The manufacturer of hardware wallets for bitcoin (BTC), Coinkite, would have hidden a vulnerability to remote attacks in its Coldcard models for three months. This was noticed by developers Hugo Nguyen, from Nunchuk; and “Benma” from the wallet company Shift Crypto (BitBox02).
The programmers alerted Coinkite to the problem on November 7, 2020, but it was not until February 9, 2020. 2021 when the company released a firmware update to version 3.2.2. According to “Benma”, Coinkite accepted the information and agreed to allow both developers to publish an article on the situation in February, something that happened yesterday.
“When registering a multi-signature wallet in a Coldcard, it does not I verified that it really was part of the multi-signature purse. This allowed a malicious wallet on a computer to substitute multi-signature xpubs (extended public key) for xpubs controlled by an attacker ”, highlighted“ Benma ”in the text.
The programmer added that all cryptocurrencies received in that multi-signature wallet could then be transferred to the attacker’s wallet at any time.
A xpub is nothing more than an extended public key, also known as a master public key. This allows users to generate an infinite number of addresses without the need for access to private keys . When it comes to multi-signatures, the xpubs of all participants are required to generate an address.
In If the wallet is used on a compromised computer, the attacker can deliver fake xpubs. If the wallet is multi-signature 2 of 3, then the wallet could provide two xpubs controlled by the attacker, which translates into a potential theft of funds.
There could also be cases of attacks from ransomware in wallets configured with multi-signature N of N (2 of 2, 3 of 3 or 4 of 4, for example). If one of the xpubs is controlled by the attacker and the other by the owner, then the pirate is required to participate to release the bitcoin.
One aspect that “Benma” highlighted is that Coinkite was slow to launch updating it to minimize the risk of attacks. On creating multi-signature wallets, the developer recalled:
When creating a multi-signature wallet, it is crucial that you correctly verify the xpub of each cosigner. Otherwise, you could be exposed to remote theft or ransomware attacks (…) When Coldcard loads a multi-signature description file when configuring the wallet, it is supposed to fully validate the content of the file. The most important thing is that you have to verify that it is part of the multisig, in other words: that you own one of the listed xpubs.
According to the developer, the check was missing from Coldcard up to and including version 3.1.9. The situation allowed the malicious operator to use a compromised computer, or a wallet application, to send xpubs that do not belong to any Coldcard, but are owned by the attacker .
Coinkite Vulnerability Response
In its message yesterday, Conkite said that the update fixes a security problem that would allow an attacker, who has compromised a computer during the configuration process of the multi-signature wallet, to divert funds.
“This problem can only affect users of multi-signature wallets, and would only be a problem for wallets created while they are under the control of the attacker. It does not affect the wallets after their creation ”, indicated the company that stressed that it is not a remote attack as suggested by“ Benma ”.
Coinkite credited the discovery of the flaw to Hugo Nguyen and claimed that the update they released in January solved the problem. However, yesterday was that he strongly requested users to download the new firmware .
Firmware versions for Coldcard wallets
CriptoNoticias reported on January 12 the update of the version 3.2.1 highlighting that the upgrade included more secure multi-signature bitcoin transactions. At that time, it was reported that multi-signature transactions will have a follow-up of derivation routes for each signer individually.
Although the new version brought improvements, it seems that they were not enough since after launching update 3.2.1 on January 8, the company released on January 14 a first version of 3.2.2.
Among the new advances are: improvements in the address explorer with a subaccount display, verification support for multi-signature wallets, and exported addresses are now called addresses.csv and not . txt .
Already in November last year «Benma» had mentioned that bitcoin multi-signature wallets are insecure in practice and it already anticipated some of the situations described above, according to a report released by CriptoNoticias.
It should be mentioned that the option to establish multi-signatures is carried out to increase security in the hardware wallets. That is, users set a configuration so that operations require multiple approvals.