Introducing our Next Generation CRYPTOWALLET
Ever been hacked?
It’s not a great feeling. On the contrary, it’s a horrible feeling. Abysmal. Especially when it involves losing assets, digital assets like copyrighted material as we see in the HBO GOT hack, or confidential customer data as we see in the Iranian-led CITRIX systems breach, or when it comes to funds like the now commonplace traditional banking system and crypto-exchange breaches. Although the recent Cryptopia exchange hack wasn’t fun to those who had assets in that centralized exchange, the much older breach of Ian Balina’s computer and live cryptojacking of assets worth well over a million dollars in his digital portfolio rocked the cryptocurrency industry to its core. Ian Balina was using Ethereum-based crypto wallets to store his funds at the time.
It brought to the surface, the universal cyber anti-phishing tenet: Every Member of the Cyber Community is Solely Responsible for their own Digital Assets in Decentralized Systems. Also meaning, once access data is lost for some reason, you can kiss your digital assets goodbye. Those funds are as unreachable as forever, without any hope of recovery whatsoever to comfort you. Alarming right?
Ergo, it is logical to assume most properly educated crypto fund custodians, managers and owners put maximum efforts towards securing all access data. But that brings to the surface a major challenge, which is the source of all the actual breaches mentioned earlier. What would one do in the scenario where their own PC is silently compromised?
This is the heart of the matter. All your anti-phishing efforts are laid bare and waste in a Man-In-The Middle attack.
The Man-In-The Middle breach is not as sophisticated a breach as the name implies. It is a technology active banking malware uses to mislead a user like in last year’s MyETHERWALLET misdirection hack. All users think they are interacting with private data they see with their eyes; however, the data is already tampered with by a malware hiding in the middle of communications. It’s like a grandfather asking a mailman to post his $200 pension check to his granddaughter in college, only to discover the real mail man has already done his rounds for the day and whoever was wearing that uniform at that time was an impostor. A horrible feeling, right?
There is a subset of that kind of attack called an MITB attack. MITB meaning Man-In-The-Browser, where some pretty advanced system programming techniques and social engineering are being used to steal data. Most MITB mislead users when working with popular web browsers such as Microsoft IE & Edge, Mozilla FireFox, Google Chrome and some others.
So, suffice to say, the significant market capitalization and rising adoption of cryptocurrency could not go unnoticed by cyber criminals, and with it the rise of cybercrime.
There are numerous malware families actively hunting for the cryptowallets, from Windows-based CryptoShuffler, ComboJack, SpriteCoin, SovietMiner to Mobile-based ExoBot, BankBot, Marhcer and Mazar. This list is far from what’s running loose in the wild.
There is a growing belief the existence of hardware-based crypto wallets are able to provide us security, sadly that is far from true and only a myth we tell ourselves to feed our illusion of control. Several number of fatal flaws as well as vulnerabilities were demonstrated and are being demonstrated by rival manufacturers of hardware wallets in crypto space.
So unlike the early days of the internet, the dangers we’re currently living with in cyberspace and the threats we face are alarming. And rightly should be of concern because we all are, every day we spend on our devices, only a day away from being breached by that unforeseen bad actor. The easiest attack requires just a single nippet added to that line of code to be successful.
Fact is, there is no paper-based or hardware-based wallet currently present to protect against MITM or MITB technologies. So how do you deal with that?
Keep in mind the severity of the problem, why? Because some projects have started offering so called “statistical profiles”.
A statistical profile is a way to determine an abnormal activity based on the statistical data. Fortunately, or unfortunately, the Ethereum blockchain like any other blockchain is a fully decentralized system. Transactions flowing within the blockchain are regulated by consensus algorithms only, therefore IT IS IMPOSSIBLE for statistical profiles backed solutions to block these false transactions in real time. So, what’s done is done, and your cattle has been rustled. Again, horrible feeling right?
It is extremely hard to block digital assets once they have left your crypto wallet. Emphasis is on ‘left’ your crypto wallet, therefore the right strategy to combat the MITM/MITB technology malware is using the classic approach: and in this case a sandbox solution.
There are different sandboxing models, starting from the pretty simple sandboxes to very sophisticated solutions that are hardware-assisted.
The problem with the simple sandboxing model is its trivial bypass. On the other hand, the problem with the sophisticated solution is the abnormal resource required. Somewhat like the Devil and Deep Blue Sea right here. So, what to do?
ROMAD Endpoint Defense, our patented RED technology, will have a lightweight sandbox with active protection. ROMAD Endpoint Defense intercepts all system calls within the operating system. For more information on how RED operates, please refer to our earlier articles.
Our innovative ROMAD Crypto Wallet process will behave like a sophisticated sandbox implementation, but with a major difference and that is we have no extreme resource consumption as ROMAD Endpoint Defense (RED) automatically inspects all access requests to the protected process for the GENOME behavioral patterns of malware interactions. In a case when a pattern is detected, the benign process is blocked before funds can exit the wallet. In another case scenario, this dangerous access pattern may be a simple read access to the protected process address space. This access shall be blocked as well.
This is how our active CRYPTO WALLET protection works! This lightweight sandbox is only possible for now for Ethereum implementation and will be a cryptowallet our TGE participants will be able to store ROMAD tokens. As well as a few named Altcoins.
This standalone ROMAD Crypto Wallet v.1 will also become a part of ROMAD Endpoint Defense suite in later months.
A great feeling, right? You’re welcome.
To learn more about ROMAD, our elite team of experts, our patented and innovative technology and game changing resource, www.romad.io and www.romad-systems.com. Or their social community group which can be found below
