Account Takeover Fraud in the Age of Bitcoin: Hacking the Brain Wallet

Gaining unauthorized access to financial accounts and withdrawing funds is an insidious attack that plays out repeatedly on deposit accounts at financial institutions, but what happens when the account is stored in the account-holder’s brain and the funds on the blockchain? Enter the world of Bitcoin brain wallets. Successful account takeovers are commonly link to social engineering, identity theft, the use of malicious code, and breach of familial trust. However, regardless of the method employed, in each case a digital credential-holding platform is exploited. Bitcoin enables users to create a variety of wallets for storing credentials that secure digital currency in a blockchain. The most secure wallets are not connected to the internet where they are vulnerable to attack. Bitcoin wallets store credentials, not bitcoin, and the host comes in several forms: (1) cloud wallets, (2) mobile wallets, (3) USB cold storage wallets, (4) paper wallets, and (5) brain wallets. All of these wallets use random data to create unique private encryption keys that are required to access funds stored in the blockchain. For example, a private encryption key that is impractical to recreate by brute force attack can easily be generated by applying a strong encryption algorithm to twelve randomly selected dictionary words. Perhaps the least known Bitcoin wallet is the brain wallet. With the brain as its host, the brain wallet enables the Bitcoin user to exercise global mobility without concern of losing their encryption key through the loss, destruction or confiscation of a computing device or a piece of paper. The brain wallet also protects against loss arising from fraud committed by unscrupulous exchange operators who provide wallet custody services on their cloud platforms. At this point, you are likely wondering how brain wallets are created, so we will take a look at this next. Whereas wallet

Continue Reading →