Security Threats from Bitcoin Wallet Smartphone Applications: Vulnerabilities, Attacks, and Countermeasures

Yiwen Hu, Sihan Wang, Guan Hua Tu, Li Xiao, Tian Xie, Xinyu Lei, Chi-Yu Li

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

13 Scopus citations

Abstract

Nowadays, Bitcoin is the most popular cryptocurrency. With the proliferation of smartphones and the high-speed mobile Internet, more and more users have started accessing their Bitcoin wallets on their smartphones. Users can download and install a variety of Bitcoin wallet applications (e.g., Coinbase, Luno, Bitcoin Wallet) on their smartphones and access their Bitcoin wallets anytime and anywhere. However, it is still unknown whether these Bitcoin wallet smartphone applications are secure or if they are new attack surfaces for adversaries to attack these application users. In this work, we explored the insecurity of the 10 most popular Bitcoin wallet smartphone applications and discovered three security vulnerabilities. By exploiting them, adversaries can launch various attacks including Bitcoin deanonymization, reflection and amplification spamming, and wallet fraud attacks. To address the identified security vulnerabilities, we developed a phone-side Bitcoin Security Rectifier to secure Bitcoin wallet smartphone application users. The developed rectifier does not require any modifications to current wallet applications and is compliant with Bitcoin standards.

Original languageEnglish
Title of host publicationCODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages89-100
Number of pages12
ISBN (Electronic)9781450381437
DOIs
StatePublished - 26 Apr 2021
Event11th ACM Conference on Data and Application Security and Privacy, CODASPY 2021 - Virtual, Online, United States
Duration: 26 Apr 202128 Apr 2021

Publication series

NameCODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy

Conference

Conference11th ACM Conference on Data and Application Security and Privacy, CODASPY 2021
Country/TerritoryUnited States
CityVirtual, Online
Period26/04/2128/04/21

Keywords

  • bitcoin wallets
  • blockchain
  • mobile networks
  • security

Fingerprint

Dive into the research topics of 'Security Threats from Bitcoin Wallet Smartphone Applications: Vulnerabilities, Attacks, and Countermeasures'. Together they form a unique fingerprint.

Cite this