How vulnerable is crypto address and blockchain to man in the middle attacks? All your crypto is stored in a wallet, either online or offline.
You may think that an offline wallet is much safer to store crypto than an online wallet. However, it is partly true and there is much more for you to know about the vulnerability of crypto wallets it seems.
It was found after research and several tests that the crypto wallets, even the most popular and widely used Ledger hardware wallet, are vulnerable to Main in the Middle attacks, or MITM attacks as it is simply called.
Now, this is a big disappointment to the crypto users who believed that the hardware wallets are the safest thing to store their crypto coins.
Well, rest assured, this is not the end of the world, or crypto world to be more precise. There are ways to get around it, provided it is known to the users.
If you are surprised and worried about your crypto stored in your wallet and want to know more about the MITM attacks, this is the right place you are in.
This article will let you know about the MITM attack and how it works and along with that there are few important tips which, if you follow, can save you from becoming a victim to the Man in the Middle.
Ideally, this is an attack that allows the hackers to redirect the funds stored in the crypto wallet of a victim to wallets controlled by them.
All the hackers need to do to initiate a MITM attack is simply change the destination address of the crypto transaction.
How Vulnerable is Crypto Address and Blockchain?
Ideally, blockchain, the underlying technology of cryptocurrency, was designed to offer a safe and secure way to the users to transact their digital assets quickly without needing any middlemen for it.
However, the latest research reports showed that there is always a Man in the Middle to attack and steal your hard earned digital fortune.
This also showed that any system that functions mainly on any type of key-agreement protocols is vulnerable.
The storage as well as the exchange of crypto coins both can be compromised by the MITM attacks in one way or the other.
Usually, whether you want to transfer crypto coins or store them, you will have to rely on blockchain technology.
This is a distributed ledger that records all transactions and everyone participating on the network can view it.
Ideally, Bitcoin and other crypto coins are in no way different from any other key-agreement protocols that depend on secrets.
When you make a transaction, it is sent to a crypto wallet address on the blockchain.
This address is however protected by two specific types of encryption keys namely, a public key and a private key.
A public key can be shared by and with everyone. This allows a user to send or receive crypto coins.
When you share this key with another person, that person can send funds to you or your wallet.
On the other hand, the private key is kept secret at all times.
If you lose it, you lose your crypto because anyone who has it can prove his or her ownership of the coins, even if it belongs to you originally.
This is the key that will help you to send funds from your wallet specifically.
This is where the hacker initiates the MITM attack. The communication between the parties participating in a transaction is compromised through these attacks.
The hacker tampers with or steals the information exchanged between the two participating parties.
When the hacker targets a hardware wallet, malicious software is installed on the computer of the target.
This malware alters the destination address of the transactions by replacing the intended crypto address with the wallet address of the hacker.
You literally have very little to do in order to detect such an attack and stop it other than comparing manually the address displayed on your computer with the address that appears on the display of the hardware wallet.
If you are not cautious and skip this step, your money is gone, forever.
Man in the Middle attacks are nothing new to cryptocurrencies. In the past, Bitcoin and other crypto coins were subject to this attack.
However, back then the hackers followed different techniques to intercept and steal private keys and to change the destination address of a crypto transaction to get the coins.
The hackers were also able to break into the online crypto exchanges and were able to steal a large number of crypto keys worth hundreds of millions of dollars.
The MITM attacks are used by the hackers to steal a variety of things which includes and are not limited to:
- Encryption keys
- Code signing keys and
- Other sensitive data.
All these are necessary to identify a user and authenticate any transaction made online.
The MITM attacks are considered to be very dangerous. This is due to the fact that it allows the successful hackers to present them as legitimate parties to a transaction.
This way it is easy for them to perform any action that can be very dangerous for the entire blockchain.
They can easily inject malicious software into the files stored in a computer, in the web pages, and apps that are accessed and used often to make exchanges online.
The hackers can create a patch of an app with the key and inflict it with a virus that will make them look legitimate.
When this patched application is used by thousands of users, the malware is automatically injected to those thousand devices using the app thinking that it belongs to a legit source, while it is not.
This means that, within an instant, tens of thousands devices will be infected with the virus which the hackers can then use for their benefits.
About Man in the Middle Attacks
Now, take a look at the Man in the Middle attacks discussed here in detail to know what it is and then you can know about its working process.
It is a known fact to many that most of the Bitcoin and other crypto addresses posted randomly on the social media channels, in blogs, forum posts, and websites of the merchants are not well protected.
It is this specific aspect that is the primary reason for the vulnerability of the crypto wallets.
The security model to follow while making a crypto transaction seems to be pretty safe.
However, even then there are some lacunas that can be exploited by the hackers to initiate a Man in the Middle attack, especially when transactions are made via less secure channels. Here, the payers sending the money can be a victim.
To understand the security model you consider this example where a Bitcoin transaction is made between two parties in a less secure channel.
Here the person who has been victimized may publish the wallet address in any of the following ways:
- Publishing the address on a website without an HTTPS protection or without any certification from a trusted authority
- Publishing the address on a forum post or a website without an HTTPS protection or without any certification from a trusted authority or
- Publishing the address on a forum post or a website with proper HTTPS protection or a certificate from a trusted authority.
While such a transaction is made, the attacker operates in the middle between the payer and the payee which is why these types of attacks are called the Man in the Middle attacks.
The payment process is initiated by the payer by using the Bitcoin address of the payee. A communication process is established and it is this communication protocol that is most vulnerable.
This allows the attacker to gain advantage over both the payer and the payee and the address of the victim can be replaced without them being knowledgeable about it.
Now, this attacker or the man in the middle could be anyone such as:
- A malicious access point in the Wi-Fi
- A web service provider
- The ISP or Internet Service Provider.
Typically, such attackers can be classified into two categories as follows:
- Those who are close or known to the payee such that the payee may publish the address through the attacker. In such situations the wallet address of the payee may be replaced by that of the attacker.
- Those who are close or known to the payer so that the payer may retrieve the wallet address of the payee from the attacker. In such situations, the attacker can easily modify the address and replace it with his own.
However, it is not easy to be successful in such attacks because the attacker needs to overcome a few specific challenges.
One of the most significant challenges is to recognize the valuable address from all those that are stored on the blockchain.
How this selection of a valuable wallet address is done by the hacker is really a good thing to know at this point. Here it is:
- To start with, the attacker filters all of the potential addresses from the web content. It is after that the inner checksum is used to verify that the address is a Bitcoin address.
- Then the attacker does some major computation jobs which primarily involve the double SHA-256 checksum generation and the RegEx or Regular Expression filtering.
- When the attacker selects an address, the target address is replaced with that of the attacker. Usually, the attackers in these cases use a one-time address. This helps them to maintain privacy.
Sometimes, the attackers use a hierarchical address generation method in order to generate a lot of different wallet addresses easily on the fly.
Typically, the MITM attacks are very powerful and efficient because the character of the HTTP connection data can be easily transferred in a plain text form. This allows the attacker to replace the address very easily on the websites by using HTTP.
All the attacker needs to do is simply change the content of the web page which contains the Bitcoin address and replace these with those addresses that are in control of the attacker.
In the case of the websites that come with an HTTPS certification and an advanced security feature can also suffer these MITM attacks if the certificate is invalid. This is because the guarantee is tied with the validity of this certificate.
In the MITM attack, the attacker here is the hidden intruder. The primary intention of the attacker is to join the communication and intercept all of the messages and information exchanged.
This eavesdropping of the communication is done through the Wi-Fi access points most of the time but sometimes the attacker may also use the base stations of the GSM networks.
The process involved in an MITM attack is pretty complicated for any average user to understand. However, here it is simplified for you.
First, there are two secret keys created by the attacker. One of these secret keys is used by the attacker to initiate the communication with the first party.
Though the answer received from the first party is encrypted it is very easy for the attacker to decrypt it. This is done by using the secret key which is now known to the attacker.
Once the message is intercepted, the attacker now uses the second secret key to encrypt it once again and it is sent back to the second party involved in the transaction.
The second party answers to this message in an encrypted form and sends it back to the first party. This is once again intercepted by the attacker and is decrypted to read it.
It is encrypted by the attacker after reading it by using the first secret key and then is sent to the first party.
The entire communication happens in this way and all the time the messages are sent from one party to the other, it is intercepted, read, and modified by the attacker who is in the middle.
This means that the communication actually happens through the hidden intruder.
During the process, the attacker can receive a lot of valuable information and insights regarding the whole system.
This way the attacker can even pretend to be the authorized person quite easily and successfully.
This allows them to reach and access the hidden data on the blockchain.
Crypto experts and tech-savvy users opine that the best and most effective way to avoid the Man in the Middle attacks is to use a proper, strong, and latest authentication system before a user starts transmitting the secret data. This will prevent the need for secrets.
Some crypto experts also suggest that in order to protect against an MITM attack, they can use public keys that are only known to them.
In order to get these addresses they should use only the known databases and avoid using those encrypted keys sent by one of the parties involved in the transaction, which, typically, can be the attacker.
Even the multi-channel technologies will be able to protect a crypto account from the Man in the Middle attacks. This is how.
Usually, the attackers are well aware of the fact and also believe that every crypto user relies heavily on the secrets.
It is their prime objective to somehow gain access to these secrets. If only they can manage to do that the rest of it would be easy because it will allow them to pose as an authorized party.
This will enable the attackers to perform any malicious activity on the blockchain on behalf of the specific user impersonated by them.
These secrets not only guarantee the integrity and security of the whole system but also promise that the identities as well as the communications and messages exchanged between the parties involved in a transaction will be safe and protected.
Therefore, the most important parameter here is the secrets.
If only there was any other alternative way to authenticate a user, communicate, exchange messages, and share information with other users without needing to exchange the secrets, it would have been very nice.
This is because it would have made things pretty difficult for a hacker to intervene and initiate a Man in the Middle attack. This is the most important idea behind the secret-less protocols.
These secret-less protocols usually come with a zero-knowledge authentication mechanism.
This particular feature allows the different parties involved in a transaction to verify the identities of each other and for that they do not need to reveal any critical or secret information or exchange keys between them.
A few specific types of these protocols also come with a related mobile app and do not need the users to store or send the keys or passwords.
This makes it rather impossible for a hacker to stage a Main in the Middle attack provided there is no failure at one of the points.
In addition to that, these protocols also come with a multichannel secret sharing algorithm.
This algorithm will help you further in protecting your sensitive operations because in this the authentication of a transaction and the users is usually done through several different channels piecemeal.
These channels include:
- Push notification
- SSL and
- Secured mobile memory.
This algorithm makes attacking really difficult, if not virtually impossible, for the hacker because they will now have to hack each of these different channels separately in order to mimic as the authorized user and initiate an MITM attack.
The secret-less protocols are very useful from the point of view of the users.
Apart from protecting their crypto wallets, these protocols also provide them with a user-friendly interface usually.
This interface is not only easy to use but does not need the users to memorize passwords in order to use them or follow some complex steps for validating and approving operations.
This is because the protocol itself assures that authentication of the highest level is assured.
However, if you are a bit tech savvy, you can also generate vanity addresses as a countermeasure to the MITM attacks.
There are some complex technicalities involved in it which will make it quite hard for a hacker to initiate a Man in the Middle attack.
A vanity address is that which contains a substring in it that is more meaningful. For example, an address that contains a (d, P) as a valid key is called a vanity address.
For example, take the Bitcoin address 1anaLysis Vj8ALj6mfBsbifRoD4miY36v for understanding what is a vanity address with a valid key pair d, P.
You can generate this key pair and send the public key P to the service provider of the vanity address. In turn, the service provider enumerates all the addresses that are generated from a P+iG public key.
Here G is the generator and ‘i’ is the increment from 1 until when it is equal to k a. This is when the vanity address is located.
The k is sent to the client by the service provider along with the corresponding key pair that comes with the vanity address which is d + k, P + kG.
In this method you are allowed to create a vanity address that comes with a longer prefix identity if you outsource the computation to the cloud.
Ideally, a vanity address is created with brute-force searching. In this process the elliptic curve key pairs are considered that can produce a vanity address with a pattern that is pre-defined.
You can use vanitygen, the command line tool provided by the Bitcoin project to generate the vanity addresses.
In such cases, when the payee has a public identity, it is also accessible to the payer.
This however is an assumption and is reasonable because it is expected that the payer knows who to pay in the end.
The main idea behind creating a vanity address and use is the identity as a pattern.
This means that when an address is delivered to the payer, it is expected that the payer would check whether or not that vanity address matches with the parallel identity.
When you use a vanity address there are a few difficulties that are presented to the attacker and the level of difficulty will vary according to the address generation process.
When you outsource the vanity address, there could be issues like the difficulty in guessing the identity so that it can be generated with the same prefix.
This means that the attacker has to generate it on the fly.
This also means that the attacker has to pre-compute all the addresses of the victim especially if the identity of the target victim is integrated in a pre-defined identity set.
Secondly, the vanity address may come with a much shorter valid period than the address generation time of the attacker.
This means that the users can notice the delay in the network.
However, if the attacker is the web server owner, then the time available to modify the address on the web pages will be enough.
Therefore, the vanity address can be a useful tool to avoid the Man in the Middle attack if it is not for a long time and for fixed addresses.
Also, the payer is required to finish the transaction quickly so that the web server owner does not get the time required to modify an address.
And, most importantly, the user should not use the same identity more than once.
Some other ways to avoid the MITM attack include using an anti-tampering address mechanism to check the address to which the crypto is being sent and confirm whether it belongs to or related to the receiver.
You may also integrate HTTPS with X.509 while making a payment especially if you intend to create payment ID addresses at random by using the existing framework.
And finally, make sure that you make a transaction through the websites with an HTTPS instead of HTTP because it will be quite difficult for an attacker to tamper with the transaction in such cases.
The crypto wallet addresses posted on the websites can create major security challenges and result in an MITM attack. To prevent your crypto address from being tampered, follow the said guidelines and counter measures in this article.