BeatCoin – Researchers demonstrate how to steal Cold Wallet Keys from Air-Gapped PCs

Pierluigi Paganini April 24, 2018

Israeli researchers presented their new research named BeatCoin, it is an experiment wherein they demonstrate how to steal private keys for a cryptocurrency wallet installed on cold storage.

How to protect cryptocurrency wallets? Many experts will tell you to store them in air-gapped networks, but let me remind you to check if Ben Gurion experts are far from it.

Yes, I’m not joking, a group of researchers at Israel’s Ben Gurion University lead by

Dr. Mordechai Guri presented their new research named BeatCoin, it is an experiment wherein the experts demonstrate how to steal private keys for a cryptocurrency wallet installed on cold storage, preferably an air-gapped computer or a Raspberry Pi.

The air-gapped (cold) wallets are software wallets that stored on air-gapped PC, thus are more secure compared to hot wallets, which are always online.

For BeatCoin research, the Israeli team developed a malware that was installed on an air-gapped computer that runs a Bitcoin wallet software and then used it to transmit the wallet keys to a nearby device over covert channels.

Past studies conducted by Mordechai Guri and his team demonstrated that it is possible to exfiltrate data from air-gapped networks in various ways, including, soundheatlight, electromagnetic, magnetic, infrared, and ultrasonic waves.

Once obtained the private keys, the attacker has full control over the victim’s cryptocurrency wallet.

“In this paper we show how private keys can be exfiltrated from air-gapped wallets. In the adversarial attack model, the attacker infiltrates the offline wallet, infecting it with malicious code.” reads the research paper.

“The malware can be preinstalled or pushed in during the initial installation of the wallet, or it can infect the system when removable media (e.g., USB flash drive) is inserted into the wallet’s computer in order to sign a transaction.”

For BeatCoin research, the Israeli team developed a malware that was installed on an air-gapped computer that runs a Bitcoin wallet software and then used it to transmit the wallet keys to a nearby device over covert channels.

BeatCoin Cold Wallet

Past studies conducted by Mordechai Guri and his team demonstrated that it is possible to exfiltrate data from air-gapped networks in various ways, including, sound, electromagnetic, heatlight, magnetic, infrared, and ultrasonic waves.

Once in the possession of the private keys, the attacker has full control over the cryptocurrency in the compromised wallet.

The researchers published two videos to demonstrate the attack techniques, the first one shows exfiltration of private keys from an air-gapped computer to a nearby smartphone using ultrasonic waves.

The second video shows the researchers transmitting private keys stored on a Raspberry Pi device to the nearby smartphone using the RadIoT attack (radio signals data exfiltration).

The experts also provided countermeasures to prevent such kind of attack, including the adoption of anti-malware software and intrusion detection and prevention systems.

“However, with the emergence of cryptocurrencies (e.g., bitcoin) and the accompanying need to secure private keys from online threats, it has been suggested that private users manage their cryptocurrency wallets offline in isolated, air-gapped computers” concluded the experts.

“We show that despite the high degree of isolation of cold wallets, motivated attackers can steal the private keys out of the air-gapped wallets. With the private keys in hand, an attacker virtually owns all of the currency in the wallet.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Cold Wallets, BeatCoin)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment