Author

Topic: Possible Bitcoin Loss/Theft scenario/situations and solutions (Read 1594 times)

full member
Activity: 140
Merit: 100
newbie
Activity: 42
Merit: 0

Un-encrypted Wallet Theft

Encrypted Wallet Theft

Theft of Private Key (bitplane)


A simple solution is to use an isolated system that is not connected to the Internet. Then the private key can not be stolen from the Internet through the connection wire. The transaction can be generated and signed in the isolated system and then physically bring into another computer and send to the network. It is very difficult to use in the current state but may be easier in the future.

Added Smiley
o
member
Activity: 76
Merit: 10

Un-encrypted Wallet Theft

Encrypted Wallet Theft

Theft of Private Key (bitplane)


A simple solution is to use an isolated system that is not connected to the Internet. Then the private key can not be stolen from the Internet through the connection wire. The transaction can be generated and signed in the isolated system and then physically bring into another computer and send to the network. It is very difficult to use in the current state but may be easier in the future.
newbie
Activity: 42
Merit: 0
legendary
Activity: 2506
Merit: 1010
Asset Seizure - Confiscation
Just as an unencrypted Bitcoin wallet is vulnerable to a thief who has access either remotely or physically, the wallet is vulnerable to police in the same way.  They may secure the funds by transferring to a new address under their control, rendering your backups useless.  Even encrypting your wallet may not be good enough protection -- a court order could compel you to divulge your passphrase.
 - http://forums.truecrypt.org/viewtopic.php?t=23969

Coercion / Rubber hose cryptanalysis
 - http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

TrueCrypt can provide plausible deniability with the protection given through hidden volumes:
 - http://www.truecrypt.org/docs/?s=plausible-deniability
 - http://www.truecrypt.org/docs/?s=hidden-volume
member
Activity: 83
Merit: 10
Very helpful guide. thanks.
member
Activity: 76
Merit: 87
this should be stickied.

Agreed! Perhaps it should replace the "Trojan Wallet stealer be careful" sticky?
sr. member
Activity: 434
Merit: 250
100%
The YubiKey as offered on MtGox may provide an additional layer of security even in case your password is lost.

However, if your system has been infected with something like the Google Redirect virus + a keylogger, the attacker may trick you into logging in to a fake MtGox, then use your YubiKey one-time password to log in to the real MtGox, change the password and transfer your btc elsewhere.

So don't fully trust your YubiKey either.

Possible solution: turn your BTC into USD on the exchanges, but that won't protect you from the Wallstreet downfall or the dollars being sent to a shady bank in the east.
full member
Activity: 168
Merit: 100
this should be stickied.
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
Weak passwords or even forgetting the password.
It could be an issue too if people start generating private keys for storage from a string and they don't pick a good one.
legendary
Activity: 910
Merit: 1001
Revolutionizing Brokerage of Personal Data
Situations
- Trojan/Wallet stealer also key logs so the password was already captured.
Potential solution for Bitcoin client: Enable the use of two-factor authentication which requires the transaction to be signed by a second key on another device (eg smartphone, special online service, another Bitcoin client,...)
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
-Hard disk failure. No backups.
-sending BTC to the wrong person via man in the middle attack
sr. member
Activity: 321
Merit: 250
Firstbits: 1gyzhw
Situations
- Trojan/Wallet stealer also key logs so the password was already captured.
Potential solution for Bitcoin client: Use secure desktop to enter passwords (ala KeePass), which means they'd have to write a hardware keyboard driver to record the keyboard.
Potential solution for users: Store wallet in a KeePass database and set it to enter passwords on secure desktop.

Situation: Private keys are extracted directly from memory, despite an encrypted wallet and password entered on a secure desktop.

Potential solution for Bitcoin client: Store private keys in secure memory storage service. Only store the keys in memory for a limited time, blank the memory after use.
newbie
Activity: 42
Merit: 0
Secure Desktop (bitplane)
Pros
- Trojans will need to write a hardware keyboard driver to steal passwords (proof?)

Cons
- Not user-friendly, requires additional setup and such. A user willing to obtain Secure Desktop, install it properly will likely be savvy enough and willing to use a more secured USB-booted OS.

Questions
- Can users inadvertently install trojan software into Secure Desktop, rendering it pointless?


Password Manager (bitplane)
Pros
- One password to remember to everything
- Present an additional layer of complexity to break through and may effectively deter theft

Cons
- One password to lose everything
- Trojans that can steal via keylogging/screencaps and such will still be able to capture the necessary password, either the password manager's password first, or the subsequent wallet password or private key. Some password managers try to defeat this but none will guarantee it's theft proof and ultimately depends on user setting up appropriate options and willing to be inconvenience.



Multi-factor Authentication for online services
Pros
- Can decrease possibility of unauthorized usage significantly
- Mitigates consequences of losses arising from password theft

Cons
- Increase user complexity depending on authentication method
- Possible lockout due to loss of authentication token such as Yubikeys
- Certain forms of multi-factor are themselves vulnerable to attacks such as MITM using a redirection site and keylogger (goodlord666)



Offline Transaction Device (o)
This could be anything from a smartphone to a desktop that is permanently disconnected from the Internet.
Wallet is created and stored only in this system. Addresses and transactions are generated/signed then transferred to an online system via a thumb drive for example.

Pros
- Very safe since it is hard for an external hacker to get into something that isn't connected to the net in anyway

Cons
- Possibly costly since a dedicated device/machine is necessary for this and may require a safe/vault to physically secure the device when not in use.
- Troublesome, even assuming the standard client includes export/import functionality.
- Still requires user to be diligent about backups since the device can fail.
- Does not stop MITM attacks if the sending device or network is compromised, bitcoins can still be redirected to the MITM's address.



I'm basing my analysis on a quick look at the keywords given in suggestions so please feel free to correct and debate on conclusions for updates.
newbie
Activity: 42
Merit: 0
There are a lot of threads on how to better secure the wallet, but there doesn't appear to be a consolidated thread about the possible scenarios users should be paying attention to. Or maybe I was searching the wrong way Cheesy

So I'm putting together a list and hopefully it will serve as a starting point for people to chip in to create a list that any bitcoin user, developer or site owners offering Bitcoin payments etc could keep in mind when using, developing or offering bitcoin related service?


Personal Situations
Un-encrypted Wallet Theft
While encrypted wallet is planned for release, this is currently still a concern. This situation implies that an unauthorized person manages to get a copy of the wallet.dat and can therefore manipulate the bitcoins in the wallet.

Situations this can occur
- Trojan/Wallet stealer infected computer
- Unsafe backup to an unencrypted storage such as a USB drive or emailing to oneself.

Solutions?
- Use wallet encryption, use encrypted media for offline storage.
- Do not use unverifiable software
- Run regular virus scan. This may not catch the newest trojans but usually heuristics detection should catch suspicious activity. However, this doesn't stop a user from marking a new wallet program as safe without knowing it's not.

Encrypted Wallet Theft
Similar to unencrypted wallet theft, however as wallet is encrypted, the thief would not be able to use the wallet. However, for the same reason the theft can occur, the encryption may be useless. See next.


Theft of password
User may have encrypted their wallet. But the same mechanism allowing the wallet theft renders the encryption useless.

Situations
- Trojan/Wallet stealer also key logs so the password was already captured.
- Third party wallet encryption software is actually a stealer
- Shoulder Surfer noting down the password and have easy physical access to the backup or computer.

Solutions
- As with normal password entry, never do it with somebody looking over your shoulder.
- Scanning system regularly is helpful but not guaranteed to defeat all possible trojans/rootkits/etc
- Software which uses onscreen keyboard may help reduce the effectiveness of keyloggers.


Theft of Private Key (bitplane)
A trojan on the user system could steal the private key from memory while bitcoind is running.

Solutions
- No end user solution available, needs to rely on underlying OS to isolate memory from applications



Fundamentally, if the user's system contains a trojan, security methods are effectively nullified regardless of encryption. The use of a USB bootable OS to update/operate the wallet may be the only way around this, but this implies the standalone OS is trustable.


Storage Failure (bitlotto)
The media that the wallet is stored on, is lost. E.g. dead HDD, dead or lost thumb-drive.

Solutions
- Keep multiple copies. However, this is in itself be a security risk as the channels by which the wallet can be stolen increases. Encryption can mitigate the consequences but see above for possible negation of the encryption. Also does not help recovering newer coins if the backup does not contain the newer addresses. This issue may be negated by the development of deterministic wallets but may also open up issues of surveillance/tracking.


Physical Attacks (Stephen Gornick)
This covers situations where the user is physically attacked/targeted in order to gain access to his Bitcoins. This can be government action such as sending agents to seize your assets, or just your friendly neighbourhood drug addict discovering that he can buy drugs with Bitcoins and decides he could make you give them up using a violence.

Solutions/Workaround
- None as at this point, may even worsen situation for user since this can lead to coercion cryptanalysis i.e. torture to extract the password. Furthermore, even if the user has given up the password, the uncertainty due to use of plausible deniable encryption may lead to continued torture in the belief that the user may have other bitcoin wallets encrypted or hidden.


Online/eWallet Related Lost

Service Shutdown
Online service shuts down or run away, effectively losing the eWallet.

Solutions/Workaround
- Do not use an eWallet but this may not be practical or conveninent
- Store minimum amounts in eWallet, again depending on your usage, this may not be convenient or practical
- Require online service provider to send you a backup copy of your wallet. However, depending on how their eWallet is implemented, this may not be possible or they may not be willing to do so. In addition, this transfers the risk factor back to those listed in "Personal Situations"

Service Hack
Online service is hacked, e.g. MtGox or MybitCoin so coins are actually transferred away.

Solutions/Workaround
- Similar to service shutdown, but having a backup wallet is useless in this case because the thief may have sent the coins already by the time its discovered.


Service Fraud
The service is ran by fraudulent admins who had planned from day one to steal everything once worthwhile.

Solutions/Workaround
- None except not using the service. But it's difficult to tell who is intending to defraud since the best fraudster would do their best to come across as trustworthy since day 1 to ensure maximum incoming usage and minimize suspicions.

Online password theft
Similar to password theft in "Personal Situations" but measures indicated for offline security are not practical since the passwords has to be sent in order for the online service to be used.

Solutions/Workaround
- Ensure the service runs on SSL to avoid MITM (man in the middle, see below) theft
- Use of multi-factor authentication such as Yubi-keys (see MITM below) or SMS verification.



Fundamentally, not using an eWallet is the only safeguard against online bitcoin theft. However, it may not be convenient or practical for some usage scenarios.


Man in the middle (bitlotto)
Man in the middle refers to somebody inserting themselves into the communications chain and therefore can see and possible edit information being sent/received. E.g. a trojan may set itself up as a transparent proxy on the user's system and therefore can alter outgoing transactions such as changing the recipient address to their own.

Solutions
- As with other situations, the first step is ensuring the system is clean. However, Depending on where the man in the middle is interception traffic, there may not be effective solutions. E.g. if your network (at company level, or even local ISP level) admin is fraudulent, he can set up monitoring for activity on the bitcoin port. So ensuring your system is clean does not defeat him listening on.

- Require SSL connection to online bitcoin service provider. This is the standard way to defeat MITM attacks as outlined in the previous point. However, if the site uses self-signed cert, it may be possible to trick an user into accepting the usual warning of a uncertified cert but one that belongs to the MITM instead of the the site itself.


Wrong Addresses (bitlotto)
Sending bitcoin to the wrong address.

Solutions
- Double check recipient address before sending. No use if due to successful MITM attack.
- Mitigate losses from large transactions by sending test transactions but may incur transaction fee.  Verify against the blockchain that the actual accepted transaction goes to the correct address before sending remaining amount. Might be too tedious for average user.
Jump to: