases-to-users/
  80. M. Amy, O. Di Matteo, V. Gheorghiu, M. Mosca, A. Parent, and J. Schanck, “Estimating the cost of generic quantum pre-image attacks on sha-2 and sha-3,” in International Conference on Selected Areas in Cryptography.   Springer, 2016, pp. 317–337.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now