WalletProbe: A Testing Framework for Browser-based Cryptocurrency Wallet Extensions
- URL: http://arxiv.org/abs/2504.11735v1
- Date: Wed, 16 Apr 2025 03:24:30 GMT
- Title: WalletProbe: A Testing Framework for Browser-based Cryptocurrency Wallet Extensions
- Authors: Xiaohui Hu, Ningyu He, Haoyu Wang,
- Abstract summary: WalletProbe is a mutation-based testing framework based on visual-level oracles.<n>We have identified 13 attack vectors that can be abused by attackers to exploit cryptocurrency wallets and exposed 21 concrete attack strategies.
- Score: 8.064056857526813
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Serving as the first touch point for users to the cryptocurrency world, cryptocurrency wallets allow users to manage, receive, and transmit digital assets on blockchain networks and interact with emerging decentralized finance (DeFi) applications. Unfortunately, cryptocurrency wallets have always been the prime targets for attackers, and incidents of wallet breaches have been reported from time to time. Although some recent studies have characterized the vulnerabilities and scams related to wallets, they have generally been characterized in coarse granularity, overlooking potential risks inherent in detailed designs of cryptocurrency wallets, especially from perspectives including user interaction and advanced features. To fill the void, in this paper, we present a fine-grained security analysis on browser-based cryptocurrency wallets. To pinpoint security issues of components in wallets, we design WalletProbe, a mutation-based testing framework based on visual-level oracles. We have identified 13 attack vectors that can be abused by attackers to exploit cryptocurrency wallets and exposed 21 concrete attack strategies. By applying WalletProbe on 39 widely-adopted browser-based wallet extensions, we astonishingly figure out all of them can be abused to steal crypto assets from innocent users. Identified potential attack vectors were reported to wallet developers timely and 26 issues have been patched already. It is, hence, urgent for our community to take action to mitigate threats related to cryptocurrency wallets. We promise to release all code and data to promote the development of the community.
Related papers
- SoK: Security Analysis of Blockchain-based Cryptocurrency [0.92450037800871]
This paper classifies existing cryptocurrency security threats and attacks into five fundamental categories based on the blockchain infrastructure.<n>It analyzes in detail the vulnerability principles exploited by each type of threat and attack.<n>The author summarizes the existing detection and defense solutions and evaluates them.
arXiv Detail & Related papers (2025-03-28T05:21:30Z) - The Latency Price of Threshold Cryptosystem in Blockchains [52.359230560289745]
We study the interplay between threshold cryptography and a class of blockchains that use Byzantine-fault tolerant (BFT) consensus protocols.
Existing approaches for threshold cryptosystems introduce a latency overhead of at least one message delay for running the threshold cryptographic protocol.
We propose a mechanism to eliminate this overhead for blockchain-native threshold cryptosystems with tight thresholds.
arXiv Detail & Related papers (2024-07-16T20:53:04Z) - Not All Prompts Are Secure: A Switchable Backdoor Attack Against Pre-trained Vision Transformers [51.0477382050976]
An extra prompt token, called the switch token in this work, can turn the backdoor mode on, converting a benign model into a backdoored one.
To attack a pre-trained model, our proposed attack, named SWARM, learns a trigger and prompt tokens including a switch token.
Experiments on diverse visual recognition tasks confirm the success of our switchable backdoor attack, achieving 95%+ attack success rate.
arXiv Detail & Related papers (2024-05-17T08:19:48Z) - WALLETRADAR: Towards Automating the Detection of Vulnerabilities in Browser-based Cryptocurrency Wallets [19.265999943788284]
We present a comprehensive security analysis of browser-based wallets in this paper, along with the development of an automated tool designed for this purpose.
We design WALLETRADAR, an automated detection framework that can accurately identify security issues based on static and dynamic analysis.
evaluation of 96 popular browser-based wallets shows WALLETRADAR's effectiveness, by successfully automating the detection process in 90% of these wallets with high precision.
arXiv Detail & Related papers (2024-05-07T14:01:27Z) - VELLET: Verifiable Embedded Wallet for Securing Authenticity and Integrity [0.6144680854063939]
This paper proposes a new protocol to enhance the security of embedded wallets.
Our VELLET protocol introduces a wallet verifier that can match the audit trail of embedded wallets on smart contracts.
arXiv Detail & Related papers (2024-04-05T03:23:19Z) - Interplay between Cryptocurrency Transactions and Online Financial
Forums [41.94295877935867]
This study focuses on the study of the interplay between these cryptocurrency forums and fluctuations in cryptocurrency values.
It shows that the activity of Bitcointalk forum keeps a direct relationship with the trend in the values of BTC.
The experiment highlights that forum data can explain specific events in the financial field.
arXiv Detail & Related papers (2023-11-27T16:25:28Z) - SoK: Design, Vulnerabilities, and Security Measures of Cryptocurrency Wallets [6.074775040047958]
We introduce a multi-dimensional design taxonomy for existing and novel wallets.<n>We identify previously occurring vulnerabilities and discuss the security implications of design decisions.<n>We present a multi-layered attack framework and investigate 84 incidents between 2012 and 2024, accounting for $5.4B.
arXiv Detail & Related papers (2023-07-24T15:13:39Z) - Token Spammers, Rug Pulls, and SniperBots: An Analysis of the Ecosystem of Tokens in Ethereum and in the Binance Smart Chain (BNB) [50.888293380932616]
We study the ecosystem of the tokens and liquidity pools.
We find that about 60% of tokens are active for less than one day.
We estimate that 1-day rug pulls generated $240 million in profits.
arXiv Detail & Related papers (2022-06-16T14:20:19Z) - Quantum-resistance in blockchain networks [46.63333997460008]
This paper describes the work carried out by the Inter-American Development Bank, the IDB Lab, LACChain, Quantum Computing (CQC), and Tecnologico de Monterrey to identify and eliminate quantum threats in blockchain networks.
The advent of quantum computing threatens internet protocols and blockchain networks because they utilize non-quantum resistant cryptographic algorithms.
arXiv Detail & Related papers (2021-06-11T23:39:25Z) - Holistic Privacy and Usability of a Cryptocurrency Wallet [7.6146285961466]
We tested the usability of a ZCash cryptocurrency wallet by having users install and try to both send and receive anonymized ZCash transactions.
We found even a larger amount of difficulty integrating the ZCash wallet into network-level protection like VPNs or Tor, so only a quarter of users could complete a real-world purchase using the wallet.
arXiv Detail & Related papers (2021-05-06T16:33:37Z) - Quantum Multi-Solution Bernoulli Search with Applications to Bitcoin's
Post-Quantum Security [67.06003361150228]
A proof of work (PoW) is an important cryptographic construct enabling a party to convince others that they invested some effort in solving a computational task.
In this work, we examine the hardness of finding such chain of PoWs against quantum strategies.
We prove that the chain of PoWs problem reduces to a problem we call multi-solution Bernoulli search, for which we establish its quantum query complexity.
arXiv Detail & Related papers (2020-12-30T18:03:56Z) - Pump and Dumps in the Bitcoin Era: Real Time Detection of Cryptocurrency Market Manipulations [50.521292491613224]
We perform an in-depth analysis of pump and dump schemes organized by communities over the Internet.
We observe how these communities are organized and how they carry out the fraud.
We introduce an approach to detect the fraud in real time that outperforms the current state of the art.
arXiv Detail & Related papers (2020-05-04T21:36:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.