Desktop wallets play a crucial role in the Web3 ecosystem, providing users with a means to securely manage their digital assets within decentralized networks. According to a report by Cointelegraph, analysts from cryptocurrency exchange Bitfinex noted that, by December 1, 2023, the number of global cryptocurrency holders had reached 575 million, up from 432 million at the beginning of 2023. Desktop wallets hold a significant market share in this landscape.
As Web3 rapidly evolves, the importance of desktop wallets in ensuring the security of user assets has become increasingly apparent. However, after conducting a thorough technical analysis of several desktop wallets, the CertiK team identified potential security vulnerabilities that could expose users to heightened risks while using these wallets. This report presents the findings of this technical analysis in detail, aiming to raise user awareness about security, and assist users in better protecting their digital assets when utilizing desktop wallets.
Desktop wallets are essential tools for Web3 users to manage and protect their digital assets. However, the security of these wallets is often overlooked, especially in the context of supply chain attacks, in which cybercriminals compromise a third-party vendor, supplier, or service provider on which the target organization relies. To prevent such attacks, users are advised to perform Hash verification on installation packages, even when downloading directly from official websites. Only packages that pass this verification can be deemed safe. Unfortunately, not all users possess the capability to conduct such verification, which is particularly evident in the usage of certain desktop wallets, further increasing the risk of attacks.
Specifically, some desktop wallets may inadvertently use modules or algorithms similar to those found in backdoor software, leading to false positives from certain antivirus programs. While official websites typically provide reasonable explanations for these false alarms, users lacking Hash verification abilities may accept these justifications without question, viewing antivirus warnings as normal. This misplaced trust can give malicious software opportunities to disguise itself as legitimate wallet installation packages, putting users at greater risk.
For example, 65 antivirus programs on VirusTotal analyzed a common desktop wallet’s download file, resulting in 19 flags identifying the sample as malicious.
This analysis demonstrates that supply chain attacks are not merely theoretical risks; for the average user, the lack of technical means to verify the authenticity of software can lead to inadvertently downloading and installing malicious software. The fact that installation packages downloaded from official websites may trigger warnings from antivirus programs complicates the user’s ability to discern safety, exposing them to more severe security threats.
During our research, we found that some desktop wallets allow users to store private keys in plain text for certain business purposes. This practice significantly increases the risk to users’ digital assets, as plain text private keys become directly exposed to attackers if the user’s computer is infected with a virus or malware, jeopardizing the security of their digital assets.
Unencrypted Local Files:
Encrypted Local Files:
Even if users encrypt local files with a PIN code, the security of the keys cannot be fully guaranteed against malware. Whether running as standalone desktop applications or as browser extensions, these wallets can become targets for malicious software. Users often trust desktop wallets for their convenience and functionality, overlooking potential security vulnerabilities. Compared to the stringent permission management and data isolation of mobile apps, desktop wallets appear relatively weak in protecting users’ private keys. Therefore, ordinary users must pay special attention to the security of their operating environment when using desktop wallets to avoid theft of digital assets due to improper storage or unsafe settings.
We identified another significant security concern: Many desktop wallets employ flawed methods for file encryption, which make it easier for attackers to access and decrypt users’ encrypted data. Specifically, these wallets do not bind file encryption to the hardware information of the device, meaning that, even if the files are encrypted, attackers can transfer them to other devices for offline decryption, thereby circumventing the device’s inherent security protections.
Further analysis revealed that some wallets exhibit weaknesses in their brute-force protection algorithms when using PIN codes. Many wallets utilize encryption algorithms with a hash iteration count far below industry standards. For example, OWASP recommends using 600,000 iterations for password protection, while Apple uses 10,000,000 iterations for its backup keychain, and 1Password and LastPass employ 650,000 and 600,000 iterations, respectively. However, some desktop wallets only use 5,000 iterations — significantly lower than these security benchmarks. In some cases, even relatively complex passwords can be easily compromised by attackers employing brute-force techniques to obtain users’ PIN codes.
Additionally, our audit revealed that the password protection mechanisms of some wallet software perform poorly against sophisticated attacks. Malicious attackers often first steal users’ encrypted data and then utilize powerful computing resources to decrypt them in an offline environment. Due to flaws in the encryption algorithm selection of certain desktop wallets, this encrypted data becomes more susceptible to cracking. This not only exposes users’ digital assets to risks, but presents new challenges to the overall security of the Web3 ecosystem.
When utilizing desktop wallets, it is advisable to opt for MPC wallets or hardware wallets due to the inherent security vulnerabilities of desktop systems compared to mobile devices. While desktop wallets are convenient for operation and access, their constant internet connectivity exposes them to greater risks of hacking and malware threats. Therefore, for users requiring higher security, selecting alternative wallet types is a prudent choice.
MPC wallets offer significant advantages in enhancing asset security and recovery functionality. Utilizing secure multi-party computation (MPC) technology, these wallets split private keys into multiple fragments, which are then stored across different participants or nodes. This design eliminates single points of failure, ensuring that no single entity possesses the complete private key. Consequently, even if a user’s desktop system is compromised, attackers cannot utilize any individual key fragment to steal assets. Only when fragments from multiple participants are combined can a valid transaction signature be generated. Thus, as long as not all key fragments are simultaneously exposed, the user’s assets remain secure.
Furthermore, the distributed key management of MPC wallets provides greater operational flexibility and lower transaction costs. It enables hidden signatures and off-chain accountability, further enhancing privacy and security. In this manner, MPC wallets ensure that, even in cases of partial system compromise, the safety of digital assets is not jeopardized.
Another major advantage of MPC wallets is their recovery functionality. If a user's device is lost or damaged, they can still recover their keys through third-party services. This process requires the user to utilize pre-distributed key fragments stored in various locations to reconstruct the private key. Additionally, some MPC wallets offer social recovery features, allowing emergency contacts to assist users in regaining access to their wallets in extreme situations.
Desktop hardware wallets provide a physically isolated solution by storing private keys within a hardware device. This design ensures that all signing operations occur offline within the hardware, preventing attackers from accessing the stored private keys, even if the user's desktop system is compromised. Such physical isolation significantly enhances asset security, as private keys are never exposed to the internet, thus reducing the risk of hacking and theft.
Modern hardware wallets also offer recovery functionalities to safeguard against asset loss in the event of hardware damage or loss. This recovery process typically involves creating a backup mnemonic or private key fragments, which users can securely store in various locations. If the hardware device is lost or damaged, users can utilize these backup details to regain access to their wallets and control over their assets.
Additionally, some hardware wallets have integrated biometric recognition technology to bolster security. This means that, even if key fragments are obtained by unauthorized individuals, attackers cannot recover the user's wallet without the requisite biometric authentication. Such biometric technologies may include fingerprint, facial recognition, or voice recognition, providing an extra layer of security for hardware wallets.
For instance, the Zengo MPC system utilizes multiple private key fragments, which are distributed across various devices to enhance wallet security. The recovery functionality in the MPC system is crucial, allowing users to restore their wallets if their devices are lost or damaged. To ensure asset safety, private key fragments are strongly bound to the account, meaning that the assets are only at risk if both the private key fragments and the account are lost simultaneously.
Moreover, some hardware wallet manufacturers, such as Ledger, offer ID-based key recovery services. For example, Ledger’s “Ledger Recover” service splits the wallet recovery phrase into three encrypted fragments, which are distributed to three custodians. If users lose their mnemonic, two of the fragments can be combined to regain access to locked funds after identity verification. This service aims to provide an additional safety net against the risk of losing cryptocurrency keys, though it raises concerns among some users regarding the need to store secret mnemonics online, associated with government-issued IDs.
In comparing the security of MPC and hardware wallets, however, there are subtle advantages and disadvantages for each.
Due to the inherent limitations of hardware wallets — such as restricted CPU power, limited networking capabilities, and minimal user interface — displaying detailed transaction information is challenging. This makes it difficult for users to fully verify transaction content, particularly in cases requiring thorough validation of transaction details. As a result, MPC emerges as a relatively better alternative in such scenarios. MPC enables multiple parties to jointly compute and verify transaction data without exposing sensitive information, providing a more robust framework for verifying the purpose and integrity of a transaction. Unlike hardware wallets, MPC-based solutions can leverage the processing and networking environments in mobile or other platforms, allowing a closer alignment to the backend and mitigating risks associated with transaction verification.
In summary, desktop hardware wallets provide users with a secure and reliable means of asset protection through physical isolation and recovery functionalities. The introduction of biometric technology further strengthens this protection, ensuring that users’ assets remain safeguarded, even under extreme circumstances.
Based on the aforementioned risk and security analysis, we conducted a comparative assessment of several desktop wallets. The following table outlines the security mechanisms of the tested wallets and the protection measures they offer against security risks.
Desktop wallets, as crucial tools for managing digital assets, face a multitude of security challenges. False positives from antivirus software, lack of sandbox protection, and deficiencies in encryption algorithms can all expose user assets to theft risks. This is particularly concerning for users with limited technical expertise, who may struggle to identify and address these issues. Therefore, wallet developers must enhance security measures to ensure the software’s safety.
At the same time, average users should increase their awareness of these risks and adopt best practices for storing and managing their digital assets. Through rigorous auditing and continuous improvement of desktop wallets, we can better safeguard user digital asset security and promote the healthy development of the entire Web3 ecosystem.