The past year has been a painful one for many in crypto. Malicious actors drained over $3.7 billion worth of assets from Web3 protocols in 2022, representing a 189% increase over the $1.3 billion lost in 2021(Read more in the 2022 Web3 Security report. The majority of these assets were taken through private key compromise in phishing attacks or vulnerabilities in smart contracts, but a significant number of funds were also stolen from compromised cryptocurrency wallets. Several wallet incidents have affected both individual users, like Bo Shen from Fenbushi Capital who had $42 million of crypto assets stolen, and groups of users, such as the Slope and Bitkeep wallet incidents that impacted over 9,000 accounts.
Some incidents are avoidable because the vulnerabilities can be discovered during a wallet security assessment. At CertiK, we have secured hundreds of wallet applications over the past few years. In this article, we will revisit major crypto wallet related security incidents that occurred in 2022 and examine their technical details. Additionally, we will provide a summary of the common security vulnerabilities that we have identified while conducting research and security assessments for our clients' wallet applications. In the end, we listed a few recommendations for wallet users to follow to reduce the risk of getting hacked.
The most famous and impactful crypto wallet security incident in 2022 was the Slope wallet's improper handling of private keys. Slope wallet is a non-custodial cryptocurrency wallet available as a mobile application for iOS and Android, as well as a Chrome extension. It supports multiple blockchains but is primarily active on the Solana blockchain. On 08-02-2022 at 22:00 UTC, approximately $4.1 million worth of assets were drained from 9,231 users' wallet addresses over the course of around four hours.
During the first couple hours of the incident, when the root cause was unknown, there was panic, and rumors circulated that the Solana blockchain had been hacked. A few hours after the initial exploit, a Twitter user posted a screenshot showing HTTP traffic from the Slope mobile wallet, which contained the user's mnemonic. CertiK was able to reproduce the behavior and discovered that the user's mnemonic had been sent to Slope's Sentry logging server when importing a wallet account. Anyone who has access to the log can take over the account and transfer all the assets from the address.
Two weeks after the incident, the Slope Wallet released the "Forensics and Incident Response Report." It can be learned from the report that the private keys were logged starting from July 28, 2022. The issue could easily have been caught during a security assessment or even an internal review. The Slope Wallet team went completely silent on all social media after releasing the report.
Several BitKeep crypto wallet users reported that their wallets were emptied on Christmas after hackers triggered transactions that did not require verification. BitKeep is a decentralized multi-chain web3 DeFi wallet used by over eight million people in 168 countries for asset management and transaction handling.
According to an official announcement on the BitKeep Telegram channel, the incident appears to have impacted users who downloaded an unofficial version of the BitKeep app. This trojanized APK package contained malware that allowed hackers to empty the wallets of unsuspecting users. However, some users in the community claimed that their hacked wallets were downloaded from the official channel. After investigation, CertiK discovered that the BitKeep Android app had an in-app update feature that would download the latest version of the APK from the BitKeep website, which had already been hijacked. As a result, wallets downloaded from the Google Playstore were also affected.
Victims of the hack were asked to fill out a form for the BitKeep support team in an effort to offer a solution as quickly as possible. The platform had not yet determined how much money was lost in the hack, but it was reported that approximately $8 million worth of assets had been stolen so far. These suspicious transactions included 4373 $BNB, 5.4M $USDT, 196k $DAI, and 1233.21 $ETH.
It is worth noting that this was not the first time that BitKeep had suffered a significant loss due to a hack. In October 2022, the platform lost roughly $1 million worth of BNB after a hacker exploited a vulnerability in the Swap feature of the BitKeep cryptocurrency wallet. At that time, BitKeep promised to fully reimburse those impacted by the incident.
Profanity is a GPU-based vanity address generation tool that allows users to generate cool-looking(vanity) custom externally owned account(EOA) and smart contract addresses. Essentially, the tool works by randomly selecting a seed, expanding it into an initial private key, and using the GPU to calculate millions of accounts based on the initial private key in order to brute force an address that meets the user's requirements. Technically, Profanity is not a wallet application, but it does have a feature that is common to almost all cryptocurrency wallets: the ability to generate wallet accounts. It's a perfect example of the consequences of insecure account generation.
The vulnerability first came to people's attention after the 1inch team published the "A Vulnerability Disclosed in Profanity, an Ethereum Vanity Address Tool" on September 15, 2022, claiming that the "Profanity" tool uses an insecure seed and that the private key of the account generated by the tool can be easily recovered. Five days later, on September 20, a wallet account for the "Wintermute" team was hacked, and the attacker used the account to withdraw $162.5M from a smart contract(incident analysis). On October 11, the Qanx bridge's deployer account was hacked, and the attacker used the account to withdraw Qanx tokens from the bridge and sell them on the market. Multiple attackers were actively searching for vulnerable accounts on the blockchain and stealing funds.
The root cause of this issue is that the total number of possible seeds is only 2^32 (4 billion). The insecure seed and the reversible brute force process make it possible to recover the private key of an account generated using the tool. CertiK successfully developed a proof of concept program and was able to recover the private keys of both the Wintermute and Qanx deployer accounts.
A similar vulnerability was discovered in the Android system's random number generator in 2013, which affected the creation of Bitcoin wallets. Cryptography is a complex field, and it is easy to make mistakes that can compromise security. One common security practice is "don't roll your own crypto". Luckily, most cryptocurrency wallets use established libraries, such as "bip39", when handling the creation of wallet accounts.
On April 17, MetaMask, a popular cryptocurrency wallet used by over 30 million people to store their tokens and manage their digital assets, warned its iOS users about the potential risks of storing their wallet secrets in Apple's iCloud. The wallet secrets, such as the seed phrase, are encrypted when uploaded to iCloud, but if the owner's Apple account is compromised and they use a weak password, their digital assets may be at risk.
This warning came after a costly phishing attack in which Domenic Iacovone, with the Twitter account @revive_dom, lost a significant amount of cryptocurrency and non-fungible tokens (NFTs) worth $650,000. Iacovone fell victim to a social engineering attack by scammers pretending to be Apple support, who gained access to his iCloud account and used the stored MetaMask credentials to drain his wallet, which contained items such as Mutant Apes and Gutter Cats NFTs.
The wallet should store the vault that contains the seed phrase in a location that is excluded from iCloud backup. If this is not possible, the application should warn users to disable the iCloud backup when creating an account to ensure wallet safety.
A security research group has uncovered a group that is distributing malicious versions of legitimate cryptocurrency wallets, including Coinbase Wallet, MetaMask, TokenPocket, and imToken, which have been backdoored to steal users' seed phrases. These modified versions of the wallets function as intended but also allow the attackers to drain the users' cryptocurrency by using the stolen seed phrases.
The SeaFlower operation begins by spreading trojanized versions of cryptocurrency wallet apps to as many users as possible. This is done through a variety of methods, including the creation of clones of legitimate websites and black hat search engine optimization (SEO) poisoning. It is also possible that the apps are promoted on social media channels, forums, and through malvertising, but the primary channel of distribution is through search services. The researchers found that search results from the Baidu engine were particularly impacted by SeaFlower, directing large amounts of traffic to the malicious sites.
On iOS devices, the attackers abuse provisioning profiles to side-load the malicious apps, bypassing security protections. Provisioning profiles are used to link developers and devices to an authorized development team and allow devices to be used for testing application code. They can be leveraged by attackers to add malicious apps to a device.
Wallet secrets are uploaded to the server, or they are generated on the server
One of the most critical issues is the uploading of wallet secrets to the server or the generation of the wallet on the server side. For a non-custodial wallet, wallet secrets should never leave the user's device, even if they are in an encrypted form. This highly sensitive data may be intercepted during transmission, or it may be compromised by individuals with access to the server's database or log.
Insecure storage occurs when sensitive information, like wallet password and secrets, is stored in plain text or in insecure locations on a device. This includes external storage on Android or "UserDefaults" on iOS. It can also happen when insecure key derivation functions are used to generate the encryption key, or when insecure encryption algorithms are used to protect the data.
Lack of Security Checks for Operating and Running Environments
In addition to securely storing data, a wallet application should also ensure it operates securely and the underlying running environment is safe. Some common issues in this category include the lack of root and jailbreak detection, the inability to prevent users from taking screenshots of the wallet secret, the failure to hide sensitive information when the app is running in the background, and the allowance of custom keyboards in sensitive input fields.
Lack of Protection for Malicious Websites in Extension Wallets
The majority of Dapps are web applications, and using a browser extension wallet is the most common way to interact with them. However, a common issue with extension wallets is the lack of protection against malicious websites. For example, an insecure wallet may allow a malicious website to obtain the user's wallet account information or accept transaction signing requests before the user has agreed to connect their wallet to the site. Another example is that the wallet may malfunction when receiving crafted data from a malicious site.
It's important to take precautions to protect your digital assets and ensure the safety of your wallet usage. The cryptocurrency space is full of risks, either from hackers or scammers. Below is a list of items that users can follow to reduce the chances of getting hacked.
Choose your wallet wisely, as not all wallets are created equal when it comes to security. Some wallets may have vulnerabilities that could make them susceptible to hacks or other security breaches. Only use a wallet that has undergone security testing by a security firm and has been thoroughly examined for potential vulnerabilities and deemed secure.
Downloading the app from the official iOS store and Google Play store helps to ensure that you are getting a legitimate version of the app.
Keeping your device up to date is important because software updates often include security fixes for vulnerabilities that have been discovered.
Using a dedicated phone or personal computer for your wallet application, rather than a device you use for everyday tasks, can help to reduce the risk of being compromised by a malicious application accidentally installed on the device.
If you have a significant amount of cryptocurrency and want to ensure that it is as secure as possible, it may be worth considering using a hardware wallet.
With the advancement of new L1 and L2 blockchains, wallets are needed to store cryptocurrencies, and many existing wallets are not compatible with these new blockchains. As a result, more crypto wallets are expected to be released in the market. It is a joint effort between users and wallet developers to minimize wallet security risks. Users need to follow best practices and stay vigilant to prevent getting hacked, while development teams need to write secure code and undergo a security audit for their wallet application. CertiK offers security assessments for mobile, web, desktop, and browser extension wallets. If you ever require a security review for your wallet, we are here to help.