Tuesday, June 13, 2017

An Intro to Securing your Cryptocurrencies

A lot of my friends outside of the infosec communities have recently started showing interest in buying and trading cyrptocurrencies.  I wrote this informal response as a primer on why securing your coins can be much harder and more important than any of your other assets, as well as some general recommendations.

TLDR - Hardware wallets are currently your best option for securing crypto wallets. It's worth buying one if you hold any amount you're uncomfortable losing.

Disclaimer: This post offers no financial advice and is making no recommendation to invest in crypto-currencies. Additionally, it is not the intent of this post to endorse any specific services, hardware, or software.

 Enjoy!

---------------------------------

So, you've decided to buy some crypto coins. Congratulations! Welcome to the circus.

Maybe you started out by buying a bit of ETH on Coinbase, just as an experiment. Maybe that little bit you bought 2 months ago has suddenly doubled, tripled, quadrupled. Exciting right??

But then you start reading the reddit threads and hear some stories about people who have lost their coins due to carelessness. You realize that this isn't like a bank account where if a hacker gets in and causes a ruckus, you can just call a phone number and report the fraud. In crypto, your money is just gone. Permanently.

So you get serious about your security. You make sure you have a super strong password on your Coinbase account and Gmail account too, since a hacked Gmail can just do a password reset on your Coinbase, right? Maybe you realize that you should use 2FA so that a stolen password doesn't mean everything is gone right that second.[1] Maybe you even use Google Authenticator or Authy since you've read the recent stories about phone companies letting hackers transfer your phone number over without verification so that they can steal your 2FA codes.[2]

Are you safe yet?

No.

Exchanges hold a lot of funds but more importantly they own the keys to moving your funds. This is important. They own those keys, not you. If they get hacked, you're stuck and there's nothing you can do about it because you gave them custodial rights over your assets. On top of that, because they store so many different users' coins all at once, they're a HUGE target. The higher the reward for a hacker, the more time they are going to spend trying to break in.

But wait, aren't exchanges run by super smart people and will never get hacked?

Nope. If history has taught us anything, almost everything has security flaws and the bigger the target, the more likely these flaws will be exploited. See: Mt Gox, Bitfinex, Bitstamp, etc. [3]

Ok, so you decide to get your coins off an exchange. Good right? That way you'll have complete control of the keys and you can be in charge of securing yourself. You google (RandomCoinName) Wallet and download the first one on the list. Are you safe now?

NO! This ones a big one so lets start from the top.

1) Where did that wallet came from? Making a fake wallet is a highly profitable activity for a hacker. Its an easy formula: get enough popularity so that a ton of people use your software, then 6 months later activate your backdoor so you can permanently steal everyone's funds. [4] [5]

2) What about when your computer dies? Hardware doesn't live forever and if your wallet keys aren't backed up somewhere, then the coins will be gone. There will be no way to get any of it back without those keys. So should you back them up on Dropbox or something? Well then you're back to the issue from before where you're trusting your keys with someone else, who is probably an even bigger target than yourself.
Maybe you encrypt your keys. Thats better right? But then those encrypted wallets are only as secure as the password or encryption algorithm you used. Plus now if you forget that password, once again those funds are stuck unmovable for the remainder of time.
Maybe you chose to back up your wallet on a bunch of thumb drives. Now you have to hope that all those thumb drives don't fail at the same time or go missing or are crushed under a some cement after the next major earthquake. [6] How long is the typical shelf-life of a thumb drive anyway? Years? [7]

3) Even if you download a valid wallet application and you trust your clever backup scheme, your computer IS insecure. Think of all the questionable sites you've visited. Those torrents you downloaded with the cracked music production software. Are you willing to wager all your money that none of them have infected you with some hidden malware that is just waiting for the right moment to make money in the easiest way possible? The NSA might have a whole toolkit of unknown exploits that might just get leaked to the wrong people. [8] People that might use them to steal crypto wallets. 

But what if your wallet is encrypted? How can malware steal your keys then?

Doesn't matter. The next time you manually unlock your wallet, the unencrypted keys are sitting there in RAM just waiting to be stolen by some sneaky, persistent malware. The truth is, if you've ever connected your machine to the internet, there is no way of proving it hasn't been compromised.

OK OK OK. So you realize having a wallet on your computer is not the safest option. But what about mobile? iOS has an Appstore that reviews all apps and as long as the device is not jailbroken, sandboxing can protect your keys. Safer right?

Maybe. But still not good enough. Remember that NSA leak from before? They are not the only ones with exploits written for unknown vulnerabilities.  iOS remote exploits are highly profitable, selling for literally millions of dollars [9], but you know what else is highly profitable? Stealing thousands and thousands of keys from mobile wallets. You have to assume that somewhere in the world there is a hacker group that has the perfect SMS based iOS exploit that would allow them to remotely jailbreak thousands of iPhones all at once. What better opportunity to use it than when people all over the world decide to store irreversible, anonymous cash on their devices.

So whats next?

Well, you could try a paper wallet. These are keys that you generate on a computer, convert to a readable format, write down on a piece of paper, and then send funds to. The keys are as safe as the paper they're written on. There's the minor inconvenience in usability, but its worth it for what's considered strong "cold storage".

You're good now, right?

Maybe. But maybe not.

Remember that computer you used to create the paper wallet? How sure are you that that device has never had malware? 100%? Even if you have never ever EVER connected that laptop to the internet, it was made by a large company. There is a reasonable possibility that hardware backdoors were added in the interest of "national security". [10]

SO WHATS LEFT? ANYTHING?

Yes.

Hardware Wallets.

These are custom hardware devices that usually sell for less than $100. These are simple devices designed purely to secure your keys.

So what makes them better than any of the other options?

1) The keys never leave the device. Even if you plug them into the worst, most nasty, virus-ridden computer you've ever seen, the keys are protected. When you want to make a transaction you send the device some parameters (like the amount and destination) via usb. The device creates the TX and signs it on the custom hardware, then returns only the signed transaction.

2) They are easy to use and backup. When you initialize the HW wallet, it gives you 24 words to write down on paper using a standardized generation technique.[11] This is your key. If your HW wallet gets crushed under a bus, you can still use these 24 words to recover everything. These words never touch an internet connected device thanks to good old fashion pen and paper, so they're safe from those unknown electronic threats.

3) They are made for one purpose and one purpose alone. The more complex a system is, the more vulnerabilities that system will have. You don't need an operating system with 50 million lines of code [12] in order to store some keys and sign some transactions. The more code, the more bugs.

So are HW wallets fool-proof?

Not entirely.  Nothing is fool-proof.

You have to trust the creator of the HW wallet, trust that the source of randomness they use when creating your keys during initialization is a good one, and trust that hackers wont steal the manufacturer's keys in order to create rogue firmware.

But even with all this, its a lot better than any of the alternatives.

One other note, you still need to trust the computer you are connecting with to some extent. For example, is the laptop giving you the correct destination address when you want to send your money? How do you know it's not a hacker controlled fake one that malware switched at the last minute? Many HW wallets have a display screen showing the destination address that you can use to confirm, but its still best to verify the address you're using from multiple sources, like both your phone and the laptop.

The two big HW wallets right now are the Ledger Nano S and the Trezor. My current preference is the Nano S due to its strong memory isolation and use of a secure element chip. [13] 

One last bonus bit:

So now your keys are resting quietly on your Ledger Nano S, locked away in a safe, with your paper recovery key in a vault somewhere across the world. Are your (RandomCoinName) coins finally safe?

Not necessarily. (RandomCoinName) might be total garbage. Just because people bought into a coin and pumped up its values doesn't mean the tech behind it is secure. Many cryptocurrency protocols have had massive vulnerabilities! Some of those vulnerabilities have been disastrous and irrecoverable. [14] [15] [16] [17] [18] [19]

At the end of the day, its all about what risk you're comfortable with.  If your wallet is only a couple hundred USD worth, you might not care as much about hardware backdoors in Intel chips.  Maybe you keep an amount you're willing to lose on your mobile app and the rest on your HW wallet for cold storage. 

All that being said, if you hold any amount that you don't want to lose, maximize your security where you can. There has never been a better target for malicious hackers to go after, and as popularity increases, the target only gets bigger.

Research what you're buying, look for proof that the developers know what their talking about and are prioritizing third-party security reviews, and protect your keys as best you can.

And of course, #hodl