A Security Analysis of Cryptocurrency Wallets against Password Brute-Force Attacks

Currently, the monetary value of cryptocurrencies is extremely high, leading to frequent theft attempts. Cyberattacks targeting cryptocurrency wallets and the scale of these attacks are also increasing annually. However, many studies focus on large-scale exchanges, leading to a lack of research on cryptocurrency wallet security. Nevertheless, the threat to individual wallets is real and can lead to severe consequences for individuals. In this paper, we analyze the security of the open-source cryptocurrency wallets Sparrow, Etherwall, and Bither against brute-force attacks, a fundamental threat in password-based systems. As cryptocurrency wallets use passwords to manage users’ private keys, we analyzed the private key management mechanism and implemented a password verification oracle. We used this oracle for brute-force attacks. We identified the private key management mechanism by conducting a code-level investigation and evaluated the three wallets’ security through practical experimentation. The experiment results revealed that the wallets’ security, which depends on passwords, could be diminished due to the password input space and the configuration of password length settings. We propose a general methodology for analyzing the security of desktop cryptocurrency wallets against brute-force attacks and provide practical guidelines for designing secure wallets. By using the analysis methods suggested in this paper, one can evaluate the security of wallets.