At the Black Hat Security Conference, researchers detailed potential attack points that could be exploited by attackers to steal cryptocurrencies. Among the examples given were real cases that affected the operation of existing cryptocurrency exchanges.

Jean-Philippe Aumasson, co-founder of Taurus Group and vice president at Kudelski Security, and Omer Shlomovits, co-founder of mobile cryptocurrency wallet company ZenGo, spoke at the Black Hat cybersecurity conference, talking about the main vulnerabilities of cryptocurrency wallets, Wired reports. The speakers compared the attack on a digital wallet with breaking into an old bank vault, which can be opened with six keys that must be turned at the same time. In the case of a cryptocurrency wallet, hackers need to collect several parts of the secret key. Attackers first need to put them all together in order to be able to gain access to the wallet. But unlike physical keys, the cryptographic mechanisms underlying multilateral key management are complex and difficult to implement correctly. Mistakes can be costly.

“These organizations are managing a lot of money, so they have quite high privacy and security requirements,” Aumasson said. “They need a way to split the cryptocurrency private keys into different components, different shares, so no party ever knows the full key and there isn't a single point of failure. But we found some flaws in how these schemes are set up that are not just theoretical. They could really have been carried out by a malicious party.”

According to Aumasson, there are three categories of attacks on cryptocurrency exchange wallets. The first type of attack would require an insider at a crypto exchange or other financial institution using a vulnerability in an open source library created by the crypto exchange. In one revealed vulnerable library, the mechanism for updating or changing keys allowed one of the key holders to initiate an update and then control the process, so that some components of the key actually changed, while others remained unchanged. Although it is impossible to combine pieces of the old and new keys, an attacker can permanently block the exchange access to funds. Researchers discovered such a vulnerability in the library of one crypto exchange, the name of which they refused to disclose. The vulnerability has already been fixed.

The second type of attack focuses on the interaction between the exchange and its customers and exploits another weak point in the key rotation process. If it is an malevolent trading platform, then using this vulnerability, it could gradually obtain the secret keys of its users through several updates. Subsequently, such a fraudulent exchange can initiate transactions to steal cryptocurrency from its clients.

The third type of attack implies that all relying parties receive their parts of the key. As part of this process, each party must generate a pair of random numbers that will be publicly verified and tested for later use in “zero knowledge proofs,” where different key holders confirm they have the correct key information without disclosing the content. This time, the researchers found that the protocol in the open source library developed by Binance did not actually test these random values. As a result, an attacker could send specially designed messages to other holders when generating a key, which would assign these values, allowing the attacker to later obtain all parts of the secret key. This vulnerability was fixed by Binance in March.

The aim of the study by Aumasson and Shlomovits was to draw attention to how easy it is to make a mistake when implementing exchange wallets with multilateral key distribution.