In spite of market volatility, crypto wallet adoption has exploded as new cryptocurrencies, NFTs and tokens are launched. Fraud and attacks on crypto wallet apps have also gone up, so in this article we’ll discuss the some attacks aimed at crypto wallet and how to solve them.
1. Stealing the Locally Stored Mnemonic or Private Key used by Crypto Wallet
There are a lot of user tradeoffs between a custodial and non-custodial crypto wallet, or even CEX and DEX. You might want greater control over your passwords or Mnemonic or private key. From a cyber security perspective, the risk inherent in that choice between custodial vs. non-custodial wallet apps is the same – where are the Mnemonic or keys stored and do other applications on the mobile device have (or can get) access to these keys. Unencrypted data in the application sandbox or SD card, in preference areas like NSUserDefaults, or in external areas such as clipboard, give hackers the ability to harvest that data for their own malicious purposes. To resolve, we typically recommend data-at-rest encryption, as a way of protecting locally stored data, no matter where the data resides i.e., internal to the app itself, in preference areas, or in clipboards.
2. Harvesting Mnemonic or Private Key
Another way to steal Mnemonic and crypto wallet keys is to do so dynamically as the user enters the values into the crypto wallet app. From a hacking perspective, there are three ways of achieving this: (1) an “over-the-shoulder attack” which basically involves sitting next to the user and literally watching them enter the passphrase or key in the crypto wallet app, (2) key-logging malware, that digitally logs the keystrokes of the user while the user is entering the passphrase or key in the crypto wallet app, or (3) overlay attack, another form of identity malware, that superimposes a screen (or uses a fake screen) to trick the user into entering the passphrase or key into a malicious screen or entry field inside the crypto wallet app. In cases I’ve been involved in, parts of apps with confidential information on them have been exposed to hackers or fraudsters. As a result, it’s important to prevent screen sharing, screen shots or screen recording.
3. Malicious Instrumenting of Crypto Wallet Apps
Because of transactional dependency between mobile client and blockchain in crypto wallet apps, the integrity of the platform used to run the crypto client wallet app is extremely important in protecting crypto wallet users. For example, standard jailbreak and rooting methods, and powerful jailbreak and root hiding tools like Liberty Lite and Magisk, can be used alone or in combination with malware to interfere, harvest or listen to events between the app and external services. Even pen testing tools like, Frida and DBIs, can be used to instrument, hook and invoke functionalities in a crypto app for all sorts of malicious purposes, including gaining access to the blockchain address of the client app, passphrases, impersonating the client app, etc. Crypto wallet makers can prevent crypto wallet apps from running on a jailbroken or rooted device. block Frida, block Magisk and safeguard against dynamic hacking tools all to protect users and guarantee the integrity of the critical functions in the app. Best practices would also suggest the developer of the application use comprehensive code obfuscation to make it harder for the attacker to research the app in the first place.
4. Dynamic Instrumentation Attacks & Malicious Use of ADB
Modified versions of crypto wallet apps used with emulators and simulators, or on device malware can be used by hackers to create fake accounts, perform malicious trades, or transfer cryptocurrency from one wallet app to another. Some less recent reports also show that hackers can abuse Android Debug Bridge (ADB) ports on Android phones to carry out this class of attack. To protect against this class of attack, it’s recommended to implement runtime application self protection (RASP) methods, particularly anti-tampering, anti-debugging and preventing emulator protections. Best practices would also suggest that, to truly guard against cryptojacking and similar attacks, production versions of crypto wallet apps include defense to malicious use of ADB.
Individual and institutional investors are adopting and using Crypto wallet apps more than ever. Developers of crypto wallet apps should follow shift-left security and should start building security features into mobile apps as early as possible in the development lifecycle.
We’d Love to Help Stop the Cyber Attack Vectors Aimed at Crypto Wallets！
In cybersecurity, an ounce of prevention is better than a pound of cure. I’d love to help with your security project and help your crypto wallet overcome the challenges you are facing. Let me show how you can protect against threats to your mobile app. Please reach out to us for a demo!