A thought experiment in the safety of hardware wallets

in #crypto8 years ago

While this is (most likely) highly unlikely, it is something that is possible:

Let us pretend one or more persons at a hardware wallet manufacturer wanted to build in a 'get rich quick' plan into their hardware wallets. They embed a small bit of code that transmits the restore words for every address generated when setting them up. While it's unlikely any reputable manufacturer is doing that, it is a very real possibility and they could wait for months or years and then wake up one day and query their database of addresses that is compared to the blockchain on regular intervals to determine balances and search for wallets with large balances with minimal activity and then restore the wallet(s) and empty it/them out into an address, tumble the fuck out of it and walk away quite wealthy.

If they identified a wallet with say 100,000 at current price they could take it all and send it to a wallet, from that wallet send 10,000 worth to random accounts that are NOT in their database gathered from hardware wallets in 250 ETH batches. They take the other 90,000 in 500 ETH batches and send it to 250 wallets.

You then take those 250 wallets and send them 50 ETH from each to 5 new wallets. You now take those 1250 wallets and half them to 2 new wallets. You now take those 2500 wallets and tumble them until you eat up 5 ETH from each wallet.
You now have 2500 wallets with 20 ETH. You then send a random value between 1 and 5 ETH, determined with good entropy, from each wallet to the 2500 more recently active wallets on the blockchain.

You are left with 37,500 ETH that you stole that is about as 'clean' as it is going to get. At 44.03 USD that's 1.65 million dollars that you did nothing but some coding for.

Now you convert it to other cryptos as needed and spend that crypto for physical goods and digital services. You could wash it further by using it on betting sites, investing in dapps, buying cloud mining service and taking a further loss over the length of the contract, buy bullion with it via any number of online silver/gold/platinum dealers, sell some in person to people etc.
THAT is why if I was a whale, I'd keep hardware wallets from multiple manufacturers. A 200,000 ETH theft or even a 500k or 1,000,000 ETH theft from a handful of wallets would likely not gain enough sympathy to get a hard fork to recover the ETH and a rogue employee or manufacturer could almost certainly go undetected if only 1 or a small number of wallets were stolen from. Especially if they were smart with how they used the stolen ETH after washing it as described above. Ideally you'd want to attack 1 wallet, certainly fewer than 10. 1 wallet will leave the person you stole it from wondering what happened, each wallet you add drastically increases the chance of it being linked to the hardware wallet itself being compromised.

Is it a realistic threat? Nah probably not, but it is something to think about. Any wallet that is generated by anything other than a completely offline machine, that never touched a network after generating the wallets, should always be considered to have some risk. Best practices would be to keep your crypto of choice spread out via wallets of various origin. One might generate multiple paper wallets from an offline machine that remains offline and store some on them, store some more on a hardware wallet, store yet more on a mobile or networked wallet. Make sure the developers of any of the networked wallets are reasonably verified as being unrelated to one another and you will considerably reduce your risk.

Yes, such a theft could be tracked with enough motivation and time but simply sacrificing more and more of what you steal drastically increases the 'noise'. If you did in fact steal from someone's cold storage it might go undetected for days or even years before one was to check the balance of that address. The individual doing the theft would have everything lined up and ready, as soon as they transferred from the victim's wallet the funds could start automatically distributing to any number of wallets on any number of machines to begin creating noise. As sacrificial payments begin hitting wallets out of the control of the perpetrator you can bet some folks wouldn't question it and would immediately transfer to another wallet or spend/cash out their apparent gift which would further create noise.

Take a crypto that is moving fast like ETH you are currently seeing 30-50 transactions a minute. If you only have your scripts carrying out 5 transactions a minute you can carry out 7200 transactions a day to start to hide the stolen crypto. If one was willing to sacrifice 50% of what they stole in 2 weeks you could shuffle the 'loot' around 100,000 times including thousands of randomized value transfers to wallets not in your control.

To wrap things up, don't keep all your eggs in one basket. Assume every wallet method carries some risk and use a mix of cold and hot storage solutions to protect your holdings.