Most people use it whether an app, an online platform, or a small hardware device as a wallet to store their cryptocurrency securely. The exchanges through which cryptocurrency changes hands, though, and other high-stakes operations are something more needed than a massive digital bank vault. At Black Hat’s security conference on Thursday, researchers detailed potential vulnerabilities in these specially secured wallet schemes, including some that affected real exchanges that are now fixed.
The attacks are not the digital equivalent of jackhammering to inflate a weak point on a safe or a lock. They are more than opening an old-fashioned bank vault with six keys that all have to rotate at the same time. Breaking private keys of cryptocurrency into smaller parts similarly means that an attacker must first cobble them together to steal funds. But unlike physical keys distribution, the cryptographic mechanisms underlying the management of multi-party keys are complex and difficult to implement correctly. Mistakes can be costly.
“These organizations manage a lot of money, so they have pretty high privacy and security requirements,” says Jean-Philippe Aumasson, co-founder of crypto-exchange technology company Taurus Group and vice president at Kudelski Security. “They need a way to divide the private keys of cryptocurrency into different components, different shares, so that no party ever knows the full key and there is no single point of failure. But we found some flaws in how this “Regulations are set up that are not just theoretical. They could really be carried out by an evil party.”
For the work, Aumasson, a cryptographer, has validated and refined discoveries about vulnerabilities made by Omer Shlomovits, co-founder of mobile wallet maker ZenGo. The findings are divided into three categories of attacks.
The first would require an insider in a cryptocurrency exchange as another financial institution exploiting a vulnerability in an open source library produced by a leading cryptocurrency exchange that researchers refuse to name. The attack takes advantage of an error in the library’s keys to refresh, or rotate keys. In distributed key schemes, you do not want the secret key or its components to remain the same forever, because over time an attacker could gradually compromise each part and eventually reassemble it. But in the vulnerable library, the refresh mechanism allowed one of the keyholders to initiate a refresh and then manipulate the process so that some components of the key actually changed and others remained the same. While you could not merge pieces of an old and new key, an attacker could essentially cause a denial of service, permanently excluding the exchange from its own funds.
Most distributed key schemes are set up so that only a predetermined majority of the pieces of a key need be present to authorize transactions. That way, the key will not be completely lost if one part is accidentally eliminated or destroyed. The researchers pointed out that an attacker could use this fact to divert money from a target, by reloading enough parts of the key – including those they control – that they can contribute their share and restore access only if it victim pays a price.
The researchers revealed the bug to the library developer a week after the code went live, so it is unlikely that any exchanges had time to include the library in their systems. But because it was in an open source library, it could have found its way into various financial institutions.
In the second scenario, an attacker would focus on the relationship between an exchange and its customers. Another flaw in the key rotation process, in which it fails to validate all the statements that the two parties make against each other, could allow an exchange with malicious motivations to gradually extract the private keys of its users over multiple key revisions. From there, a rough exchange could initiate transactions to steal cryptocurrency from their customers. This could also be quietly carried out by a striker who first compromises an exchange. The bug is another open source library, this time from an unnamed key management firm. The company does not use the library in its own offerings, but the vulnerability could be included elsewhere.
.
