This report presents the details and conclusions of the technical analysis, aiming to raise security awareness among all Web3 members. We hope that through this report, we can remind users to be highly vigilant when using desktop wallets and protect their digital assets.
Written by: CertiK
Desktop wallets play a key role in the Web 3.0 ecosystem, providing users with a reliable solution for securely managing digital assets in a decentralized network. Cointelegraph's report [1] pointed out that according to analyst observations from the Bitfinex exchange, as of December 1, 2023, the number of global digital currency holders has grown significantly, from 432 million at the beginning of the year to 575 million. In this new market, desktop wallets occupy an important share.
With the rapid development of the Web3.0 industry, desktop wallets are becoming increasingly important in protecting the security of user assets. However, after conducting an in-depth technical analysis of multiple desktop wallets, the CertiK security team discovered some potential security vulnerabilities that may cause users to face higher risks during use. This report presents the details and conclusions of the technical analysis, aiming to enhance the security awareness of all Web3.0 members. We hope that through this report, we will remind users to remain highly vigilant when using desktop wallets and protect their digital assets.
Security risks from the supply chain
Desktop wallets are an important tool for Web3.0 users to manage and protect digital assets. However, their security is often overlooked in the context of supply chain attacks[2]. Supply chain attacks refer to attacks by cybercriminals targeting third-party suppliers, service providers, or supply chain links that target organizations rely on. To prevent such security incidents, users are advised to verify the hash value of the installation package. Even if they download directly from the official website, they should not skip the verification step, because only installation packages that pass this verification can be identified as safe software. However, not all users have the ability to perform such verification, especially when using certain desktop wallets. Insufficient user security protection capabilities may increase their risk of being attacked.
Specifically, some desktop wallets may inadvertently use modules or algorithms similar to backdoor software, causing some antivirus software to generate false positives. However, official websites usually provide reasonable explanations for these false positives, and users who lack hash verification capabilities may accept them without questioning and regard antivirus warnings as normal. This false trust provides potential hidden dangers for malware to disguise itself as legitimate wallet installation packages, thus exposing users to greater risks.
As shown in the figure below, 65 antivirus software on VirusTotal analyzed the download file of a common desktop wallet, and 19 of them marked the sample as a malicious file.
This analysis shows that supply chain attacks are not just a theoretical risk. For users, the lack of technical means to verify the authenticity of software may cause them to inadvertently download and install malware. Even installation packages downloaded from official websites may trigger warnings from antivirus programs, making it difficult for users to judge their safety, burying security risks.
Local file storage security risks
During our in-depth research, we found that some desktop wallets allow users to store private keys in plain text for certain business purposes. This practice greatly increases the security risk of users' digital assets, because once the user's computer is infected with a virus or malware, the plain text private key will be directly exposed to the attacker, endangering the security of their digital assets.
Unencrypted local files:
Encrypted local files:
Even if users encrypt local files with PIN codes, the security of keys cannot be fully guaranteed under the threat of malware. These wallets may become targets of malware whether they run as standalone desktop applications or as browser extensions. However, users often trust desktop wallets because of their convenience and functionality, ignoring potential security vulnerabilities. Compared with the strict permission management and data isolation of mobile applications, desktop wallets are relatively weak in protecting user private keys. Therefore, when using desktop wallets, users must always be vigilant about the security of the operating environment to avoid theft due to improper storage or insecure settings.
Security of PIN encryption algorithm
Another high-risk security issue is that many desktop wallets use vulnerable file encryption methods, making it easier for attackers to access and decrypt users' encrypted data. This encryption method means that the wallet does not bind the file encryption to the device's hardware information. This means that even if the file is encrypted, an attacker can still transfer the file to another device for offline decryption, thereby bypassing the device's inherent security protection measures.
Further analysis revealed that some wallets have weaknesses in their anti-brute force cracking algorithms when using PIN codes. Many wallets use encryption algorithms with hash iterations far below industry standards. For example, OWASP[3] recommends using 600,000 iterations to protect passwords, Apple sets 10,000,000 iterations for its backup keychain, 1Password and LastPass use 650,000 and 600,000 iterations respectively. However, some desktop wallets use only 5,000 hash iterations for their encryption algorithms, which is far below these industry security benchmarks. In this case, an attacker can obtain a user's PIN through brute force cracking, and even complex passwords can be easily cracked.
In addition, we also found in the audit that the password protection mechanism of some wallet software is not sufficient to deal with complex attacks. Malicious attackers usually steal users' encrypted data first, and then use powerful computing resources to decrypt it in an offline environment. Due to loopholes in the encryption algorithm selection of some desktop wallets, their encrypted data is more easily cracked. This not only puts users' digital assets at risk, but also poses new challenges to the overall security of the Web3.0 ecosystem.
Relatively secure desktop wallet solution
When using a desktop wallet, it is recommended to choose an MPC (multi-party computation) wallet or a hardware wallet, as desktop systems (PC systems) have inherent security vulnerabilities compared to mobile devices. Although desktop wallets are simple to operate and easy to access, their uninterrupted Internet connection exposes them to greater threats from hackers and malware. Therefore, for users who require higher security, it is wise to choose other types of wallets.
MPC wallet has significant advantages in improving the security and recovery capabilities of digital assets. Using Secure Multi-Party Computation technology, the wallet divides the private key into multiple fragments and stores them in different participants or nodes. This design eliminates the risk of single points of failure and ensures that no single entity possesses the complete private key. Therefore, even if a user's desktop system is compromised, the attacker cannot use any single key fragment to steal assets. A valid transaction signature can only be generated when pieces from multiple participants are combined. Therefore, as long as not all key fragments are stolen at the same time, the user's assets are safe.
In addition, the distributed key management system of MPC Wallet provides greater operational flexibility and lower transaction costs. It supports hidden signatures and off-chain accountability mechanisms, further enhancing privacy and security. In this way, MPC Wallet ensures that the security of digital assets will not be threatened even if some systems are hacked.
Another advantage of MPC wallets is the recovery feature. If a user’s device is lost or damaged, they can still recover their keys through a third-party service. This process requires the user to rebuild their private keys using key fragments that are pre-distributed in different locations. In addition, some MPC wallets also offer social recovery features, allowing emergency contacts to help users regain access to their wallets in extreme cases.
Desktop hardware wallets provide a physical isolation solution, that is, storing private keys in hardware devices. This design ensures that all signing operations are completed offline in the hardware, and even if the user's desktop system is hacked, the attacker cannot access the stored private keys. This type of physical isolation greatly enhances the security of assets. Because private keys are not exposed to the Internet, the risk of being hacked and stolen is reduced.
Today, most hardware wallets also provide recovery functions to prevent asset loss due to hardware damage or loss. The recovery process usually involves creating backup mnemonics or private key fragments, and users can store them securely in different locations. If the hardware device is lost or damaged, users can use this backup information to re-access their wallets and get their assets back.
In addition, some hardware wallets integrate biometric technology for enhanced security. This means that even if an unauthorized individual obtains a key fragment, the attacker cannot hack into the user's wallet without biometric authentication. Biometric technology may include fingerprint, facial recognition or voice recognition, adding to the security of hardware wallets.
For example, Zengo's MPC system uses multiple private key fragments stored on different devices to enhance the security of the wallet. The recovery function in the MPC system is crucial, allowing users to retrieve their wallets when the device is lost or damaged. To ensure the security of assets, private key fragments are firmly bound to the account, which means that assets are only at risk of loss if both the private key fragment and the account are lost.
In addition, some hardware wallet manufacturers (such as Ledger) also provide identity-based key recovery services. For example, Ledger's "Ledger Recover[4]" service divides the wallet recovery phrase into three encrypted fragments and distributes them to three custodians. If a user loses the mnemonic, after identity verification, the two fragments can be combined to regain access to the locked funds. This service is designed to provide additional security against the risk of loss of digital asset keys, but it has also caused concerns among some users because this method requires the mnemonic associated with a government-issued ID to be stored online.
Multi-party computation (MPC) in a secure desktop wallet
When comparing the security of MPC wallets to hardware wallets, both have subtle advantages and disadvantages.
Due to the inherent limitations of hardware wallets, such as limited CPU performance, limited network connectivity, and a simple user interface, it is difficult to display detailed transaction information. This makes it difficult for users to fully confirm the transaction content when they need to verify the transaction details in depth. Therefore, in this case, MPC wallets become a relatively better choice. MPC wallets allow multiple parties to jointly calculate and verify transaction data without exposing sensitive information, thereby providing a more robust framework for verifying the purpose and integrity of transactions. Unlike hardware wallets, MPC-based solutions[5] can utilize the computing and network environment of mobile devices or other platforms, thereby more closely connecting to the back-end system and reducing the risks associated with transaction verification.
In general, desktop hardware wallets provide users with a safe and reliable means of asset protection through physical isolation and wallet recovery functions. The introduction of biometric technology further strengthens this protection, ensuring that users' assets can be safely protected even in extreme situations.
Comparison of Desktop Wallet Solutions
Based on the above risk and security analysis, we conducted a comparative evaluation of multiple desktop wallets. The following figure summarizes the security mechanisms of these wallets and their protection measures against security risks. (S0 represents basic risk, and the higher the level, the more complex the risk.)
Summarize
As an important tool for managing digital assets, desktop wallets face multiple security challenges: false positives from antivirus software, lack of sandbox protection, and insufficient encryption algorithms can all lead to the risk of user assets being stolen. This is especially dangerous for users who lack technical experience, as they may find it difficult to identify and respond to these risks. Therefore, wallet developers need to strengthen security measures to ensure the security of the software.
At the same time, users should also enhance their risk awareness and adopt best practices to store and manage digital assets. Through rigorous audits and continuous improvements to desktop wallets, we can better protect the security of users' digital assets and promote the healthy development of the entire Web3.0 ecosystem.
[1] https://cointelegraph.com/news/crypto-users-1-billion-2024-bitfinex-analysts-prediction
[2] https://www.cloudflare.com/learning/security/what-is-a-supply-chain-attack/
[3] https://owasp.org/
[4] https://www.ledger.com/academy/what-is-ledger-recover
[5] https://zengo.com/introducing-zengo-desktop-the-most-secure-desktop-experience/