@inproceedings{dabrowski2021betterkeep,
author = {Dabrowski, Adrian and Pfeffer, Katharina and Reichel, Markus and Mai, Alexandra and Weippl, Edgar R. and Franz, Michael},
title = {Better Keep Cash in Your Boots - Hardware Wallets Are the New Single Point of Failure},
year = {2021},
isbn = {9781450385404},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3464967.3488588},
doi = {10.1145/3464967.3488588},
abstract = {Hardware wallets are currently considered the most secure way to manage cryptocurrency keys and sign transactions. However, previous publications show that such tokens can be replaced or manipulated in a number of hard-to-detect ways pre- or post-delivery to the user and that implemented (remote) attestation and authenticity checks fail their purpose for multiple reasons.We analyzed the architecture of current products by examining their initialization procedure and attestation methods. Unlike previous publications, we found that tightened attestation and communications encryption will not solve the fundamental architectural flaws sustainably. We conclude that the architecture of current-generation cryptocurrency hardware wallets missed the opportunity for a resilient design by copying the PC's wallet architecture and thus merely shifting the single point of trust from the PC to the hardware wallet.We advocate a mutually verified architecture through changes to BIP32/BIP44 wallet architectures to incorporate collaborative signatures and key generation. This way, neither a compromised wallet nor a compromised PC can meaningfully manipulate keys or transactions.},
booktitle = {Proceedings of the 2021 ACM CCS Workshop on Decentralized Finance and Security},
pages = {1–8},
numpages = {8},
keywords = {hardware wallets, cryptocurrencies, decentralized finance, collaborative protocols},
location = {Virtual Event, Republic of Korea},
series = {DeFi '21}
}