BeatCoin Shows How To Steal Private Keys For Cold-Storage Crypto Wallet

Most experts encourage protection of cryptocurrency wallets through storing them in Air-gapped networks. Air-gapped networks are software wallets that are stored on an air-gapped PC, making it more secure when compared to hot wallets that are always online. The PC is not connected to any other device in order prevents sensitive data from leaking.

However, how secure are they? A group of Israeli researchers from Israel’s Ben Gurion University led by Dr. Mordechai Guri has just proven that cold storage of cryptocurrency wallets is not as secure as we might have thought.

BeatCoin Shows How To Steal Private Keys

Through their new research known as BeatCoin, they demonstrate how to steal private keys for a cryptocurrency wallet that has been installed on a cold storage on an air-gapped computer or a Raspberry Pi.

The group first developed a malware, which they installed on an air-gapped computer that runs bitcoin wallet software in order to infiltrate the wallet. The malware can be preinstalled or can be pushed in when the wallet is being installed. A removable media such as USB flash drive can also infect the system when it is inserted into the wallet’s computer in order to sign a transaction.

Malware Effect

They then used the malware to transmit the wallet keys to a nearby device such as a smartphone over covert channels. Once the private keys have been obtained, the attacker can control the victim’s cryptocurrency wallet.

In his previous research, Dr. Mordechai Guri has been able demonstrate the possibility of obtaining data from air-gapped networks through techniques such sound from hard drives, radio signals from a PC’s video card, heat, ultrasonic waves, electromagnetic emission from USB devices, and infrared from surveillance cameras.

“In this paper we show how private keys can be exfiltrated from air-gapped wallets. In the adversarial attack model, the attacker infiltrates the offline wallet, infecting it with malicious code. The malware can be preinstalled or pushed in during the initial installation of the wallet, or it can infect the system when removable media (e.g., USB flash drive) is inserted into the wallet’s computer in order to sign a transaction,” part of the research paper reads.

The researchers provided two videos demonstrating the attack techniques. The first video illustrates how to exfiltrate the private keys from an air-gapped computer and then use ultrasonic waves to transfer them to a nearby smartphone in seconds. The second video illustrates how to transmit private keys that are stored on a Raspberry Pi device to a smartphone that is nearby using radio signals data exfiltration.

The Need For Extra Security

The group of researchers concluded by highlighting how the emergence of cryptocurrencies has borne the need to secure private keys from online threats or attacks and the suggested method to do this is through users managing their offline cryptocurrency wallets in isolated air-gapped computers.

They also highlighted how despite the high degree of isolation of cold wallets it is still possible for attackers to steal the private keys out of their air-gapped wallets. The attacker virtually owns all of the currency in the wallet by owning the private keys.

To protect themselves from such attacks users should continue to store their keys in cold wallets however they should implement measures recommended by the team. The measures included adopting anti-malware software and installation of intrusion detection and prevention systems. Additional measures include keeping the cold wallets (like the Ledger Wallet) away from receivers such as smartphones and cameras.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3,485FansLike
2,795FollowersFollow
4,269FollowersFollow

Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

Bitcoin Giving Strong Bullish Signals, Markets to Roar Higher into Next Year

Today, Bitcoin is on the move, aiming for $11,000, currently trading around $10,915. Adding to this bullishness is all the dry powder. $20 billion worth...

ETH Locked on Aave & Uniswap Records a Sharp Rise

Decentralized Finance (DeFi) is back to recovering, currently at over $11 billion, reaching an all-time high of nearly $12 billion from last week, as...

Bahamas Central Bank Confirms CBDC ‘Sand Dollar’ to Launch In Less Than 30 Days

The Bahamas Central Bank has confirmed that its pipeline CBDC ‘Sand dollar’ will roll out next month as anticipated. This will mark the first...

KuCoin Hack Update: 11 Crypto Projects Freeze the Stolen Tokens

Over the weekend, KuCoin lost about $275 million in BTC, XRP, BSV, XLM, TRX, stablecoins, ETH, and other ERC-20 tokens in a security breach....

Bitcoin Re-Entering the ‘Intense Historical Trading' Area Following a Strong Uptrend

Bitcoin is back at near $11,000. The leading digital currency has been making its way upwards since the mid of last week. Today, to mark...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today