The security of cryptocurrency wallets has always been a hot topic among investors and traders. Many individuals opt for cold wallets as a safe way to store their private keys offline, away from potential online threats. However, recent research conducted by Dr. Mordechai Guri from Ben-Gurion University of the Negev, Israel, has shed light on potential vulnerabilities in cold wallets.
Dr. Guri demonstrated that cold wallets can be infected with malicious code, allowing attackers to access the wallet’s private keys. This revelation has caused concern among cryptocurrency owners who believed their funds were secure in offline storage. The malware used in the attack, known as bridgeware, can leak private keys through ultrasonic signals in a matter of seconds.
While the concept of air-gapped PCs providing a high level of isolation is still valid, Dr. Guri’s research shows that motivated attackers can find ways to compromise cold wallets. Malware can be introduced through various means, such as preinstallation, during wallet setup, or via removable media. Once the malware is installed, attackers have multiple methods of exfiltrating private keys, including physical, electromagnetic, electric, magnetic, acoustic, optical, and thermal channels.
In a demonstration, Dr. Guri showcased a RadIoT attack where private keys were transmitted from a Raspberry Pi to a smartphone using electromagnetic signals over an air gap. This technique highlights the potential risks associated with offline storage and the need for enhanced security measures.
In a statement to Ars Technica, Dr. Guri emphasized the importance of recognizing the vulnerabilities in cold wallets. He mentioned that airgap attacks, once considered exotic and rare, could become more widespread as attackers develop more sophisticated methods. The security of cold wallets is not foolproof, and it is essential for cryptocurrency owners to stay informed about the latest threats and mitigation strategies.
Overall, Dr. Guri’s research serves as a reminder that no storage method is completely immune to attacks. It is crucial for individuals to stay vigilant and implement robust security measures to protect their cryptocurrency investments.