Bitcoin hardware wallet vulnerability exposes funds to hackers: study

By Brittany Roston/Jan. 23, 2018 1:51 pm EST

Bitcoin hardware wallets may be vulnerable to malware that enables hackers to steal funds, according to a study published in the journal Information Security. According to the research, which was performed by a team with the University of Edinburgh, hardware wallets may contain weak spots that allow malicious software to intercept communications between the wallet and the computer being used to access it.

Hardware wallets are the preferred choice over software wallets for many cryptocurrency enthusiasts, and for good reason: they offer better security. That security isn't perfect, of course, and research newly published by University of Edinburgh researchers explains how it could be better. The vulnerabilities reside in how the hardware wallets interact with the user's computer.

As part of their research, the computer scientists analyzed the communication system that is used in popular bitcoin hardware wallet devices. The team made their own "simple" malware as part of the research, using it to successfully intercept messages that are sent between the hardware wallet and PC.

This vulnerability leaves users' privacy exposed to hackers, who are also able to get access to the cryptocurrency funds and shuttle them off into a different account. However, this isn't a problem without a solution, and encryption is the key to foiling such malware.

According to the researchers, encrypting certain messages sent between the two devices — computer and hardware wallet — can be incorporated into all popular (and vulnerable) hardware wallets to greatly increase their level of security. In talking about the findings, researcher Dr Andriana Gkaniatsou said:

A wallet should protect not only our money, but also our privacy. It was surprising to discover how easy it is to access a user's funds, even when sophisticated hardware is incorporated. Unfortunately, there is no silver bullet when it comes to protecting financial digital assets – we need to ensure that all components of the system are equally protected and interact in a secure way.