I'm All Up in Your Blockchain, Pilfering Your Wallets

Published: 2017-12-21
Last Updated: 2017-12-21 23:01:12 UTC
by John Bambenek (Version: 1)
0 comment(s)

With the latest “gold rush” in cryptocurrency, many people are investing (or speculating, depending on your perspective) in Bitcoin and various other currencies. Many of these people are not the same tech-savvy people who have been mining for years, they are chasing big rates of returns. While the economic risks are its own discussion, this post will talk about some observations in how to protect the security of your cryptocurrency.

For the most part, an individual’s cryptocurrency is controlled by their wallet (or wallets) which are the recipient and holder of the “coins”. Much like your physical wallet, if that wallet gets taken, most bets are off in terms of your data being taken. Unlike your physical wallet, there is no external way to know your cryptocurrency wallet has been taken. It’s a file, and files can be duplicated and copied.

This happens organically a wide variety of ways, even security tools will copy and sandbox files it may see on the endpoint. If the wallet is not encrypted and the sandbox allows for open downloads, that allows for situations where entrepreneurial researchers to search for wallet files and use them to appropriate your assets. For example, see the wallet below, which had about $18M USD worth of bitcoin, that was seen freely available for download (no I didn’t take their bitcoins).

Someone with too many bitcoins

The key against this is to encrypt the wallet, but for a wallet this size, to keep most of the assets in a “cold wallet” stored offline (i.e. USB key in a safe), and to minimize any security tools or Microsoft Windows from sending telemetry of the machine. As a note, many wallets are encrypted with laughably weak passwords… strong passwords are a must here. Here are some more tips from Bitcoin.org in protecting your wallet.

Many less tech-savvy users rely on various web-wallets, where a vendor controls the actual wallet file. If you are working with a reputable vendor, you are probably ok, but exchanges can and do get hacked (Mt. Gox for one), such as this recent story about YouBit from S. Korea filing for bankruptcy after having lost 4,000 bitcoin. There isn’t much a consumer can do about these kinds of threats because the market is unregulated. If there is a large pool of assets, storing that across multiple vendors can give some degree of risk mitigation.

While people are looking at the upside (well not at this moment, as BTC is down), there are risks that are unique and in an unregulated market, it all falls on the user to protect themselves.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Fidelis Cybersecurity

Keywords:
0 comment(s)
ISC Stormcast For Thursday, December 21st 2017 https://isc.sans.edu/podcastdetail.html?id=5803

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives