CISPA
Browse
cispa_all_2633.pdf (614.66 kB)

Identifying Key Leakage of Bitcoin Users

Download (614.66 kB)
conference contribution
posted on 2023-11-29, 18:08 authored by Michael Brengel, Christian RossowChristian Rossow
We study key leakage in the context of cryptocurrencies. First, we consider the problem of explicit key leakage occurring on open-source intelligence platforms. To do this, we monitor the Pastebin feed from Sep 2017–Mar 2018 to find exposed secret Bitcoin keys, revealing that attackers could have stolen 22.40 BTC worth roughly $178,000 given current exchange rates. Then, we focus on implicit key leakage by exploiting the wrong usage of cryptographic primitives and scan Bitcoin’s blockchain for ECDSA nonce reuse. We systematically outline how an attacker can use duplicate r values to leak nonces and secret keys, which goes beyond the simple case where the same nonce and the same key have been used in conjunction more than once. Our results show that ECDSA nonce reuse has been a recurring problem in the Bitcoin ecosystem and has already been exploited by attackers. In fact, an attacker could have exploited nonce reuse to steal 412.80 BTC worth roughly $3.3 million.

History

Preferred Citation

Michael Brengel and Christian Rossow. Identifying Key Leakage of Bitcoin Users. In: The International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 2018.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

The International Symposium on Research in Attacks, Intrusions and Defenses (RAID)

Legacy Posted Date

2018-07-25

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_2633, title = "Identifying Key Leakage of Bitcoin Users", author = "Brengel, Michael and Rossow, Christian", booktitle="{The International Symposium on Research in Attacks, Intrusions and Defenses (RAID)}", year="2018", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC