Conference Paper

The Bitcoin Brain Drain: Examining the Use and Abuse of Bitcoin Brain Wallets

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In the cryptocurrency Bitcoin, users can deterministically derive the private keys used for transmitting money from a password. Such “brain wallets” are appealing because they free users from storing their private keys on untrusted computers. Unfortunately, they also enable attackers to conduct unlimited offline password guessing. In this paper, we report on the first large-scale measurement of the use of brain wallets in Bitcoin. Using a wide range of word lists, we evaluated around 300 billion passwords. Surprisingly, after excluding activities by researchers, we identified just 884 brain wallets worth around $100K in use from September 2011 to August 2015. We find that all but 21 wallets were drained, usually within 24 h but often within minutes. We find that around a dozen “drainers” are competing to liquidate brain wallets as soon as they are funded. We find no evidence that users of brain wallets loaded with more bitcoin select stronger passwords, but we do find that brain wallets with weaker passwords are cracked more quickly.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... However, they still needed to identify addresses in use for each guess. Vasek et al. (2016) describe how they use an optimised secp256k1 library from Bitcoin core to calculate the associated invoice address. Then having downloaded the entire Blockchain extracted all the invoice addresses using the znort987 block passer and loaded them into a sorted bloom filter, they were able to quickly identify addresses that may have been used. ...
... API for all the details and current balance. This work is very relevant to this paper, and the approach taken by Vasek et al. (2016) has some advantages with one disadvantage. The advantages are that each address lookup in the bloom filter is very quick. ...
... The full Blockchain data is not used. Instead, an optimised database of just address hashes can be compiled ahead of time in a similar manner to Vasek et al. (2016). This reduces the size of the data and the search times. ...
Article
Full-text available
Organised crime and cybercriminals use Bitcoin, a popular cryptocurrency, to launder money and move it across borders with impunity. The UK and other countries have legislation to recover the proceeds of crime from criminals. Recent UK case law has recognised cryptocurrency assets as property that can be seized and realised under the Proceeds of Crime Act (POCA). To seize a cryptocurrency asset generally requires access to the private key. Anecdotal evidence suggests that if cryptocurrency is not seized quickly after enforcement action has taken place, it will be transferred to other wallets making it difficult to seize at a future time. We investigate how Bitcoin could be seized from an Electrum or Ledger hardware wallet, during a law enforcement search, using live forensic techniques and a dictionary attack. We conduct a literature review examining the state-of-the-art in Bitcoin application forensics and Bitcoin wallet attacks. Concluding, that there is a gap in research on Bitcoin wallet security and that a significant proportion of the available literature comes from a small group of academics working with industry and law enforcement (Volety et al. 2019; Van Der Horst et al., 2017; Zollner et al., 2019). We then forensically examine the Electrum software wallet and the Ledger Nano S hardware wallet, to establish what artefacts can be recovered to assist in the recovery of Bitcoin from the wallets. Our main contribution is a proposed framework for Bitcoin forensic triage, a collection tool to recover Bitcoin artefacts and identifiers, and two proof of concept dictionary-attack tools written in Python and OpenCL. We then evaluate these tools to establish if an attack is practicable using a low-cost cluster of public cloud-based Graphics Processing Unit (GPU) instances. During our investigation, we find a weakness in Electrum's storage of encrypted private keys in RAM. We leverage this to make around 2.4 trillion password guesses. We also demonstrate that we can conduct 16.6 billion guesses against a password protected Ledger seed phrase.
... In 2015, a white hat hacker published the implementation of the brain wallet attack. The results of this attack were later published in 2016 [164]. We believe that such an attack can be made faster to make brain wallets much more vulnerable. ...
... We did not pay attention to analysing the cracked brain wallets. We refer the reader to read Vasek's paper [164] for a detailed measurement of cracked brain wallets results. In this section we only give a brief summary of our results and discuss some interesting points which are not covered by Vasek's research. ...
... The idea behind Bitcoin brain wallets is elegant: remembering a password or passphrase is surely easier than a private key. Our work and also Vasek's work [164] have made a clear point that it is an extremely insecure way to store bitcoin. There exist lots of other methods to keep bitcoin more secure. ...
Conference Paper
In this thesis we study two major topics in cryptanalysis and optimization: software algebraic cryptanalysis and elliptic curve optimizations in cryptanalysis. The idea of algebraic cryptanalysis is to model a cipher by a Multivariate Quadratic (MQ) equation system. Solving MQ is an NP-hard problem. However, NP-hard problems have a point of phase transition where the problems become easy to solve. This thesis explores different optimizations to make solving algebraic cryptanalysis problems easier. We first worked on guessing a well-chosen number of key bits, a specific optimization problem leading to guess-then-solve attacks on GOST cipher. In addition to attacks, we propose two new security metrics of contradiction immunity and SAT immunity applicable to any cipher. These optimizations play a pivotal role in recent highly competitive results on full GOST. This and another cipher Simon, which we cryptanalyzed were submitted to ISO to become a global encryption standard which is the reason why we study the security of these ciphers in a lot of detail. Another optimization direction is to use well-selected data in conjunction with Plaintext/Ciphertext pairs following a truncated differential property. These allow to supplement an algebraic attack with extra equations and reduce solving time. This was a key innovation in our algebraic cryptanalysis work on NSA block cipher Simon and we could break up to 10 rounds of Simon64/128. The second major direction in our work is to inspect, analyse and predict the behaviour of ElimLin attack the complexity of which is very poorly understood, at a level of detail never seen before. Our aim is to extrapolate and discover the limits of such attacks, and go beyond with several types of concrete improvement. Finally, we have studied some optimization problems in elliptic curves which also deal with polynomial arithmetic over finite fields. We have studied existing implementations of the secp256k1 elliptic curve which is used in many popular cryptocurrency systems such as Bitcoin and we introduce an optimized attack on Bitcoin brain wallets and improved the state of art attack by 2.5 times.
... During the period of test, over 884 brain wallets were compromised containing over 100K$ worth of bitcoin. The general conclusion given by the researchers is that weaker password choices were the main reason behind the successfulness of the attack [17]. In 2017, Gentilal designed and implemented Trust zone hardware wallet to provide more security and trust environment to store the private keys. ...
... To further understand the obtain results, Figure (3) up, shows the five sequence options of BIP39 represented in Colum of n-word (12, 15, 18, 21, and 24). The maximum byte size of the 24-word of the MS English is located through the period of the minimum of (15)(16)(17)(18) words of the MS Arabic. In other word, the BIP39 needs to generate at least 40-words of the MS English to reach the maximum of the 24-words of the MS Arabic. ...
Conference Paper
Full-text available
Bitcoin cryptocurrency is a peer-to-peer electronic cash system. It is largely used for financial transactions on the Internet. Bitcoin has gained popularity due to its anonymity, privacy, and comparatively low transaction cost. Nevertheless, the use of Bitcoin as an emerging technology comes with challenges and various types of threats are associated with its use. However, Bitcoin wallet security is one of the salient challenges. In a Bitcoin wallet, the user's funds are protected by Elliptic Curve Digital Signature Algorithm (ECDSA) private keys. The wallet generates these keys from a secure master seed of 512 random bits.Thus, as a result, the Bitcoin wallet became a desirable target for attacks such as dictionary attacks. To avoid such attacks, the master seeds must be sufficiently long and have a very high level of entropy in which several currently used the Bitcoin wallet's lack. In this paper, our aim is to enhance the security of the master seed of the Brain wallet achieving through the introduction of additional entropy source, a Unicode model with no fixed ASCII code. Finally, the findings of this paper prove that the proposed encoding model ensured the resistance of the secure master seed generations against the dictionary attack. Keywords: Bitcoin wallet, Dictionary attack, ECDSA, Entropy, Unicode.
... A recent work by Volety et al. [193] analyzed the security of two Bitcoin wallet software applications, suggesting the possibility of obtaining access to Multibit HD and Electrum wallets through an offline brute-force password attempt. In a similar direction, Vasek et al. [194] conducted a large-scale measurement study to analyze the usage of brain wallets in Bitcoin. The brain wallets have a usability benefit for Bitcoin users, freeing them from storing their private keys on untrusted hardware. ...
... However, these brain wallets can be drained by adversaries by brute-force attacks. The study by Vasek et al. [194] showed that among 881 brain wallets, all but 21 were drained, indicating a high risk potential. ...
Article
Full-text available
In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51% attack, DNS attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities.
... • Ponzi schemes (Vasek & Moore, 2015;Esoimeme, 2018;Bartoletti, Pes, & Serusi, 2018;Zhang, Kang, Dai, Chen, & Zhu, 2021;Wang, Cheng, Zheng, Yang, & Zhu, 2021); • money laundering (Levin, O'Brien, & Zuberi, 2015;Rivera, 2019;Hendrickson & Luther, 2022;Bartoletti et al., 2018;Barth, Herath, & Xu, 2020;Broadhead, 2018;van Wegberg, Oerlemans, & van Deventer, 2018;Dupuis & Gleason, 2021;; • mining botnets (Huang et al., 2014;Konoth et al., 2018) and the theft of "brainwallets" (Vasek, Bonneau, Castellucci, Keith, & Moore, 2016). ...
Article
Full-text available
PURPOSE: The main purpose of this paper was to identify the current scope of research on cryptocurrencies as a subject of fraud. Detailed research questions related to the determination of contemporary trends of the conducted research and the definition of potential opportunities for further investigation of this topic. One of the questions also concerned identifying the most common crimes committed using cryptocurrencies. METHODOLOGY: The study is based on a systematic literature review (SLR) of 57 publications available on the Scopus database. A bibliometric and descriptive analysis of selected literature items was carried out. Then, vital thematic clusters were separated, and an in-depth content analysis was performed. FINDINGS: The detailed bibliometric and descriptive analysis showed that cryptocurrencies as a subject of financial fraud are generally a new area of scientific research, although it is developing quite intensively. The relatively small number of publications, compared to other similar areas, also indicates that this topic has not yet been explored widely by scientists, and many different research trends can be created in it. Ultimately, the following key research areas were identified: types of cryptocurrency fraud, crime detection methods, risks related to blockchain technology, money laundering, and legal regulations regarding cryptocurrencies. It was also possible to identify that money laundering is currently the most common fraud. However, it has been pointed out that the second most frequent fraud is financial pyramids based on the Ponzi scheme. IMPLICATIONS: The paper clearly presents the main research trends on using cryptocurrencies in criminal activities. At the same time, it was emphasized that, compared to other research areas, this topic is relatively new. Therefore, there is a wide possibility of exploring not only existing but also undiscovered research trends. In addition, key types of fraud in economic practice have been identified, which is particularly important for financial market participants. It was clearly indicated which transactions bear the highest risk. It is also worth paying attention to the critical timeliness of the topic, as the scale of crimes involving cryptocurrencies has recently This is an open access paper under the CC BY license (https://creativecommons.org/licenses/by/4.0/legalcode). 46 Financial Ecologies Framed by Fintech Marta Gancarczyk, Małgorzata Kutera, Óscar Rodil-Marzábal (Eds.) / Cryptocurrencies as a subject of financial fraud been growing rapidly. The study confirms the insufficient scope of legal regulations, which are not able to strengthen the security of economic transactions adequately. Therefore, it can be a clear indication for the governments of individual countries or international institutions for further efficient changes to the law. ORIGINALITY AND VALUE: The contribution of this study is threefold. It is one of the first research papers showing the results of a systematic literature review (SLR) combined with a bibliographic and in-depth analysis of the content of publications in this field. During the work, the VOSviewer software was also used, which enabled objective identification of the main thematic clusters based on the occurrences and link strength of keywords included in the publications. Secondly, the key types of fraud have been identified that, at the same time, cause the most significant financial loss. This allowed for the establishing of directions for further research, which have profound practical implications for market participants. Some of them relate to the need to develop and implement modern computer applications, allowing for the detection of a wider range of emerging abuses.
... On the one hand, the advocates of blockchain technology focus on its disruptive potential to revolutionize interactions, foster privacy and strengthen democracy (Ayed, 2017;Koletsi, 2019). On the other hand, a significant body of work takes a critical view on blockchain technology emphasizing its social and political dangers (Golumbia, 2015;Atzori, 2015), as well as the complex set of drawbacks in terms of "security issues" it brings with it (Xu, 2016;Boireau, 2018;Vasek et al.). Within this stream of literature, "security threats" are ...
Conference Paper
Full-text available
... However, since the password approach is fundamentally not secure, the security level is downgraded. For example, by password scanning, M. Vasek et al. [48] identified 884 active bitcoin accounts worth around $100K in 2015. ...
Preprint
Full-text available
In this paper, we propose a very secure and reliable owner-self-managed private key recovery method. In recent years, Public Key Authentication (PKA) method has been identified as the most feasible online security solution. However, losing the private key also implies the risk of losing the ownership of the assets associated with the private key. For key protection, the commonly adopted something-you-x solutions require a new secret to protect the target secret and fall into a circular protection issue as the new secret has to be protected too. To resolve the circular protection issue and provide a truly secure and reliable solution, we propose separating the permission and possession of the private key. Then we create secret shares of the permission using the open public keys of selected trustees while having the owner possess the permission-encrypted private key. Then by applying the social authentication method, one may easily retrieve the permission to recover the private key. Our analysis shows that our proposed indirect-permission method is six orders of magnitude more secure and reliable than
... The Nakamoto paper laid out the schema of digital currencies strictly as a Peer-to-Peer (P2P) electronic payment system and a solution of a double spending problem. The P2P network is 1 See, for instance, Möser et al. (2013), Christin (2013), Huang et al. (2014), Bonneau et al. (2015), Böhme et al. (2015), Vasek and Moore (2015), Feder et al. (2016) and Vasek et al. (2016). 2 There are growing concerns of cryptocurrencies being stolen. ...
Article
Our objective in this paper is to explore the impact of 21 terrorist attacks on the risk and return of cryptocurrencies. This is motivated by the rapid increase in Bitcoin and other cryptocurrency prices in conjunction with uncertainty about cryptocurrency fundamental value and how this value is determined. Using daily cryptocurrency returns and the event study methodology, we estimate cryptocurrency abnormal returns around terrorist activities. Asset pricing models are fitted with interaction variables to identify the impact of individual attacks. ARCH models are used to determine changes in systematic risk. Our findings indicate that terrorist attacks positively contribute to the returns of cryptocurrencies whilst the attacks also result in short-term risk-shifting behavior for different cryptocurrencies.
... For example, our experts perceived crimes like ransomware and fake crypto wallets as profitable. Prior academic research has shown that ransomware, in particular, was not particularly so (Conti et al., 2018;Vasek et al., 2017). However, the applicability of this academic work might be limited by its age, as more recent, private sector sources have suggested ransomware has been increasing in recent years and that it has the potential to be very profitable and harmful (Chainalysis, 2021; CipherTrace, 2020). ...
Article
Full-text available
Background Cryptocurrency fraud has become a growing global concern, with various governments reporting an increase in the frequency of and losses from cryptocurrency scams. Despite increasing fraudulent activity involving cryptocurrencies, research on the potential of cryptocurrencies for fraud has not been examined in a systematic study. This review examines the current state of knowledge about what kinds of cryptocurrency fraud currently exist, or are expected to exist in the future, and provides comprehensive definitions of the frauds identified. Methods The study involved a scoping review of academic research and grey literature on cryptocurrency fraud and a 1.5-day expert consensus exercise. The review followed the PRISMA-ScR protocol, with eligibility criteria based on language, publication type, relevance to cryptocurrency fraud, and evidence provided. Researchers screened 391 academic records, 106 of which went on to the eligibility phase, and 63 of which were ultimately analysed. We screened 394 grey literature sources, 128 of which passed on to the eligibility phase, and 53 of which were included in our review. The expert consensus exercise was attended by high-profile participants from the private sector, government, and academia. It involved problem planning and analysis activities and discussion about the future of cryptocurrency crime. Results The academic literature identified 29 different types of cryptocurrency fraud; the grey literature discussed 32 types, 14 of which were not identified in the academic literature (i.e., 47 unique types in total). Ponzi schemes and (synonymous) high yield investment programmes were most discussed across all literature. Participants in the expert consensus exercise ranked pump-and-dump schemes and ransomware as the most profitable and feasible threats, though pump-and-dumps were, notably, perceived as the least harmful type of fraud. Conclusions The findings of this scoping review suggest cryptocurrency fraud research is rapidly developing in volume and breadth, though we remain at an early stage of thinking about future problems and scenarios involving cryptocurrencies. The findings of this work emphasise the need for better collaboration across sectors and consensus on definitions surrounding cryptocurrency fraud to address the problems identified.
... The KDF of an HD wallet uses a cryptographically secure hash function H (·) which maps an index i and a public key Q ∈ E(K) to an element of K. The index is the number 6 Deriving a key from a password is not recommended [22]. ...
Chapter
Full-text available
Paper documents are still very common for all types of records of personal achievements, ID cards and many other types documents issued to an individual or a company. These paper documents, however, often come at the cost of expensive printing and issuing, loss of data or malicious counterfeits. The origin and integrity is often hard or even impossible to be verified. Digital signatures solve some of these issues, however, this still requires centralized trusted infrastructures and still does not allow for easy verification or recovery of lost documents. Furthermore, attribute-based authentication is not possible with traditional signature schemes. In this paper, we present a decentralized platform for signing and verifying digital documents that is based on the previously presented SPROOF platform and additionally supports attribute-based authentication. This platform allows for issuing, managing and verifying digital documents in a public blockchain. In the proposed approach, all data needed for verification of documents and issuers is stored decentralized, transparent, and integrity protected. The platform is permissionless and thus no access restrictions apply. Rather, following principles of the Web of Trust, issuers can confirm each other in a decentralized way. Additionally, scalability and privacy issues are taken into consideration.
... Os riscos de mercado relacionados a volatilidade de preços e risco cambial (Brezo & Bringas, 2012;Bohr & Bashir, 2014;Glaser et al., 2014;Van Alstyne, 2014;Gao et al., 2015;Grant & Hogan, 2015), o risco da contrapartida decorrente de violações de segurança ou mau funcionamento das trocas subjacentes (Meiklejohn et al., 2013, Moore & Christin, 2013Bohr & Bashir, 2014;Van Alstyne, 2014;Grant & Hogan, 2015), o risco de transação segregado como irreversibilidade das transações (Beer & Weber, 2014;Meiklejohn et al., 2013) ou possível cancelamento de uma transação subjacente confirmada (Eyal & Sirer, 2014;Sapirshtein et al., 2016), ou possível lista negra de criptomoedas de origem duvidosa (Möser et al., 2013;Möser, et al., 2014). Também o risco operacional decorrente de falhas ou incidentes de segurança como senhas esquecidas ou roubadas (Brezo & Bringas, 2012;Gao, et al., 2015;Grant & Hogan, 2015;Vasek et al., 2016) ou vulnerabilidades potenciais no design do protocolo (Karame et al., 2012;Eyal & Sirer, 2014), risco de privacidade vinculando endereços de criptomoedas a titulares reais (Brezo & Bringas, 2012;Androulaki, et al., 2013;Meiklejohn, et al., 2013;Reid & Harrigan, 2013;Ron & Shamir, 2013) e por fim o risco legal e regulatório incerto da continuidade de uso das criptomoedas (Grinberg 2011;Reid & Harrigan, 2013;Bohr & Bashir, 2014;Grant & Hogan, 2015). ...
Article
Full-text available
A criptomoeda mais conhecida é o Bitcoin. Ela tem se popularizado rapidamente no Brasil e no mundo. Atualmente, o Bitcoin supera no Brasil o dobro de usuários em relação ao investimento no mercado de ações. Nos últimos anos, muitas novas criptomoedas foram desenvolvidas, como Ethereum, Litecoin, Ripple, VeChain, Neo, Lisk, Binance, Monero, entre outras. Todas elas empregam a tecnologia blockchain. Esta pesquisa tem por objetivo analisar os benefícios e riscos percebidos pelos usuários como determinantes do uso de criptomoedas no Brasil. As perspectivas de avanço no emprego da tecnologia blockchain são muito grandes. O artigo emprega como fundo teórico o Modelo de Aceitação de Tecnologia (MAT), fortemente inspirado na modelagem estatística de Abramova e Bohme (2016), com a inclusão de construtos teóricos: Benefício Percebido (BP), Facilidade de Uso Percebida (FP), Risco Percebido (RP). Estes construtos visam explicar o construto endógeno Possibilidade e Comportamento de Uso (UC) e significativos determinantes, com uso do método estatístico multivariado de modelagem de Equações Estruturai,. Os resultados demonstram que o benefício percebido pelo indivíduo é o principal fator que influencia positivamente os usuários de criptomoedas. Além disso, os riscos percebidos pelos indivíduos não foram significativos para os resultados, divergente ao esperado, a partir dos determinantes perdas financeiras, risco legal e risco operacional.
... brain wallet [22]. Preto je jednou z našich teórií riešenia daného problému kombinácia viacerých generátorov, t.j. ...
Thesis
Full-text available
Zámerom práce je na základe analýzy existujúcich prístupov k obchodovaniu na trhu a k správe kryptomien navrhnúť a implementovať burzu sprostredkujúcu obchodovanie s kryptomenami. Zvolenými rozhraniami sú Android klient s dôrazom na UX a ním využívané API, ktoré je pre používateľov dostupné aj priamo. Server pozostáva z mikroslužieb a je navrhnutý trojvrstvovou architektúrou s dôrazom na škálovateľnosť, k čomu využíva návrhové vzory cloudových výpočtov. Konvergenčná služba zakrýva komplexitu systému, overuje používateľa a sprostredkuje API. Inštancie služby peňaženky kryptomien používateľom generujú peňaženky, sprostredkujú detekciu vkladu a zabezpečujú výber. Obchodovacia služba spracováva ponuky na trhu a spravuje dostupné financie. Služba pohľadov na základe databázy generovanej z prúdu udalostí sprístupňuje dopyty použitím vzoru CQRS. Implementáciu overujeme z pohľadu funkčnosti, škálovateľnosti, dostupnosti hrozieb, akceptácie používateľského rozhrania a možnosti ďalšieho využitia. Projekt je dostupný ako otvorený softvér pod Apache licenciou verzie 2 s cieľom rozšíriteľnosti a ako referenčné riešenie pre vývoj podobného softvéru.
... Although there exists no formal proof, the ECDLP is commonly assumed to be hard to invert if the underlying elliptic curve is properly chosen (Johnson et al., 2001). 5 Deriving a key from a password is not recommended (Vasek et al., 2016). ...
... Private keys can exist in many forms, and it is these plenty of modes that cause the jurisdictional problems. For example, it is possible for an individual to produce a private key originated from a password that he/she can keep solely in his/her head which is called 'brain wallet' (Vasek et al. 2017). He/she can transfer his/her Bitcoins by merely expressing to the transferee the password, which would then give the transferee admission to the Bitcoin wallet (Raskin 2015, 998). ...
Article
Bitcoin is the most prominent cryptocurrency that is frequently debated nowadays, basically defined as decentralised ‘currency’, ‘payment system’ and ‘investment tool’ which is an opportunity offered by today's digital age. In this article, we aim to fulfil the analysis of the legal basis of the matter from both technical and legal point of view. Despite there are many legal issues related to Bitcoin, we will particularly draw attention to some of the fundamental legal problems caused by the anonymity feature of the Bitcoin. Among these problems that may arise, only the disputes that may fall within the scope of the cases relating to debt and asset which have an impact on enforcement law will be examined. We will discuss the anonymity feature, considering the possibility of accessing an anonymous Bitcoin wallet. The article examines the situation where a debtor or one of the parties in a lawsuit may conceal their assets unfairly via Bitcoin (with the anonymity feature) in civil disputes relating to debt and assets. Has Bitcoin turned into a tool that malevolent debtors can hide their wealth while at the same time, a secret place where they can invest their money? In this study, we will offer solutions on overcoming the anonymity feature in practice and how to reveal and reach the wealth that are stored via Bitcoin wallet. Likewise, it will be underlined what malevolent debtors or parties in a lawsuit who want to obscure their wealth via Bitcoin wallet can do to strengthen their anonymity. Finally, we provide a specific and practical guideline for judges and especially creditor's lawyers in order to reduce the potential adverse situation that Bitcoin's anonymity feature can cause.
... Vasek et al. [14] recently analyzed the security of the brain wallet. The analysis results show that more than 800 brain wallets were using weak passwords and were worth more than $ 100K. ...
Article
Full-text available
Effective cryptocurrency key management has become an urgent requirement for modern cryptocurrency. Although a large body of cryptocurrency wallet management schemes have been proposed, they are mostly constructed for specific application scenarios and often suffer from weak security. In this paper, we propose a more effective, usable, and secure cryptocurrency wallet management system based on semi-trusted social networks, therein allowing users to collaborate with involved parties to achieve some powerful functions and recovery under certain circumstances. Furthermore, we employ an identity-based hierarchical key-insulated encryption scheme to achieve time-sharing authorization and present a semi-trusted portable social-network-based wallet management scheme that provides the features of security-enhanced storage, portable login on different devices, no-password authentication, flexible key delegation, etc. The performance analysis shows that our proposed schemes require minimal additional overhead and have low time delays, making them sufficiently efficient for real-world deployment.
Chapter
Today, cryptocurrencies are rapidly gaining popularity and sweeping all the economies of the world, but the bulk of the literature is devoted to a few cryptocurrencies only. The purpose of this chapter is to analyze of the cryptocurrency market. More than 2000 cryptocurrencies are examined, and a set of 70 cryptocurrencies were recovered for a sample spanning 2015-2018. The degree of relationship between the variables was then investigated. The PCA was performed. This analysis allows the initial variables to be replaced by five factors that retain almost all of the information (91.028% of the total information) and have the advantage of being uncorrelated. Therefore, the authors have concluded that the first factor corresponds to the cci30 index used by the crypto funds while the rest of the factors can be distinguished according to some variants.
Chapter
An attacker who breaks into an authentication server and steals all of the cryptographic password hashes is able to mount an offline-brute force attack against each user’s password. Offline brute-force attacks against passwords are increasingly commonplace and the danger is amplified by the well documented human tendency to select low-entropy password and/or reuse these passwords across multiple accounts. Moderately hard password hashing functions are often deployed to help protect passwords against offline attacks by increasing the attacker’s guessing cost. However, there is a limit to how “hard” one can make the password hash function as authentication servers are resource constrained and must avoid introducing substantial authentication delay. Observing that there is a wide gap in the strength of passwords selected by different users we introduce DAHash (Distribution Aware Password Hashing) a novel mechanism which reduces the number of passwords that an attacker will crack. Our key insight is that a resource-constrained authentication server can dynamically tune the hardness parameters of a password hash function based on the (estimated) strength of the user’s password. We introduce a Stackelberg game to model the interaction between a defender (authentication server) and an offline attacker. Our model allows the defender to optimize the parameters of DAHash e.g., specify how much effort is spent in hashing weak/moderate/high strength passwords. We use several large scale password frequency datasets to empirically evaluate the effectiveness of our differentiated cost password hashing mechanism. We find that the defender who uses our mechanism can reduce the fraction of passwords that would be cracked by a rational offline attacker by up to 15%.
Article
Full-text available
Blockchain technology enables users to verify, preserve, and synchronize the contents of a data sheet (a transaction ledger) replicated by multiple users. Blockchain technology has provided considerable advantages and incentives to industries in terms of enabling better services. This review aims to explore the benefits, challenges and functionalities that affect blockchain applications in different sectors. This article is constructed as a systematic literature review study. From 1976 articles, 168 final articles were selected and classified into three main dimensions, that is, benefits, challenges, and functionalities, in four different sectors: government, financial, manufacturing, and healthcare. The results were extracted and compared based on factors in three dimensions, which were categorized as benefits (informational, technological, economic, organizational, and strategic), challenges (technological, organizational, adoption, operational, and environmental and sustainability), and functionalities (point-to-point transmission, data ownership, data protection, and transaction processing). The results of this review study aim to support professionals, practitioners, and stakeholders who wish to implement and manage transformation projects related to blockchain in their sectors. Moreover, helping these possible blockchain users to understand the implied factors associated with blockchain would be beneficial for the decision-making processes of their organizations.
Article
New empirical evidence on cryptocurrencies emerges rapidly creating the necessity to consolidate the gained knowledge and identify the gaps therein. We provide a focused, systematic literature analysis of objective and perceived risks about investing into cryptocurrencies, using 50 papers from both academic and practice-oriented literature. As an additional contribution we identify three important and promising research avenues, which we advertise to be put into further research focus: (i) Subjective perception of risks, (ii) adoption of cryptocurrencies implementing innovation research and (iii) non-standard financial risks.
Chapter
Bitcoin, being the most successful cryptocurrency, has been repeatedly attacked with many users losing their funds. The industry’s response to securing the user’s assets is to offer tamper-resistant hardware wallets. Although such wallets are considered to be the most secure means for managing an account, no formal attempt has been previously done to identify, model and formally verify their properties. This paper provides the first formal model of the Bitcoin hardware wallet operations. We identify the properties and security parameters of a Bitcoin wallet and formally define them in the Universal Composition (UC) Framework. We present a modular treatment of a hardware wallet ecosystem, by realizing the wallet functionality in a hybrid setting defined by a set of protocols. This approach allows us to capture in detail the wallet’s components, their interaction and the potential threats. We deduce the wallet’s security by proving that it is secure under common cryptographic assumptions, provided that there is no deviation in the protocol execution. Finally, we define the attacks that are successful under a protocol deviation, and analyze the security of commercially available wallets.
Chapter
Interest in cryptocurrencies has skyrocketed since their introduction a decade ago, with hundreds of billions of dollars now invested across a landscape of thousands of different cryptocurrencies. While there is significant diversity, there is also a significant number of scams as people seek to exploit the current popularity. In this paper, we seek to identify the extent of innovation in the cryptocurrency landscape using the open-source repositories associated with each one. Among other findings, we observe that while many cryptocurrencies are largely unchanged copies of Bitcoin, the use of Ethereum as a platform has enabled the deployment of cryptocurrencies with more diverse functionalities.
Chapter
We study key leakage in the context of cryptocurrencies. First, we consider the problem of explicit key leakage occurring on open-source intelligence platforms. To do this, we monitor the Pastebin feed from Sep 2017–Mar 2018 to find exposed secret Bitcoin keys, revealing that attackers could have stolen 22.40 BTC worth roughly $178,000 given current exchange rates. Then, we focus on implicit key leakage by exploiting the wrong usage of cryptographic primitives and scan Bitcoin’s blockchain for ECDSA nonce reuse. We systematically outline how an attacker can use duplicate r values to leak nonces and secret keys, which goes beyond the simple case where the same nonce and the same key have been used in conjunction more than once. Our results show that ECDSA nonce reuse has been a recurring problem in the Bitcoin ecosystem and has already been exploited by attackers. In fact, an attacker could have exploited nonce reuse to steal 412.80 BTC worth roughly $3.3 million.
Article
To its proponents, the cryptocurrency Bitcoin offers the potential to disrupt payment systems and traditional currencies. It has also been subject to security breaches and wild price fluctuations. This paper identifies and analyzes the impact of suspicious trading activity on the Mt. Gox Bitcoin currency exchange, in which approximately 600,000 bitcoins (BTC) valued at $188 million were fraudulently acquired. During both periods, the USD-BTC exchange rate rose by an average of four percent on days when suspicious trades took place, compared to a slight decline on days without suspicious activity. Based on rigorous analysis with extensive robustness checks, the paper demonstrates that the suspicious trading activity likely caused the unprecedented spike in the USD-BTC exchange rate in late 2013, when the rate jumped from around $150 to more than $1,000 in two months.
Article
Full-text available
In this paper, we study and give the first detailed benchmarks on existing implementations of the secp256k1 elliptic curve used by at least hundreds of thousands of users in Bitcoin and other cryptocurrencies. Our implementation improves the state of the art by a factor of 2.5 with a focus on the cases, where side channel attacks are not a concern and a large quantity of RAM is available. As a result, we are able to scan the Bitcoin blockchain for weak keys faster than any previous implementation. We also give some examples of passwords which we have cracked, showing that brain wallets are not secure in practice even for quite complex passwords.
Conference Paper
Full-text available
We perform a comprehensive measurement analysis of Silk Road, an anonymous, international online marketplace that operates as a Tor hidden service and uses Bitcoin as its exchange currency. We gather and analyze data over eight months between the end of 2011 and 2012, including daily crawls of the marketplace for nearly six months in 2012. We obtain a detailed picture of the type of goods sold on Silk Road, and of the revenues made both by sellers and Silk Road operators. Through examining over 24,400 separate items sold on the site, we show that Silk Road is overwhelmingly used as a market for controlled substances and narcotics, and that most items sold are available for less than three weeks. The majority of sellers disappears within roughly three months of their arrival, but a core of 112 sellers has been present throughout our measurement interval. We evaluate the total revenue made by all sellers, from public listings, to slightly over USD 1.2 million per month; this corresponds to about USD 92,000 per month in commissions for the Silk Road operators. We further show that the marketplace has been operating steadily, with daily sales and number of sellers overall increasing over our measurement interval. We discuss economic and policy implications of our analysis and results, including ethical considerations for future research in this area.
Conference Paper
Full-text available
Bitcoin users are directly or indirectly forced to deal with public key cryptography, which has a number of security and usability challenges that differ from the password-based authentication underlying most online banking services. Users must ensure that keys are simultaneously accessible, resistant to digital theft and resilient to loss. In this paper, we contribute an evaluation framework for comparing Bitcoin key management approaches, and conduct a broad usability evaluation of six representative Bitcoin clients. We find that Bitcoin shares many of the fundamental challenges of key management known from other domains, but that Bitcoin may present a unique opportunity to rethink key management for end users.
Conference Paper
Full-text available
Bitcoin is a distributed digital currency which has attracted a substan- tial number of users. We perform an in-depth investigation to understand what made Bitcoin so successful, while decades of research on cryptographic e-cash has not lead to a large-scale deployment. We ask also how Bitcoin could become a good candidate for a long-lived stable currency. In doing so, we identify several issues and attacks of Bitcoin, and we propose novel techniques to address them.
Article
Full-text available
We perform a comprehensive measurement analysis of Silk Road, an anonymous, international online marketplace that operates as a Tor hidden service and uses Bitcoin as its exchange currency. We gather and analyze data over eight months between the end of 2011 and 2012, including daily crawls of the marketplace for nearly six months in 2012. We obtain a detailed picture of the type of goods being sold on Silk Road, and of the revenues made both by sellers and Silk Road operators. Through examining over 24,400 separate items sold on the site, we show that Silk Road is overwhelmingly used as a market for controlled substances and narcotics, and that most items sold are available for less than three weeks. The majority of sellers disappears within roughly three months of their arrival, but a core of 112 sellers has been present throughout our measurement interval. We evaluate the total revenue made by all sellers, from public listings, to slightly over USD 1.2 million per month; this corresponds to about USD 92,000 per month in commissions for the Silk Road operators. We further show that the marketplace has been operating steadily, with daily sales and number of sellers overall increasing over our measurement interval. We discuss economic and policy implications of our analysis and results, including ethical considerations for future research in this area.
Conference Paper
Full-text available
In this paper we attempt to determine the effectiveness of using entropy, as defined in NIST SP800-63, as a measurement of the security provided by various password creation policies. This is accomplished by modeling the success rate of current password cracking techniques against real user passwords. These data sets were collected from several different websites, the largest one containing over 32 million passwords. This focus on actual attack methodologies and real user passwords quite possibly makes this one of the largest studies on password security to date. In addition we examine what these results mean for standard password creation policies, such as minimum password length, and character set requirements.
Conference Paper
I’m not proposing any protocols here, I’m talking about passwords, which is what I’ve spent the last year or so doing now. An interesting problem, which came up in my thesis, is how to tell how strong an individual password is. There’s a growing body of publications on how to assess the strength of a big pile of passwords. So if a bunch of passwords leak from a new website there are some measures that I’ve developed, and some things other people have worked on, to try and compare this new body of passwords to all of the passwords at a different website. But the world of analysing a single password is still in the dark ages I would say. Obviously the difference is that with a group of passwords you can start to do statistics, and you can look at how many passwords are repeated within that set, whereas if you just have one password you have to reason about what set it came from.
Article
Bit coin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bit coin grew to comprise billions of dollars of economic value despite only cursory analysis of the system's design. Since then a growing literature has identified hidden-but-important properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. Meanwhile a large and vibrant open-source community has proposed and deployed numerous modifications and extensions. We provide the first systematic exposition Bit coin and the many related crypto currencies or 'altcoins.' Drawing from a scattered body of knowledge, we identify three key components of Bit coin's design that can be decoupled. This enables a more insightful analysis of Bit coin's properties and future stability. We map the design space for numerous proposed modifications, providing comparative analyses for alternative consensus mechanisms, currency allocation mechanisms, computational puzzles, and key management tools. We survey anonymity issues in Bit coin and provide an evaluation framework for analyzing a variety of privacy-enhancing proposals. Finally we provide new insights on what we term disinter mediation protocols, which absolve the need for trusted intermediaries in an interesting set of applications. We identify three general disinter mediation strategies and provide a detailed comparison.
Article
Bitcoin is an online communication protocol that facilitates the use of a virtual currency, including electronic payments. Bitcoin's rules were designed by engineers with no apparent influence from lawyers or regulators. Bitcoin is built on a transaction log that is distributed across a network of participating computers. It includes mechanisms to reward honest participation, to bootstrap acceptance by early adopters, and to guard against concentrations of power. Bitcoin's design allows for irreversible transactions, a prescribed path of money creation over time, and a public transaction history. Anyone can create a Bitcoin account, without charge and without any centralized vetting procedure—or even a requirement to provide a real name. Collectively, these rules yield a system that is understood to be more flexible, more private, and less amenable to regulatory oversight than other forms of payment—though as we discuss, all these benefits face important limits. Bitcoin is of interest to economists as a virtual currency with potential to disrupt existing payment systems and perhaps even monetary systems. This article presents the platform's design principles and properties for a nontechnical audience; reviews its past, present, and future uses; and points out risks and regulatory issues as Bitcoin interacts with the conventional financial system and the real economy.
Conference Paper
Recently, the Bitcoin cryptocurrency has been an international sensation. This paper tells the story of Bitcoin hardware: how a group of early-adopters self-organized and financed the creation of an entire new industry, leading to the development of machines, including ASICs, that had orders of magnitude better performance than what Dell, Intel, NVidia, AMD or Xilinx could provide. We examine this story for clues as to how we can foster greater innovation in the semiconductor industry and enable this phenomenon to occur more broadly for more application areas, spawning a new age of hardware innovation tailored to emerging application domains---an Age of Bespoke Silicon.
Article
We report on the largest corpus of user-chosen passwords ever studied, consisting of anonymized password histograms representing almost 70 million Yahoo! users, mitigating privacy concerns while enabling analysis of dozens of subpopulations based on demographic factors and site usage characteristics. This large data set motivates a thorough statistical treatment of estimating guessing difficulty by sampling from a secret distribution. In place of previously used metrics such as Shannon entropy and guessing entropy, which cannot be estimated with any realistically sized sample, we develop partial guessing metrics including a new variant of guesswork parameterized by an attacker's desired success rate. Our new metric is comparatively easy to approximate and directly relevant for security engineering. By comparing password distributions with a uniform distribution which would provide equivalent security against different forms of guessing attack, we estimate that passwords provide fewer than 10 bits of security against an online, trawling attack, and only about 20 bits of security against an optimal offline dictionary attack. We find surprisingly little variation in guessing difficulty; every identifiable group of users generated a comparably weak password distribution. Security motivations such as the registration of a payment card have no greater impact than demographic factors such as age and nationality. Even proactive efforts to nudge users towards better password choices with graphical feedback make little difference. More surprisingly, even seemingly distant language communities choose the same weak passwords and an attacker never gains more than a factor of 2 efficiency gain by switching from the globally optimal dictionary to a population-specific lists.
Article
It is often suggested that users are hopelessly lazy and unmotivated on security questions. They chose weak passwords, ignore security warnings, and are oblivious to certificates errors. We argue that users' rejection of the security advice they receive is entirely rational from an economic perspective. The advice offers to shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort. Looking at various examples of security advice we find that the advice is complex and growing, but the benefit is largely speculative or moot. For example, much of the advice concerning passwords is outdated and does little to address actual threats, and fully 100% of certificate error warnings appear to be false positives. Further, if users spent even a minute a day reading URLs to avoid phishing, the cost (in terms of user time) would be two orders of magnitude greater than all phishing losses. Thus we find that most security advice simply offers a poor cost-benefit tradeoff to users and is rejected. Se-curity advice is a daily burden, applied to the whole population, while an upper bound on the benefit is the harm suffered by the fraction that become victims an-nually. When that fraction is small, designing security advice that is beneficial is very hard. For example, it makes little sense to burden all users with a daily task to spare 0.01% of them a modest annual pain.
PRINCE: modern password guessing algorithm
  • J Steube
BIP 38: passphrase-protected private key
  • M Caldwell
  • A Voisine