Stealing Funds from a Cryptocurrency Hardware Wallet
Relatively secure, but not impervious to vulnerabilities
Hardware wallets are one of the most secure ways an individual can elect to utilize to safely secure their cryptocurrency holdings. Hardware wallets are designed to prevent intrusion or access by any unauthorized individual, making it incredibly difficult to access crypto holdings without the cooperation of the hardware wallet owner. In many cases, it will not be possible, or at the very least not practical to access the cryptocurrency. However, there are other cases where it may be possible to steal, access or seize cryptocurrency without cooperation from the hardware wallet owner, particularly if in possession of the physical device itself.
What is a Hardware Wallet?
A cryptocurrency hardware wallet is a physical device that secures an individual’s private keys, which allow them to access applicable cryptocurrency holdings associated with their private keys. They are one of the most secure forms of cryptocurrency storage available, and for relatively cheap as well, typically under $100 USD. Hardware wallets are able to store Bitcoin of course, but also many other ‘altcoins’ as well including Ethereum, EOS, Litecoin, and dozens of others. Major hardware wallet manufacturers include Trezor, Ledger and Keepkey. These hardware wallets effectively resemble special-purpose USB drives, albeit heavily modified with sophisticated security features.
It’s important to note that just as with any non-hardware wallet, cryptocurrency is never held ‘inside’ the hardware wallet. Rather, the cryptocurrency is always on the blockchain. What the wallet stores are private keys (akin to passwords) that allow the individual to access that cryptocurrency. This may seem confusing at first primarily because we’re used to storing banknotes and money inside our physical wallets. The issue is that the term ‘wallet’ is a poor analogy for what a cryptocurrency wallet actually is.
A Cryptocurrency Wallet as a Keychain
A far better analogy as to what a cryptocurrency wallet would be is a keychain. A keychain holds a collection of ‘keys’. Anyone with a key can access a publicly accessible ‘safe’ (akin to the blockchain in this example) and then transfer the funds to any other safe they’d like, which only they have the key to. The keychain merely holds a collection of keys.
The thing with keys is that they can easily be copied. And private keys are no different. They can be copied either individually or in bulk through something known as a mnemonic seed (also known as a seedphrase). The individual can hold an unlimited number of copies of keys, so if they ‘give up their private keys’ or provide access to another individual, they still have access to the funds until someone transfers the cryptocurrency to another wallet the original owner doesn’t have access to.
Security Features of Hardware Wallets
One feature that makes hardware wallets particularly secure is that the private keys never come off the device, at least not in plaintext form. Yet the private keys need to be used in order to digitally sign transactions and transfer funds. Hardware wallet manufacturers instead have their wallets digitally sign the transactions inside the device itself. The digitally signed message is then broadcasted, a transaction occurs, and funds are then moved. This all happens without the private keys ever being transmitted outside of the device itself.
Hardware wallets don’t just store private keys, they store them in an extremely safe and secure way so that assets ‘held’ on the device cannot easily be compromised, even offering a level of protection against malware which would not be possible for a software or desktop wallet to achieve. Even a hardware wallet has weaknesses, but it’s weaknesses lie in the people who use them. For example, a hardware wallet cannot protect against human error or stupidity or accidentally (or purposely) exposing the mnemonic seedphrase as shown in the hypothetical example below.
There’s a mnemonic seedphrase (or recovery phrase) that allows for recovery in the event the hardware wallet is lost or damaged. However, this recovery phrase is only provided to the owner once, when they’re initially setting up the wallet. The owner is instructed to back up this recovery phrase on a physical piece of paper and store it somewhere securely as opposed to, for example, taking a photo — which is often automatically backed up to Google Photos or iCloud. And this is precisely where the vast majority of people who have funds stolen from their hardware wallet “screw up”.
We’ve never had a single person come to us whereby a perpetrator broke into the hardware wallet itself and stole funds from it. Rather, the weakness of hardware wallets has always been related to storage of the backup seedphrase. The backup seedphrase somehow gets stolen, often but not always through a form of cloud storage or having an email address hacked or compromised. Typically, the email or cloud storage has no 2FA or SMS 2FA if anything, which is far inferior to app-based 2FA, giving the perpetrator easy access to the contents of the hardware wallet remotely.
However, if the user forgets where they stored the backup seedphrase or accidentally through it out, the situation is just as bad. Since cryptocurrency is non-custodial in nature, the user will be unable to access their funds should they ever lose access to the device and the backup seedphrase, such as in the event of damage, loss or theft.
Nonetheless, despite explicit instructions otherwise, some individuals still elect to store their recovery phrase digitally on their computer, on their email (the cloud), and some don’t store it at all or forget about it. The device is designed to never transmit the recovery phrase again once the initial setup has been completed.
Hardware wallets have quite a few physical security features in case the device is ever lost or stolen. Hardware wallet devices typically require an individual to enter a pin number to access the device. But the pin cannot simply be guessed through a brute force attack (guessing). Either the device will automatically lock after a set number of failed attempts or there will be an ever-increasing time delay that makes guessing the pin impractical. The wallets also employ security features to prevent a users’ pin from being stolen when they enter it e.g. via a keylogger or screen capture malware.
Vulnerabilities and Attack Vectors
There’s no such thing as ‘perfect’ security. However, hardware wallets do a very good job of offering a high level of security, when used correctly, particularly given their price point. But they are not impervious to vulnerabilities. Furthermore, hardware wallets are not always used correctly, weakening their security. Some vulnerabilities are technical in nature, while others are non-technical. Many of the non-technical vulnerabilities focus on human interaction with the device, exploiting it in some way to gain access to the device. Some are device-specific, while others are not. Many will be unfeasible or impossible in most instances. Below, we’ve gone over some of the most common vulnerabilities.
PIN Capture or Retrieval
Attempts have been made to capture the users’ PIN through everything from video cameras to keyloggers to screen capture devices. Many of the most recent hardware wallet devices require the user to enter their PIN on the device itself; not on their computer screen, making this attack vector considerably more difficult to pull off successfully
Mnemonic Seedphrase Capture or Retrieval
Since the seedphrase offers complete unfettered access to the hardware wallet, there have been many creative ways employed to capture the seedphrase. Capturing the seedphrase is one of the few ways that never require an attacker to physically take possession of the device itself. Furthermore, since people almost always keep a copy of their mnemonic seed on a piece of paper (or on their computer), finding that seed compromises the device.
Supply Chain Attack
These attacks involve intercepting and tampering with the device (and the security seal) before the device ever gets into the hands of the owner for the first time. The attacker could inject their seed into the wallet with the end-user thinking no one else has access to the seed that has been ‘generated’ for them. These attacks are sometimes conducted by unscrupulous resellers of hardware wallets themselves. This is why it is critical a hardware wallet is ordered directly from the manufacturer or an authorized reseller only.
$5 Wrench Attack
The $5 wrench attack is the oldest and most rudimentary attack — through force and the threat of it.
Phishing Attack
Users have been tricked into entering confidential information such as their seedphrase into a website that mimics that of the hardware wallet manufacturer, or even seeing (fraudulent) publicly listed phone numbers for hardware wallet support — when no legitimate phone support exists.
Side-Channel Attack
A side-channel attack can potentially allow for multiple PIN guesses or extraction without a time reset or lock, and can even allow for the extraction of the mnemonic seed which is supposed to be impossible.
Voltage Glitching, Fault Injection & Freezing Attacks
These types of attacks involve attackers disrupting data transmission within the device itself.
Malicious Firmware
Even though the devices are designed to not run untrusted firmware, some security experts have been able to trick devices into running malicious firmware nonetheless.
Computer Malware
Even if your computer is infected with malware, it’s supposed to not be possible for that malware to compromise the security of the hardware wallet. However, security experts have been able to use malware before to compromise the device before in some instances.
Summary
It may sound like hardware wallets have a lot of vulnerabilities, but they are actually extremely secure compared to other options. Most of the technical vulnerabilities have been patched and most attacks require the attacker to currently possess (or have previously possessed) the device to successfully attack it. For non-technical vulnerabilities, steps have been taken to minimize or prevent exploitation through that vulnerability.
Ultimately, hardware wallets are probably the best form of secure storage for most people, but they still have some vulnerabilities. Despite their vulnerabilities, there’s a good chance that any effort to steal or seize any funds from a cryptocurrency hardware wallet will prove unsuccessful. In nearly every case of theft, when cryptocurrencies are stolen, it is through an unsophisticated attack made possible due to user error, such as uploading a seed phrase to cloud storage, and not because the hardware wallet device itself was compromised.
