Byun, Hyeonsu and Kim, Jueun and Jeong, Yunseok and Seok, Byoungjin and Gong, Seonghyeon and Lee, Changhoon (2024) A Security Analysis of Cryptocurrency Wallets against Password Brute-Force Attacks. Electronics, 13 (13). p. 2433. ISSN 2079-9292
electronics-13-02433.pdf - Published Version
Download (753kB)
Abstract
Currently, the monetary value of cryptocurrencies is extremely high, leading to frequent theft attempts. Cyberattacks targeting cryptocurrency wallets and the scale of these attacks are also increasing annually. However, many studies focus on large-scale exchanges, leading to a lack of research on cryptocurrency wallet security. Nevertheless, the threat to individual wallets is real and can lead to severe consequences for individuals. In this paper, we analyze the security of the open-source cryptocurrency wallets Sparrow, Etherwall, and Bither against brute-force attacks, a fundamental threat in password-based systems. As cryptocurrency wallets use passwords to manage users’ private keys, we analyzed the private key management mechanism and implemented a password verification oracle. We used this oracle for brute-force attacks. We identified the private key management mechanism by conducting a code-level investigation and evaluated the three wallets’ security through practical experimentation. The experiment results revealed that the wallets’ security, which depends on passwords, could be diminished due to the password input space and the configuration of password length settings. We propose a general methodology for analyzing the security of desktop cryptocurrency wallets against brute-force attacks and provide practical guidelines for designing secure wallets. By using the analysis methods suggested in this paper, one can evaluate the security of wallets.
Item Type: | Article |
---|---|
Subjects: | Eurolib Press > Engineering |
Depositing User: | Managing Editor |
Date Deposited: | 22 Jun 2024 10:32 |
Last Modified: | 22 Jun 2024 10:32 |
URI: | http://info.submit4journal.com/id/eprint/3672 |