Security of Cryptocurrency wallets/mining
Submitted by Ashwath Kumar (@kashk) on Saturday, 16 December 2017
Section: Crisp talk Technical level: Intermediate
Cryptocurrency has become a major investment area for investors given the recent boom in prices of coins like Bitcoin, Ethereum etc. There are a couple of options to store cryptocurrencies like exchange, offline wallet, physical wallet etc.
With the sudden surge of cryptocurrency prices, it is has become a playground for the hackers as well.
a. How I got into cryptocurrency b. My experiences - i. Writing a bot from slack/telegram to purchase a coin ii. Using bots (public & private) to monitor and invest on my behalf iii. Losing money on Pump and Dump iv. Losing money with Nicehash hack
- Background of cryptocurrency
a. Direct purchase b. Wallets c. Mining d. Payments 3.Big news items
a. Mining pool hacks - Nicehash, Noobpool b. Exchange hacks c. ICO scams
- Security aspect of cryptocurrency
a. Individual investing in bitcoin b. Companies accepting bitcoin payments c. Cryptocurrency Exchanges d. Individual involved in cryptocurrency mining
- Best practices for individuals
a. What wallets to use b. What to do before you invest in a coin c. Some steps to validate ICOs d. How to add security on exchanges (2fa, IP whitelisting etc.) e. Touch on personal computer security (VM)
a. Blockchain technology is here to stay b. Cryptocurrency regulation and legality is debatable c. Stay safe while you are operating
Ashwath currently works as an Associate Principal Consultant at Cigital Asia Pvt Ltd. He has previously worked as a Security Engineer at Microsoft Corp. His interests are in Red teaming, Application security, Threat Modeling and Cloud Security. He has presented at Nullcon, C0C0N and has written articles for a Digital Forensics magazine.
Ashwath’s interest in cryptocurrency started in 2009 where he tried to mine bitcoin using his laptop. He accumulated 0.05 btc (~$800) and thought it was a waste of time & deleted the wallet because it was slowing his laptop down. Ashwath has invested small amounts in bitcoin and other cryptocurrencies to understand the working of the whole ecosystem. Ashwath has a mining rig with 6 AMD RX 580 graphics cards. In the process, he has tried multiple mining pools (nanopool, noobpool, dwarfpool, Nicehash etc.). He lost around $100 (0.0067 btc) because of the Nicehash hack on Dec 7 2017. He has worked on the security architecture and has performed a penetration test on a blockchain based product and a couple implementations for companies accepting bitcoin payments.