Bitcoin Forum
October 16, 2019, 11:25:48 PM *
News: If you like a topic and you see an orange "bump" link, click it. More info.
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Why hardware personal wallets are almost impossible to hack unlike exchanges?  (Read 184 times)
Don Pedro Dinero
Sr. Member
****
Offline Offline

Activity: 490
Merit: 286



View Profile
October 08, 2018, 07:32:03 AM
 #1

I’ve been reading some articles but can’t find a proper explanation. I've got a hardware wallet, and my understanding is that nobody can control my funds unless they manage to get my private keys. But every now and they we see news of another exchange getting hacked.

This article sheds a little bit of light on it, but can someone explain it for dummies, please? Can’t exchanges function like big hardware wallets where he who hasn’t the seeds can’t control the funds?
1571268348
Hero Member
*
Offline Offline

Posts: 1571268348

View Profile Personal Message (Offline)

Ignore
1571268348
Reply with quote  #2

1571268348
Report to moderator
1571268348
Hero Member
*
Offline Offline

Posts: 1571268348

View Profile Personal Message (Offline)

Ignore
1571268348
Reply with quote  #2

1571268348
Report to moderator
1571268348
Hero Member
*
Offline Offline

Posts: 1571268348

View Profile Personal Message (Offline)

Ignore
1571268348
Reply with quote  #2

1571268348
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
butka
Full Member
***
Offline Offline

Activity: 434
Merit: 215


View Profile
October 08, 2018, 07:59:43 AM
Merited by Kakmakr (1)
 #2

Can’t exchanges function like big hardware wallets where he who hasn’t the seeds can’t control the funds?
I think most of the exchanges already function like that. They have well-secured multisignature wallets (if they are offline hardware or cold-storage wallets doesn't matter much). But they also have to have online hot wallets that are being periodically refilled from the cold-storage wallets. These hot wallets can actually be targeted.

Now, as far as the client side goes, there is nothing the exchange can do. The user is responsible to to get hacked via these various malicious hacking schemes.

A proper exchange won't allow many of the server side vulnerabilities, like SQL injection or authentication bypasses, but you are never 100% sure.

There is always a possibility that the exchange may be targeted on the protocol level, like what happened a while ago with Bitrex and BitcoinGold. There is nothing the exchange can do in this case, as the integrity of the blockchain is compromised and the coin is double spent via 51% attack.
mocacinno
Legendary
*
Offline Offline

Activity: 1736
Merit: 1782


https://unblur.ninja =>lightning network testsite


View Profile WWW
October 08, 2018, 08:06:18 AM
 #3

The article was TL;DR;... But comparing the use of an exchange as a primary wallet vs the use of a hardware wallet is like comparing apples to oranges.

When you spend unspent outputs that were funding a certain address, you need the private key in order to sign the transaction spending those funds.
In the case of a hardware wallet, the signature is generated on the hardware device. A well made hardware wallet doesn't allow your seed, xprv or any derived key to leave your hardware device ever. A good hardware wallet is completely open sourced to... A good hardware wallet also displays important info about the tx on the hardware device before you physically press a button that triggers the signing of the tx.
Even if you use the hardware wallet on an infected pc, you should be fine as long as you pay attention, and don't "sign off" on a transaction funding the wrong address...

Compare this to an exchange... Do you know how your exchange works? Do you know who can access those funds? They must run a hot wallet to function, so inherently they're less secure than a hardware wallet... It's possible they use a secure setup, but it's not guaranteed. What will happen if they get hacked?

Don Pedro Dinero
Sr. Member
****
Offline Offline

Activity: 490
Merit: 286



View Profile
October 08, 2018, 08:46:29 AM
 #4

Ok. Thanks for the replies. I was using an exchange when I started and then I got a hardware wallet and haven’t used an exchange since. I see the point is they function in an essentially different way:

Do you know how your exchange works? Do you know who can access those funds? They must run a hot wallet to function, so inherently they're less secure than a hardware wallet... It's possible they use a secure setup, but it's not guaranteed.

That clarifies a lot, thanks.

There is always a possibility that the exchange may be targeted on the protocol level, like what happened a while ago with Bitrex and BitcoinGold. There is nothing the exchange can do in this case, as the integrity of the blockchain is compromised and the coin is double spent via 51% attack.

As for this case, is that a 51% attack on the whole blockchain? I thought that had a huge cost. I suppose you are referring to the transactions that affect that exchange or something.
bitmover
Hero Member
*****
Offline Offline

Activity: 630
Merit: 1065



View Profile
October 08, 2018, 08:54:54 AM
 #5

Just explaining a bit further...

Exchanges are a huge attack vector.
If someone manage to somehow discover a password, he can just have access to someone else's funds. Also, as butka said they keep some funds in a hot wallet.

Hotwallets are necessary for them because they need to have fast access to funds, and only a part of the total funds are in cold storage.

In a hot wallet the privatekeys are online, in a hackable environment.

On cold storage the keys are offline, in a piece of paper or inside an offline device (hardwallet)
A hacker cannot hack a piece of paper, and hardware wallets are (in the)offline as well.

This is why bitcoin protocol is amazing. The keys can be stored offline.

bob123
Legendary
*
Offline Offline

Activity: 1050
Merit: 1568



View Profile WWW
October 08, 2018, 08:58:38 AM
 #6

Its not like an exchange can be manged using one hardware wallet which is plugged in each time you request a withdrawal.

They have a cold wallet (to store the majority of funds) and a hot wallet (to be able to properly handle withdrawal requests from clients).
Regularly the hot wallet needs to get funded again and/or additional funds need to be transferred to the cold wallet.


In most cases funds are being stolen from a hot wallet. The circumstances which lead to such a loss can vary quite heavily.



There is always a possibility that the exchange may be targeted on the protocol level, like what happened a while ago with Bitrex and BitcoinGold. There is nothing the exchange can do in this case, as the integrity of the blockchain is compromised and the coin is double spent via 51% attack.

As for this case, is that a 51% attack on the whole blockchain? I thought that had a huge cost. I suppose you are referring to the transactions that affect that exchange or something.

The costs are extremely inefficient and high in cases of bitcoin. But butka was refering to "bitcoin gold" which forked off from bitcoin (together with 30 more shitcoins).
Their PoW (and therefore also security) is way lower. The costs to attack such a low-quality fork are relatively small and affordable compared to bitcoin.

butka
Full Member
***
Offline Offline

Activity: 434
Merit: 215


View Profile
October 08, 2018, 09:33:42 AM
 #7


There is always a possibility that the exchange may be targeted on the protocol level, like what happened a while ago with Bitrex and BitcoinGold. There is nothing the exchange can do in this case, as the integrity of the blockchain is compromised and the coin is double spent via 51% attack.

As for this case, is that a 51% attack on the whole blockchain? I thought that had a huge cost. I suppose you are referring to the transactions that affect that exchange or something.


As bob123 already explained, it depends on the coin. If the coin is weak, the underlying weakness of the coin's blockchain (in this case not enough hash power) can become a liability for the exchange because a hacker can intervene and double-spend some coins. For example the scenario may go like this: first they send some coins to the exchange and immediately spend them (say, buy BTC with them); then they use their 51% power to fork the blockchain at some earlier time and regain their already spent coins. I might be wrong, but I believe that's what happened with Bitrex and "Bitcoin Gold". The only thing the exchange can do in such a case is to delist the altcoin in question.
mocacinno
Legendary
*
Offline Offline

Activity: 1736
Merit: 1782


https://unblur.ninja =>lightning network testsite


View Profile WWW
October 08, 2018, 09:56:33 AM
 #8


As bob123 already explained, it depends on the coin. If the coin is weak, the underlying weakness of the coin's blockchain (in this case not enough hash power) can become a liability for the exchange because a hacker can intervene and double-spend some coins. For example the scenario may go like this: first they send some coins to the exchange and immediately spend them (say, buy BTC with them); then they use their 51% power to fork the blockchain at some earlier time and regain their already spent coins. I might be wrong, but I believe that's what happened with Bitrex and "Bitcoin Gold". The only thing the exchange can do in such a case is to delist the altcoin in question.

But in this specific case, i don't see it as a exchange-related problem. Sure, an exchange was used to monetize a 51% attack, but a hardware wallet wouldn't have protected you either.

For example:
  • you were selling irreversible digital goods and accepted "Bitcoin Gold" as a payment method
  • you generated a "Bitcoin Gold" address using your hardware wallet
  • the "bad guy" funded your address
  • You transfered the digital goods without waiting for sufficient confirmations
  • the "bad guy" executed the 51% attack, excluding the tx funding your address and including a tx that spends the unspent output used to fund your address

In this case, you would have been robbed, even when you were using a HW wallet...

It's not smart to use an exchange as a wallet, but in case of a 51% attack, a hardware wallet isn't 100% protection either... The only difference is that an exchange *might* require to few confirmations for a low diff coin, whilst a private person using a hardware wallet can chose the amount of confirmations arbitrarily

butka
Full Member
***
Offline Offline

Activity: 434
Merit: 215


View Profile
October 08, 2018, 11:12:34 AM
 #9

But in this specific case, i don't see it as a exchange-related problem. Sure, an exchange was used to monetize a 51% attack, but a hardware wallet wouldn't have protected you either.

You are right of course. I am mentioning this only because the linked article talks about protocol level security:

Quote
All the crypto exchanges have weaknesses in the architecture because they were never designed in cryptocurrency protocols.
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2053

Use SegWit and enjoy lower fees.


View Profile WWW
October 08, 2018, 02:48:05 PM
Last edit: October 09, 2018, 07:56:48 AM by ETFbitcoin
 #10

Can’t exchanges function like big hardware wallets where he who hasn’t the seeds can’t control the funds?

In theory it's possible by :
1. Generate bunch of hardened child address from xpub/xprv and assign it to each users
2. Process all withdraw manually every few hours / day with extra checking/confirmation as additional security in case there's data manipulation attempt
p.s. exchange who do it might want to generate unsigned transactions automatically automatically

But obviously it's pain in ass and make the exchange non-competitive.

But in this specific case, i don't see it as a exchange-related problem. Sure, an exchange was used to monetize a 51% attack, but a hardware wallet wouldn't have protected you either.

For example:
  • you were selling irreversible digital goods and accepted "Bitcoin Gold" as a payment method
  • you generated a "Bitcoin Gold" address using your hardware wallet
  • the "bad guy" funded your address
  • You transfered the digital goods without waiting for sufficient confirmations
  • the "bad guy" executed the 51% attack, excluding the tx funding your address and including a tx that spends the unspent output used to fund your address

In this case, you would have been robbed, even when you were using a HW wallet...

FYI, Bitcoin Gold also use 10 minutes block interval and previous attack reverse 21 blocks which is far above common minimum required confirmation (which is between 1-6 blocks). In this case, almost all user/services would be affect and the only solutions are another rollback or/and ridiculous minimum confirmation amount.

Don Pedro Dinero
Sr. Member
****
Offline Offline

Activity: 490
Merit: 286



View Profile
October 08, 2018, 03:12:22 PM
 #11

It is a pity that I’m not a merit source (yet?) because I think there are some replies that deserve merits. For those of you who know a lot about the technology my question will look like a simple one, but for me the replies have been very useful and I think this is what a forum should be like: a place where one can learn while others share their knowledge.

And I’ve also learned a bit more about the 51% attack as a bonus.
buwaytress
Legendary
*
Offline Offline

Activity: 1134
Merit: 1019


I bit, therefore I am


View Profile
October 08, 2018, 03:38:54 PM
 #12

Not all hardware wallets are made equal, you only need to look up McAfee's promoted "unhackable" BitFi wallet to see how a kid's already (twice) claimed to have hacked it.

That said, you can't, as others have already pointed out, compare an exchange's use of funds to a single individual. Regardless of the type of wallet (where you still are the sole owner of private keys), proper individual security measures will ensure you're far less vulnerable than exchanges. It's important to note also that in most cases of exchange hacks, social hacking was involved, and generally not caused by the wallet's security itself. Access was compromised, is all. The blockchain cryptography itself is pretty solid.

Exchanges are also a huge target, you can expect plenty of daily malicious attempts. You as an individual may never own enough to warrant the resources required for an attempt.

odolvlobo
Legendary
*
Offline Offline

Activity: 2646
Merit: 1424



View Profile
October 08, 2018, 06:28:31 PM
 #13

I’ve been reading some articles but can’t find a proper explanation. I've got a hardware wallet, and my understanding is that nobody can control my funds unless they manage to get my private keys. But every now and they we see news of another exchange getting hacked.

This article sheds a little bit of light on it, but can someone explain it for dummies, please? Can’t exchanges function like big hardware wallets where he who hasn’t the seeds can’t control the funds?


A server running an exchange is accessible via the internet and has a very big and complex interface with flaws that hackers can exploit in order to gain access to the keys contained within. In contrast, a hardware wallet limits access by connecting to a USB port and has a very simple interface that does not allow internal access.

Buy stuff on Amazon at a discount with bitcoins or convert Amazon points to bitcoins: Purse.io
Join an anti-signature campaign: Click ignore on the members of signature campaigns.
mocacinno
Legendary
*
Offline Offline

Activity: 1736
Merit: 1782


https://unblur.ninja =>lightning network testsite


View Profile WWW
October 09, 2018, 07:05:40 AM
 #14

FYI, Bitcoin Gold also use 10 minutes block interval and previous attack reverse 21 blocks which is far above common minimum required confirmation (which is between 1-6 blocks). In this case, almost all user/services would be affect and the only solutions are another rollback or/and ridiculous minimum confirmation amount are the only solution.

Thanks for the info  Grin
The only remark i have is that bitcoin gold isn't equal to bitcoin. It's not because bitcoin transactions only require 1-6 confirmations to be considered irreversible that this amount is transferable to bitcoin gold just because it's codebase is allmost equal to bitcoin (i know it has a different POW). So, the exchange should have done it's homework and asked for more confirms because of the low difficulty (but it's all hindsight, it's easy to give comments on an event that already happened).

However, 21 blocks re-mined is a huge attack, i don't think i'd ever require 21 confirmations if i was selling something (nor do i think an exchange should require 20+ confirmations with an average time between blocks of ~10 min), so in the case of the bitcoin gold attack, i would have been scammed aswell (even with my hardware wallet).

HeRetiK
Legendary
*
Offline Offline

Activity: 1260
Merit: 1128


the forkings will continue until morale improves


View Profile
October 09, 2018, 02:05:29 PM
 #15

Security aside, never forget that exchanges are also a liability on the organizational level. Even an exchange with ironclad security is -- legally speaking -- easier targetted than a private individual that no one is aware of. As such counterparty risk may play a role regardless of technical expertise.


Not all hardware wallets are made equal, you only need to look up McAfee's promoted "unhackable" BitFi wallet to see how a kid's already (twice) claimed to have hacked it. [...]

To be fair McAfee's wallet seems to be nothing more than a glorified brainwallet anyway, ie. hardware access is likely not even required for hacking such a wallet.

bitmover
Hero Member
*****
Offline Offline

Activity: 630
Merit: 1065



View Profile
October 09, 2018, 02:28:32 PM
 #16

Security aside, never forget that exchanges are also a liability on the organizational level. Even an exchange with ironclad security is -- legally speaking -- easier targetted than a private individual that no one is aware of. As such counterparty risk may play a role regardless of technical expertise.



This is important.
Exchanges may be forced by legal authorities to freeze your funds, or even confiscate them, in specific occasions.

So there are 3 risks associated with funds on exchanges:
- exchange can be hacked
-exchange can steal your money
-legal authorities can freeze or confiscate your funds, like in a bank

Kakmakr
Legendary
*
Offline Offline

Activity: 1806
Merit: 1371

★ ChipMixer | Bitcoin mixing service ★


View Profile
October 10, 2018, 06:20:30 AM
 #17

A common misconception by many people are the fact that exchange hacks are done from external hackers. In my opinion most of the hacks are done by people from the inside. These exchanges will never disclose 100% what the exploit was, because they might want to hide the fact that it was a inside job.

The hack might have come from the outside, but the exploit was done from the inside. Obviously I do not have proof of this, but I have very strong suspicions that most of these things was done from the inside. <Mt. Gox was one of them>  Angry

This is why "hardware" wallets will not solve the problem. <It will also be impractical for millions of users>

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!