What are the different crypto blockchain and attack vectors? The term ‘wallet’ itself is very confusing because what is in there is actually not there.
A wallet can be better considered as a web browser and the coins stored there as websites with corresponding addresses that you have control of.
In reality, you can use the same seed phrase to install a wallet on several computers.
All of these will display similar content because they query the blockchain.
Just as there are different types of wallets, so are there different types of attack vectors.
There are mainly software, hardware, paper and web wallets and all of them have their characteristic attack vectors.
However, there is one thing common in all of them: if someone else manages to get hold of the seed word, all your money is gone, forever.
If you are unaware of the attack vectors of these wallets, here is an article that will inform you about it all.
Additionally, in this article you will also find some other attack vectors related to blockchain, smart contracts, and other mechanisms related to crypto blockchain.
With all these facts known to you, it will be much easier for you to protect your wallet and crypto coins in a much better way than you did before.
What are the Different Crypto Blockchain and Attack Vectors?
It is a common belief that hardware wallets are much safer and these are better to store crypto.
However, this does not mean that the hardware wallets are the perfect solution and cannot be attacked. These too have different attack possibilities.
In order to steal money from your crypto wallet, the attacker may try to attack your device first.
Therefore, it is good to know about these attack vectors before you move on with those of the wallets. Here are some of them:
- Firmware bugs – These are already present in the device you buy.
- Invasive attacks – This is when an attacker tries to open the device to extract the password and memory or even replaces the chip.
- Side channel attacks – This is done by analyzing the power of the device along with electromagnetic leaks.
- Evil maid attacks – These attacks refer to stealing of your device by the attacker and modifying them or replacing them with others and returning the tampered device to you.
- Brute force attacks – This refers to attacks in which the attacker brute-force the password to unlock the device.
The hackers may also attack your computer to practice their malicious practices later on. Some of these attacks include:
- Malicious apps attack where the original wallet app is replaced with a malicious one installed on your computer.
- Malicious USB cables and connections are also the latest trend to infect a computer with malware.
- Clipboard hijacking with a malicious program on your computer that can read and replace crypto addresses with a different one is also a common attack vector.
- Man in the Middle attack, which is referred to as MITM attack, is when the attacker changes the receiving crypto address by using malware.
Sometimes, online attacks can also make your device vulnerable. Some of the most common online attacks are:
- Server attacks which may result in tracking the IP address of your device and showing the wrong balances.
- Phishing attacks may happen when you are tricked to enter your seed word onto a fake website wallet.
Attacks may also be made on the supply chains and some of the common forms of supply chain attacks are:
- Entropy attacks which may result when you use a bad random number generator or through the backdoors in the secure element chips of the manufacturer.
- Device shipping attack is done by the employees of a factory as soon as the device leaves the premises or even by the resellers.
- Malicious firmware may also be installed and sent to you without your knowledge.
- Covert nonce channel attack is one special type of attack in which the seed word is extracted with the encoding part of nonce to make malicious signatures.
And, there can be human attacks on your device as well such as:
- Wrench attack, which may happen when the attacker attacks you physically demanding funds and threatening you to send it.
- Attacks on your backup may happen when you are not careful in storing your seed word and passphrase.
- Leaking of private customer data from the device manufacturers may also result in an attack when these are stolen by the hackers.
Now that you are knowledgeable about the different attack vectors of your device in the first place, you can move on to each specific type of attack vector for different aspects of crypto apart from the wallets.
This will make your knowledge much more comprehensive.
Wallet Attack Vectors
Here are the attack vectors of crypto wallets for you to know so that you can keep your password, passphrase, backup, private keys, and crypto coins safe, which is your responsibility, mind you.
Hardware wallets attack vectors:
The hardware wallets are not bug-free and therefore the attack vectors related to these wallets can be pretty creative.
- The preconfigured hardware wallets can be a classic attack vector. Therefore, if you wish to buy any pre configured hardware wallet make sure that you always buy it directly from a reliable manufacturer. This may also let you get a commission. Also, make sure that you set up the hardware wallet and note the seed words yourself. Then, transfer a small number of coins and test the recovery.
- Theft and wrong entry can also affect a hardware wallet. If you enter the PIN incorrectly three times, it will be automatically deleted. You can restore it then only by using the seed words. And, the worst thing to happen is theft of your seed word or private key. This can be extracted, especially from a stolen device, if there is some sort of vulnerability in the system.
- Clipboard hijack and other malicious programs can also attack a hardware wallet. When the clipboard is changed, it will be difficult to use the wallet anymore. These attacks however can be easily spotted because the display of the hardware wallet will also show the address.
- Compromised system is another attack vector of the hardware wallet. It will show a different amount and destination address than what is actually given to the hardware wallet. That is why you should always confirm the address with what is shown on the display of the hardware wallet.
- Manipulation of the display of the hardware wallet is also possible, though it is very complicated. Malicious programs need to be used for this after stealing the wallet and putting it back again.
- Ransom attacks are also common. Here, the compromised wallet chooses one index at random from a billion of it available. The confirmation of the transaction in this case does not appear in the wallet. There is ideally no way to fix it.
Though there are several hardware wallet attack vectors, for all of them direct access to the wallet is required in order to initiate an attack. This is why hardware wallets are considered to be safer.
Software wallets attack vectors:
Usually, the software wallets are attacked by malware. Here are a few of the major ones:
- Stealing the encrypted file is one common attack vector of the software wallets. One who has access to your computer and the spending password can do it by using a malicious software program.
- Fake wallet is another attack vector. A fake wallet can be deployed to your computer or smartphone and when you install it and enter the seed word, the coins are sent to an address that is stored and controlled by the attacker. These fake wallets can be in the app and desktop stores and look like the original ones even with the name of the developer which may be changed a bit but still very confusing and indistinguishable.
- Clipboard hijack or alteration is another attack vector done by malicious programs. When you copy an address it is secretly and silently replaced with the wallet address of the attacker. There may be a lot of similar looking addresses that it can be replaced with.
Therefore, check the address after pasting to prevent such things from happening. Check at least the first and the last ten characters of the address after inserting.
Web wallets attack vectors:
These wallets are available on the websites you visit. You can use them by loading the private key through a file, entering the seed word or by connecting it with a hardware wallet. The biggest attack vector is not visiting a reliable website which may result in:
- DNS hijacks – A computer needs the IP address in order to display the content of a website. This IP address is the number which the computer must look up in the DNS server. The host file is stored here. If this is changed, it may block or redirect pages if a different number is entered for any website page created by the attacker. It will look just like the original page but will do all types of malicious things. The DNS server entries may also be changed but that is far more complicated.
- Changed bookmarks – This is a very easy attack vector. Anyone having access to a computer can change the website at the back of the bookmark. When you click on the bookmark, it will take you to another page. In such attacks, usually addresses that are similar to each other are used.
- Phishing mails or messages may also redirect you to a fake website if you click on the links attached with the mails that promise tempting things.
- You can use web wallets from other computers as well, which however is another attack vector. There may be security issues in it or there may be a program running that will intentionally log everything or the system may be already infected with some malware.
- Also, for your convenience, if you store the seed word or private key in an unencrypted form in a text file on your computer to paste them quickly on the web wallet, it can also be stolen.
- Clipboard hijack, just like any other wallet, is another possible attack vector.
Since the web wallets are too vulnerable and it is easy to make a mistake in copying and pasting an address, you should always use them along with a hardware wallet if you really have to. This will prevent any erroneous or accidental transferring of critical data.
Paper wallets attack vectors:
It is hard to hack a paper wallet but it can be stolen. Since these are designed not to store your keys digitally, you should not save them as a PDF, take a screenshot, or a photograph of it. You should not even take a print out of it because it may be archived digitally.
The other attack vectors of a paper wallet are:
- Theft is the most common attack vector which is why you should not take a photograph or copy your paper wallet.
- Loss or destruction due to fire and water are also very common and probable attack vectors of a paper wallet.
- Using malicious generators and programs to create a paper wallet may also result in the shock of your life when you attempt to import it again. It will be gone forever!
Using paper wallets is a good way to store your crypto for a long term, provided you have a safe place and a way to store them.
For a hacker, the wallet credentials of the users are the main target. In order to obtain these, the hacker may use both traditional as well as modern methods.
The traditional methods followed are:
- Phishing attack – In this process a fake online seed generator is used by the hacker. This enables them to collect logs with secret seed words by conducting a phishing campaign.
- Dictionary attacks – In these attacks, the cryptographic hash and salt is broken by the hacker by using different hash values of some of the most common passwords. When these clear text passwords are translated into cryptographic hashes, the hacker can find out the user credentials of a wallet.
On the other hand, some of the most sophisticated methods followed by the hackers to attack crypto wallets involve finding the vulnerabilities of the cryptographic algorithms. Some of the ways they follow are:
- Vulnerable signatures – Typically, blockchain networks use different types of cryptographic algorithms while creating user signatures. These come with some vulnerability such as inadequate entropy in the ECDSA cryptographic algorithm of Bitcoin that generates unique private keys automatically. This results in the identical random value in more than one signature.
- Flawed key generation – There may also be some vulnerability in the key generation process. The hackers exploit this vulnerability to create poor arbitrariness of inputs while generating public keys for the users.
While you are done with the different attack vectors of crypto wallets, here are some other aspects of crypto blockchain transactions that you should know as well in order to make sure nothing is compromised while you transfer your crypto.
Blockchain Attack Vectors
The blockchain technology is supposed to be most transparent and secure but it is really not as secure as you may think.
Modern cybercriminals can attack blockchain networks and put their reputation at peril. Here are the most common attack vectors of blockchain networks.
- DDoS or Distributed Denial of Service attacks – These are hard to do but quite possible. The hackers consume all the processing resources to bring down a server by making several requests. This way, the DDoS attackers try to disconnect crypto exchanges, e-wallets, mining pools, and other financial services provided by the blockchain network. It can also be hacked at the application layer by using DDoS botnets.
- Transaction malleability attacks – This is an attack which tricks the user to pay twice. The hashed transaction ID is altered by the hacker and it is broadcasted for verification before the actual transaction. The sender believes that the transaction has failed and repeats it. This way, funds are debited twice from the sender’s account. However, this hack can only be successful when both the transactions are authenticated by the miners.
- Time-jacking – This is an attack that exploits the vulnerability in timestamp handling. In this process the hacker changes the time counter of the node of the blockchain network and forces it to accept another blockchain. This attack can be successful only when the hacker adds numerous fake peers to the blockchain network with erroneous timestamps.
- Routing attacks – This type of attack impacts both the individual nodes as well as the entire blockchain network. The main intention of this attack is to alter transactions before these are pushed to the peers. It is impossible to detect such attacks because the hackers divide the network into parts that cannot communicate with each other. Routing attacks can happen in two ways such as partition attack where the nodes are divided into separate groups and as delay attack where propagating messages are tampered and sent to the network.
- Sybil attacks – In these attacks different identifiers are assigned to the same node. The hacker gains control of several nodes in the blockchain network and sends requests to them. The victim is encircled with fake nodes. These nodes close up all transactions and the victim becomes vulnerable to double-spending attacks. It is hard to detect a Sybil attack but escalating the cost of new identity creation or requirement of some kind of trust to join a network or finding user power backed by reputation can be quite effective to detect such attacks.
- Eclipse attacks – Here the hacker gains control of a lot of IP addresses. The addresses are then overwritten in the target table of the victim node. When this node restarts, all of its outgoing connections will be routed to the IP addresses that are now controlled by the hacker. The victims therefore cannot make the transactions they want to.
Hackers may also initiate long range attacks on those blockchain networks that use the PoS or Proof of Stake consensus algorithms.
There are three specific types in which such long range attacks can be made. These are:
- Simple, when the nodes do not check the timestamps of the blocks
- Posterior corruption, when the attacker tries to mine more coins than the primary chain within in a given timeframe and
- Stake bleeding attacks, where a transaction is copied from the original blockchain to a private and fake blockchain controlled by the attacker.
The hacker usually uses a stolen or purchased private key to initiate a long-range attack. They typically choose a considerable token balance that may have been used extensively in the past for validating transactions.
This allows them to create a substitute history of the blockchain network and even raise the rewards depending on the PoS validation.
Smart Contract Attack Vectors
Smart contracts on the blockchain can also be attacked, though a lot of developers are working on them to make them less vulnerable through penetration testing and other developments.
The primary security issues related to smart contracts on a blockchain are the bugs existing in:
- The source code
- The smart contract runtime environment
- The virtual machine of the network and
- The blockchain itself.
Out of these the bugs in the source code and the virtual machine of the blockchain network are most significant.
When there is an issue in the source code of a smart contract, the parties involved in signing the contract are at risk.
This may result in a reentrancy attack which delegates control of functions of other smart contracts.
This means that contract A can call on the functions of contract B and vice versa to use them for malicious intentions using their undefined behavior.
And, as for the vulnerabilities or bugs in the virtual machines on a blockchain network, the most common effects are:
- Immutable defects caused by the bugs that cannot be fixed and therefore can be exploited by the hackers to steal coins or even create a new fork
- Loss of crypto in transit to a specific address that does not have a contract or an owner
- Access to sensitive data of a smart contract as well as its functionality due to the bugs present in the access control mechanism of the virtual machine
- Short address attacks when the EVM accepts arguments that are padded incorrectly which means the hackers can exploit by sending specially created addresses to the potential victims.
There are also some other low-level attack methods that the hackers can use to compromise smart contracts.
Transaction Verification Mechanism Attack Vectors
Hackers can also attack the transaction verification mechanism of a blockchain and there are different ways to do so.
Ideally, every transaction on a blockchain needs to be verified at every node of the network before it is added to the chain. This takes some time and this creates an ideal vector for attacks.
The most common type of blockchain attack that exploits the transaction verification mechanism is double spending. They trick the users to use the same coins in more than one transaction.
However, here are a few other types of attacks that are based on the exploitation of the time interval between initiation and confirmation of a transaction:
- Finney attacks – These attacks happen when a transaction is pre-mined in a block and a similar one is initiated before it is released to the blockchain network. This annuls the second matching transaction.
- Race attacks – These attacks are initiated when the attacker generates two incompatible transactions. The first one is sent to the victim to accept the payment and send the product without waiting for its confirmation. The conflicting transaction is broadcasted to the network at the same time returning the same amount of crypto coins to the attacker. This makes the first transaction worthless.
- Vector76 – This is ideally a combination of Finney and race attacks. In this process, the attacker creates two nodes. One of these nodes is linked to the exchange node on the blockchain only. The other one is linked to well-connected peers. The attacker creates two transactions. One of these transactions is of high value and the other one is low. The attacker then pre-mines the block with high value and withholds it. When the block announcement is made, the attacker sends this quickly to the exchange service. The miners and the exchange service consider this to be the main chain and confirm it. The low value transaction is sent to the main network after this which rejects the high value transaction and the account of the attacker is credited with the high value transaction amount.
- Alternative history attacks – These attacks are also called the blockchain reorganization attacks. It happens in the case of multiple confirmations as well. In this process a transaction is sent by a malicious user to the recipient. Another substitute fork with one more transaction is also sent at the same time that returns the similar coins. The recipient loses the money and the attacker gets the coins when a longer chain is released.
- 51% or attacks – Also called the ‘majority attack’ this happens when 51% f the hash rate of the network is compromised by the attacker. This can create an alternative fork to take precedence over present ones. Mostly the small crypto coins are vulnerable to majority attacks because they have fewer miners and the attackers.
Double-spending attacks can be prevented by monitoring the transactions received during the listening period or by forwarding such attempts.
Other nodes may also be inserted to monitor transactions or direct incoming connections may be rejected to prevent double spending.
Though there are innovative technologies that may solve the issues and weaknesses that may result in transaction verification mechanism attacks by verifying transactions instantly without handing over custody of funds via a network of bidirectional payment channels, it is still vulnerable to DDoS attacks.
Mining Pool Attack Vectors
Finally, the mining pools can also be attacked by a hacker. The mining pool is a sweet target of the attacker that allows them to gain control over the mining pools both externally and internally.
This is typically done by exploiting the weaknesses in the consensus mechanism of the blockchain.
Some of the most common mining pool attacks are:
- Selfish mining – Also called block withholding attacks, in this process the malicious miners try to augment their share of rewards. They do so by not broadcasting the blocks they have mined to the network but releases several blocks together after some time. This means that other miners lose these blocks and the rewards in the process.
- Fork After Withholding or FAW – This is another variant of selfish mining. It is more rewarding for the attackers. In this process, the malicious miner withholds the winning block to either discard it later on or release it to create a fork based on the circumstances.
Selfish mining can be prevented by assigning miners at random to different branches of mining pools based on the recent timestamp and by giving a maximum time limit to generate blocks.
Registering only with trusted miners and making alterations to the protocol to cover the difference between a partial and complete Proof of Work may also prevent selfish mining attacks.
There have been lots of attacks on crypto wallets and blockchain on the whole in recent years. It is vital for all users to know about these vulnerabilities to ensure blockchain and wallet security. This article has done just that.
I have special interest in crypto and intend to help common people to gain knowledge about the digital asset as well as its potential. Follow Me at Linkedin.